RHEL 6 : kernel (RHSA-2018:2645)
High Nessus Plugin ID 112284
SynopsisThe remote Red Hat host is missing one or more security updates.
DescriptionAn update for kernel is now available for Red Hat Enterprise Linux 6.7
Extended Update Support.
Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
The kernel packages contain the Linux kernel, the core of any Linux
Security Fix(es) :
* A flaw named SegmentSmack was found in the way the Linux kernel
handled specially crafted TCP packets. A remote attacker could use
this flaw to trigger time and calculation expensive calls to
tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by
sending specially modified packets within ongoing TCP sessions which
could lead to a CPU saturation and hence a denial of service on the
system. Maintaining the denial of service condition requires
continuous two-way TCP sessions to a reachable open port, thus the
attacks cannot be performed using spoofed IP addresses.
Red Hat would like to thank Juha-Matti Tilli (Aalto University,
Department of Communications and Networking and Nokia Bell Labs) for
reporting this issue.
SolutionUpdate the affected packages.