DSA-4266-1 linux -- linuxID: oval:org.secpod.oval:def:53390 | Date: (C)2019-05-30 (M)2024-05-22 |
Class: PATCH | Family: unix |
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service. CVE-2018-5390 Juha-Matti Tilli discovered that a remote attacker can trigger the worst case code paths for TCP stream reassembly with low rates of specially crafted packets leading to remote denial of service. CVE-2018-13405 Jann Horn discovered that the inode_init_owner function in fs/inode.c in the Linux kernel allows local users to create files with an unintended group ownership allowing attackers to escalate privileges by making a plain file executable and SGID.