AWS-2018-018
August 21, 2018 4:00 AM PDT CVE Identifiers: CVE-2018-5390 (SegmentSmack), CVE-2018-5391 (FragmentSmack) AWS is aware of two recently-disclosed security issues, commonly referred to as SegmentSmack and FragmentSmack, both of which affect the TCP and IP processing subsystem of several popular operating systems including Linux. With the exception of the AWS services listed below, no customer action is required to address these issues. Customers not using Amazon Linux should contact their operating system vendor for the updates necessary to address these issues. Amazon Linux & Amazon Linux 2 AMI An updated kernel for Amazon Linux is available within the Amazon Linux repositories — this update includes fixes for both SegmentSmack and FragmentSmack. Customers with existing Amazon Linux AMI instances should run the following command to ensure they receive the updated package: “sudo yum update kernel”. As is standard for any update of the Linux kernel, after the yum update is complete, a reboot is required for updates to take effect. More information is available at the Amazon Linux Security Center (see: ALAS-2018-1049 and ALAS-2018-1058 ). We have released new versions of the Amazo…
Timeline
- Aug 21, 2018 CVE Published
References
- Linux Kernel Updates to address SegmentSmack & FragmentSmack advisory
- https://alas.aws.amazon.com/ALAS-2018-1049.html web
- https://alas.aws.amazon.com/ALAS-2018-1058.html web
- http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/environment-platform-update-managed.html web
- http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.platform.upgrade.html web