You can find information about which packages(variants)a CVE affected and if(plus when)a package was fixed on our security tracker: https://security.archlinux.org/CVE-2019-11477 https://security.archlinux.org/CVE-2019-11478 https://security.archlinux.org/CVE-2019-11479 We have also published advisories to our distro specific mailinglists and on the security tracker which you will find below. The advisories contain workarounds that we recommended.
Check Point is vulnerable to CVE-2019-11478 and in some releases also to CVE-2019-11477. Check Point software is not vulnerable to CVE-2019-11479 or the FreeBSD CVEs.
The vulnerability to the 2 CVEs is only relevant to traffic directed to or from the gateway or management machines. Traffic going through the gateway for inspection is not affected by the vulnerabilities and won't be affected by disabling SACK. There is a mitigation to the 2 relevant CVEs which is to disable SACK. All relevant information on vulnerable products,mitigations,and fixes to the issues can be found at: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGov iewsolutiondetails=&solutionid=sk156192
We have a KnowledgeBase page here: https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic We released updates for CVE-2019-11477 and CVE-2019-11478. The corresponding Ubuntu Security Notices can be found here: https://usn.ubuntu.com/4017-1/https://usn.ubuntu.com/4017-2/
A set of future Ubuntu kernel updates will address the sysctl-based mitigation for CVE-2019-11479..