---

CentOS 6 and RHEL 6 Get Important Kernel Security Update for FragmentSmack Flaw

The first security flaw addressed in this important kernel update is CVE-2018-5391, a security vulnerability known as FragmentSmack and discovered in the way Linux kernel handled reassembly of fragmented IPv6 and IPv4 packets, which could allow a remote attacker to cause a denial of service on the vulnerable systems by sending specially crafted packets, leading to a CPU saturation. The second security flaw patched by this latest kernel update for CentOS Linux 6 and Red Hat Enterprise Linux 6 operating system series is an integer overflow (CVE-2018-14634) discovered in Linux kernel’s create_elf_tables function. Besides these two vulnerabilities, the new kernel patch also includes numerous bug fixes, including a bug crashing Dell PowerEdge 1950 systems.