Alerts This Week
Warning Icon 1 537
Alerts This Week
Warning Icon 1 537

Red Hat Enterprise Linux 6.4 RHSA-2018:2791-01 Critical TCP DoS Issue

Calendar Sep 25, 2018 User Avatar LinuxSecurity Advisories
3 - 6 min read
Redhat Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service kernel update Red Hat Enterprise Linux TCP segmentation
An update for kernel is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update
Advisory ID:       RHSA-2018:2791-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:2791
Issue date:        2018-09-25
CVE Names:         CVE-2018-5390 CVE-2018-5391 CVE-2018-10675 
====================================================================
1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 6.4
Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 6.4) - noarch, x86_64
Red Hat Enterprise Linux Server Optional AUS (v. 6.4) - x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* A flaw named SegmentSmack was found in the way the Linux kernel handled
specially crafted TCP packets. A remote attacker could use this flaw to
trigger time and calculation expensive calls to tcp_collapse_ofo_queue()
and tcp_prune_ofo_queue() functions by sending specially modified packets
within ongoing TCP sessions which could lead to a CPU saturation and hence
a denial of service on the system. Maintaining the denial of service
condition requires continuous two-way TCP sessions to a reachable open
port, thus the attacks cannot be performed using spoofed IP addresses.
(CVE-2018-5390)

* A flaw named FragmentSmack was found in the way the Linux kernel handled
reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use
this flaw to trigger time and calculation expensive fragment reassembly
algorithm by sending specially crafted packets which could lead to a CPU
saturation and hence a denial of service on the system. (CVE-2018-5391)

* kernel: mm: use-after-free in do_get_mempolicy function allows local DoS
or other unspecified impact (CVE-2018-10675)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department
of Communications and Networking and Nokia Bell Labs) for reporting
CVE-2018-5390 and CVE-2018-5391.

Bug Fix(es):

* After updating the system to prevent the L1 Terminal Fault (L1TF)
vulnerability, only one thread was detected on systems that offer
processing of two threads on a single processor core. With this update, the
"__max_smt_threads()" function has been fixed. As a result, both threads
are now detected correctly in the described situation. (BZ#1625330)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1575065 - CVE-2018-10675 kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact
1601704 - CVE-2018-5390 kernel: TCP segments with random offsets allow a remote denial of service (SegmentSmack)
1609664 - CVE-2018-5391 kernel: IP fragments with random offsets allow a remote denial of service (FragmentSmack)

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 6.4):

Source:
kernel-2.6.32-358.93.1.el6.src.rpm

noarch:
kernel-doc-2.6.32-358.93.1.el6.noarch.rpm
kernel-firmware-2.6.32-358.93.1.el6.noarch.rpm

x86_64:
kernel-2.6.32-358.93.1.el6.x86_64.rpm
kernel-debug-2.6.32-358.93.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-358.93.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-358.93.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-358.93.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-358.93.1.el6.x86_64.rpm
kernel-devel-2.6.32-358.93.1.el6.x86_64.rpm
kernel-headers-2.6.32-358.93.1.el6.x86_64.rpm
perf-2.6.32-358.93.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-358.93.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-358.93.1.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 6.4):

Source:
kernel-2.6.32-358.93.1.el6.src.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-358.93.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-358.93.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-358.93.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-358.93.1.el6.x86_64.rpm
python-perf-2.6.32-358.93.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-358.93.1.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key

7. References:

https://access.redhat.com/security/cve/CVE-2018-5390
https://access.redhat.com/security/cve/CVE-2018-5391
https://access.redhat.com/security/cve/CVE-2018-10675
https://access.redhat.com/security/updates/classification#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBW6qZaNzjgjWX9erEAQibRhAAi5R09yTV+fksTsSRN9whi9D5E66aqn/b
MqKLbAKwTwPsleIKaUWpq/V3mLMbBeqpIAb67/HLpcG6vDB44AID4Nlr6xTgXFH8
G3LZkofjJuOj8Az4HTZATuogynhL+Wo4ajlqsMFucbfuBDs2wHIyhnpMo5aYiKor
IaI1WFgC13Gj9pAYRasu87q5RLpX/FzC/mZt1C+Qq/PKlRxU3loL+P9y8cfzxmtg
s/56cGpN7J4s12ztvHB7cdgiSWYQj0JrvL2htundCfAWrx1M3zUtyFjVBfakFF5N
L7gv7ms+sTT2hsrFR2Z/2OF1cqhYaqwyc+aMxQT5Tz8JU642kyxhg8L1CMFkUBM0
qP1wF/HnSgwIrzT40grvagg+Ot9Gl4J/IJ/KUmi8ce24u30V/6WuA1FL60yly309
lzPS1vptFFvaKWMOMRWLGsU836wOy6XUIa2dlDMaOnWmgdCxNVhDYdrgkPAbZAJ0
IUFdb8G6d2919vIywpNcZR2N0xuM3mVl3FdsPmu1pt60YadtyGmPyYeyH4LjVul1
K0FpwlyGeFD0ZhR8MNhcWJgnycxrOlkft4X989PrDVEXqDdgOl4lGW9HJVGToLoJ
dS8RWoZpvR+RNP1jhpZLj/kNUZ6qwBlz58LKjVBBdFGaLQrQ+sWHa9dbAF1C3oYj
RzRcAsoet+k=3P7M
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
This email address is being protected from spambots. You need JavaScript enabled to view it.

Red Hat Enterprise Linux 6.4 RHSA-2018:2791-01 Critical TCP DoS Issue

red hat
Calendar Grey September 25, 2018
Dist Redhat Esm H88
The recent security patch for Red Hat Enterprise Linux provides a comprehensive solution for various DoS flaws, enhancing system stability and safety.
An update for kernel is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Summary

The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390)
* A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391)
* kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact (CVE-2018-10675)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5390 and CVE-2018-5391.
Bug Fix(es):
* After updating the system to prevent the L1 Terminal Fault (L1TF) vulnerability, only one thread was detected on systems that offer processing of two threads on a single processor core. With this update, the "__max_smt_threads()" function has been fixed. As a result, both threads are now detected correctly in the described situation. (BZ#1625330)

Topics%20covered

Topics Covered

security advisory denial of service kernel update Red Hat Enterprise Linux TCP segmentation

References

https://access.redhat.com/security/cve/CVE-2018-5390 https://access.redhat.com/security/cve/CVE-2018-5391 https://access.redhat.com/security/cve/CVE-2018-10675 https://access.redhat.com/security/updates/classification#important

Package List

Red Hat Enterprise Linux Server AUS (v. 6.4):
Source: kernel-2.6.32-358.93.1.el6.src.rpm
noarch: kernel-doc-2.6.32-358.93.1.el6.noarch.rpm kernel-firmware-2.6.32-358.93.1.el6.noarch.rpm
x86_64: kernel-2.6.32-358.93.1.el6.x86_64.rpm kernel-debug-2.6.32-358.93.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-358.93.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-358.93.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.93.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.93.1.el6.x86_64.rpm kernel-devel-2.6.32-358.93.1.el6.x86_64.rpm kernel-headers-2.6.32-358.93.1.el6.x86_64.rpm perf-2.6.32-358.93.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.93.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.93.1.el6.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 6.4):
Source: kernel-2.6.32-358.93.1.el6.src.rpm
x86_64: kernel-debug-debuginfo-2.6.32-358.93.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.93.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.93.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.93.1.el6.x86_64.rpm python-perf-2.6.32-358.93.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.93.1.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2018:2791-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2018:2791
Issue date: 2018-09-25

Topic

An update for kernel is now available for Red Hat Enterprise Linux 6.4Advanced Update Support.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory denial of service kernel update Red Hat Enterprise Linux TCP segmentation

Relevant Releases Architectures

Red Hat Enterprise Linux Server AUS (v. 6.4) - noarch, x86_64

Red Hat Enterprise Linux Server Optional AUS (v. 6.4) - x86_64

Bugs Fixed

1575065 - CVE-2018-10675 kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact

1601704 - CVE-2018-5390 kernel: TCP segments with random offsets allow a remote denial of service (SegmentSmack)

1609664 - CVE-2018-5391 kernel: IP fragments with random offsets allow a remote denial of service (FragmentSmack)

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here