Quote:
Originally Posted by beiroot
What do you think of this bug?
|
It seems serious enough.
Quote:
Originally Posted by beiroot
I read a puzzling comment on one of the sec forums saying something like "it's not a bug, it's an NSA backdoor. A good programmer would never write a code in such a stupid manner. I really wonder why Linus would let such bug through."
|
Sounds like "buffoonery". Forums and social network sites are usually low on fact and high on FUD.
If it were an "NSA backdoor", it would have been noticed.
RHEL's kernel wasn't affected because apparently that code wasn't implemented:
https://bugzilla.redhat.com/show_bug.cgi?id=1439740
It shouldn't affect any OS which doesn't use the Linux kernel's ipv4 stack.
It's patched upstream of course, but all of the phones, smart devices and domestic home networking hardware and miscellaneous embedded stuff will probably still go unpatched by the vendor/user.
This one is another example of where the old "given enough eyeballs, all bugs are shallow" falls down (Heartbleed and ShellShock being more notable ones).