Lock Code Circular11

How embarrassing! It turns out there was a security hole lurking in Linux's netfilter firewall program.

Behind almost all Linux firewalls tools such as iptables; its newer version, nftablesfirewalld; and ufw, is netfilter, which controls access to and from Linux's network stack. It's an essential Linux security program, so when a security hole is found in it, it's a big deal. 

Nick Gregory, a Sophos threat researcher, found this hole recently while checking netfilter for possible security problems. Gregory explains in great detail his bug hunt, and I recommend it for those who want insight into finding C errors. But, for those of you who just want to cut to the chase, here's the story.