Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2018:2791 - Security Advisory
Issued:
2018-09-25
Updated:
2018-09-25

RHSA-2018:2791 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: kernel security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390)
  • A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391)
  • kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact (CVE-2018-10675)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5390 and CVE-2018-5391.

Bug Fix(es):

  • After updating the system to prevent the L1 Terminal Fault (L1TF) vulnerability, only one thread was detected on systems that offer processing of two threads on a single processor core. With this update, the "__max_smt_threads()" function has been fixed. As a result, both threads are now detected correctly in the described situation. (BZ#1625330)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux Server - AUS 6.4 x86_64

Fixes

  • BZ - 1575065 - CVE-2018-10675 kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact
  • BZ - 1601704 - CVE-2018-5390 kernel: TCP segments with random offsets allow a remote denial of service (SegmentSmack)
  • BZ - 1609664 - CVE-2018-5391 kernel: IP fragments with random offsets allow a remote denial of service (FragmentSmack)

CVEs

  • CVE-2018-5390
  • CVE-2018-5391
  • CVE-2018-10675

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 6.4

SRPM
kernel-2.6.32-358.93.1.el6.src.rpm SHA-256: cc7128dc73a7f7a9a38e0945751aeef503b2fb91a08b090d2fd47d38d15c5459
x86_64
kernel-2.6.32-358.93.1.el6.x86_64.rpm SHA-256: fcb5caebc5b4df4d0b5df8b7bda56cf15f25c32c585218438732359083d358a7
kernel-debug-2.6.32-358.93.1.el6.x86_64.rpm SHA-256: 2797cef72605854ea141a7814b49b15cb2b4466320fd3daf607ffe9f4423f748
kernel-debug-debuginfo-2.6.32-358.93.1.el6.x86_64.rpm SHA-256: 4080724446c2ef3e061c0bc4d9db17778bece3622d19d423ea5eb232c363a0cc
kernel-debug-debuginfo-2.6.32-358.93.1.el6.x86_64.rpm SHA-256: 4080724446c2ef3e061c0bc4d9db17778bece3622d19d423ea5eb232c363a0cc
kernel-debug-devel-2.6.32-358.93.1.el6.x86_64.rpm SHA-256: 53219ceb981a2bb75e97ee5eba88921403fcc6e72c05e38b77f05253b204dbd8
kernel-debuginfo-2.6.32-358.93.1.el6.x86_64.rpm SHA-256: 82c96c794c2c65b78202d9a0c2b052cb4b78890a7918e1af998a8d49b448d723
kernel-debuginfo-2.6.32-358.93.1.el6.x86_64.rpm SHA-256: 82c96c794c2c65b78202d9a0c2b052cb4b78890a7918e1af998a8d49b448d723
kernel-debuginfo-common-x86_64-2.6.32-358.93.1.el6.x86_64.rpm SHA-256: ee6b697b4d3b0a3eaea235b160afde27885ce3e967abeef78538adaee5d4a33e
kernel-debuginfo-common-x86_64-2.6.32-358.93.1.el6.x86_64.rpm SHA-256: ee6b697b4d3b0a3eaea235b160afde27885ce3e967abeef78538adaee5d4a33e
kernel-devel-2.6.32-358.93.1.el6.x86_64.rpm SHA-256: 2f69304d9bfef342bfb8e532ef0700ddecf3a6367007e2894f116c6db536ee7d
kernel-doc-2.6.32-358.93.1.el6.noarch.rpm SHA-256: 63bbdf43c56e386e5991275892450ba3787dc1a5a67e48218ec4f2be6eb64b5c
kernel-firmware-2.6.32-358.93.1.el6.noarch.rpm SHA-256: c4615dcfa345da1b4f4d6e3b1a151aa3360292a7a0feaa22aee9a0a5bb86cbcb
kernel-headers-2.6.32-358.93.1.el6.x86_64.rpm SHA-256: ddb90e8f1accfa519ec449ef1a09939a16c6e21c636b1c62cf84b9cd842b2728
perf-2.6.32-358.93.1.el6.x86_64.rpm SHA-256: 419c1dea9bed39bfa9a56a5371775e6f44cd3f798010e1c59bba3112ee29af43
perf-debuginfo-2.6.32-358.93.1.el6.x86_64.rpm SHA-256: 830a18d8d7a0d92db69e39d7d6e992aa2d2d603ded05ccc429456a8782bea243
perf-debuginfo-2.6.32-358.93.1.el6.x86_64.rpm SHA-256: 830a18d8d7a0d92db69e39d7d6e992aa2d2d603ded05ccc429456a8782bea243
python-perf-2.6.32-358.93.1.el6.x86_64.rpm SHA-256: 8851ecf2d7ffa54910fc46e33f83eba9d9e2fe9f06d91cab85df5e38c6a0c96d
python-perf-debuginfo-2.6.32-358.93.1.el6.x86_64.rpm SHA-256: c1007cdc9983bccb82a95e13d09e67d690c6b9f8105353ee7fd0afb8c845900f
python-perf-debuginfo-2.6.32-358.93.1.el6.x86_64.rpm SHA-256: c1007cdc9983bccb82a95e13d09e67d690c6b9f8105353ee7fd0afb8c845900f

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility