I googled “what are rh0 headers” and read about how malicious actors would abuse optional RH0 IP protocol headers to bypass host based access controls and break into Internet attached servers. Live and learn. Yet another case of the software engineers failing to worry enough about “What if”.
What can I say, leave a gaping wide hole, you gotta expect bad press, eventually. Today’s security researches occationally discover holes that are up to 20 years old, which makes me shake my head at 19 years of failed vulnerability testers. Of course there is no proof anyone ever discovered it, and have suffered hacks.
Color me paranoid, but there is also no proof that at least one hacker team from any country in the world are just better at technical details and exploiting holes than you understand right now. I know the Internet runs on Linux, and Linux has bugs getting patched every few days.