Bugzilla – Bug 765488
VUL-1: CVE-2012-2663: iptables: -m tcp --syn behaves unexpectedly
Last modified: 2019-04-11 22:46:21 UTC
(We have splitted this into two dedicated bugs for better tracking purposes)
Initially the issue was reported as being a kernel DoS (bnc#765102) this can
also lead to certain iptables rules getting bypassed.
Detailed explanation available at:
bugbot adjusting priority
the cve is used here... CVE-2012-2663
Reading the thread above, they came to conclusion that it's not worth fixing:
The upstream didn't fix this, nor did Debian or Red Hat.
Debian bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=675445
Do we want the patch from http://www.spinics.net/lists/netfilter-devel/msg21245.html ?
But its already fixed via bnc#765102 ?
Above CVE is mentioned there.
As long as our kernels drop the SYN/FIN packets,
we don't have to care about the iptables part.
You can close the bug.