[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-4272-1 linux -- linux

ID: oval:org.secpod.oval:def:603487Date: (C)2018-08-16   (M)2024-02-19
Class: PATCHFamily: unix




CVE-2018-5391 Juha-Matti Tilli discovered a flaw in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker can take advantage of this flaw to trigger time and calculation expensive fragment reassembly algorithms by sending specially crafted packets, leading to remote denial of service. This is mitigated by reducing the default limits on memory usage for incomplete fragmented packets. The same mitigation can be achieved without the need to reboot, by setting the sysctls: net.ipv4.ipfrag_high_thresh = 262144 net.ipv6.ip6frag_high_thresh = 262144 net.ipv4.ipfrag_low_thresh = 196608 net.ipv6.ip6frag_low_thresh = 196608 The default values may still be increased by local configuration if necessary.

Platform:
Debian 9.x
Product:
linux-image-4.9
linux-headers-4.9
hyperv-daemons
libcpupower-dev
usbip
libusbip-dev
linux-compiler-gcc-6-x86
linux-cpupower
linux-doc-4.9
linux-kbuild-4.9
linux-libc-dev
linux-manual-4.9
linux-perf-4.9
linux-source-4.9
linux-support-4.9
Reference:
DSA-4272-1
CVE-2018-5391
CVE    1
CVE-2018-5391
CPE    2
cpe:/a:linux:linux_image:4.9
cpe:/o:debian:debian_linux:9.x

© SecPod Technologies