| Description: | Summary:
Check the version of kernel
Vulnerability Insight:
The kernel packages contain the Linux kernel,
the core of any Linux operating system.
Security Fix(es):
* A flaw named FragmentSmack was found in the way the Linux kernel handled
reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use
this flaw to trigger time and calculation expensive fragment reassembly
algorithm by sending specially crafted packets which could lead to a CPU
saturation and hence a denial of service on the system. (CVE-2018-5391)
* kernel: Integer overflow in Linux's create_elf_tables function
(CVE-2018-14634)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.
Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department
of Communications and Networking and Nokia Bell Labs) for reporting
CVE-2018-5391 and Qualys Research Labs for reporting CVE-2018-14634.
Bug Fix(es):
These updated kernel packages include also numerous bug fixes. Space
precludes documenting all of the bug fixes in this advisory.
Affected Software/OS:
kernel on CentOS 6
Solution:
Please install the updated packages.
CVSS Score:
7.8
CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
|
