14 DAY TRIAL // CentOS maintainer Johnny Hughes and Red Hat announced the availability of an important Linux kernel security update for the CentOS Linux 6 and Red Hat Enterprise Linux 6 operating system series that addresses two vulnerabilities.
According to the RHSA-2018:2846 and CESA-2018:2846 security advisories, the new kernel security update is marked as "Important" by Red Hat's security team as it patches two security vulnerabilities (CVE-2018-5391 and CVE-2018-14634) discovered in the Linux kernel packages for the Red Hat Enterprise Linux 6 and CentOS Linux 6 operating system series.
The first security flaw addressed in this important kernel update is CVE-2018-5391, a security vulnerability known as FragmentSmack and discovered in the way Linux kernel handled reassembly of fragmented IPv6 and IPv4 packets, which could allow a remote attacker to cause a denial of service on the vulnerable systems by sending specially crafted packets, leading to a CPU saturation.
The second security flaw patched by this latest kernel update for CentOS Linux 6 and Red Hat Enterprise Linux 6 operating system series is an integer overflow (CVE-2018-14634) discovered in Linux kernel's create_elf_tables function. Besides these two vulnerabilities, the new kernel patch also includes numerous bug fixes, including a bug crashing Dell PowerEdge 1950 systems.
"Red Hat Product Security has rated this update as having a security impact of Important," reads the security advisory published by Red Hat's security team. "Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5391 and Qualys Research Labs for reporting CVE-2018-14634."
Users are urged to update their installations immediately
Affected systems include Red Hat Enterprise Linux Server 6 (x86_64 and i386), Red Hat Enterprise Linux Workstation 6 (x86_64 and i386), Red Hat Enterprise Linux Desktop 6 (x86_64 and i386), Red Hat Enterprise Linux for IBM z Systems 6 (s390x), Red Hat Enterprise Linux for Power, big endian 6 (ppc64), Red Hat Enterprise Linux for Scientific Computing 6 (x86_64), and CentOS Linux 6 (x86_64 and i386).
All users of these operating systems are urged to update their kernel packages to kernel-2.6.32-754.6.3.el6.x86_64.rpm or kernel-2.6.32-754.6.3.el6.i686.rpm on 64-bit or 32-bit CentOS Linux 6 and Red Hat Enterprise Linux 6 installations, as well as to kernel-2.6.32-754.6.3.el6.s390x.rpm on IBM z Systems Red Hat Enterprise Linux 6 systems, and kernel-2.6.32-754.6.3.el6.ppc64.rpm on Red Hat Enterprise Linux for Power systems.