Details of VAR-201809-1153

ID

VAR-201809-1153

CVE

CVE-2018-5391

TITLE

Linux kernel IP fragment re-assembly vulnerable to denial of service

Trust: 0.8

sources: CERT/CC: VU#641765

DESCRIPTION

The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size. ========================================================================= Ubuntu Security Notice USN-3742-1 August 14, 2018 linux vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS Summary: Several security issues were fixed in the Linux kernel. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker in a guest virtual machine could use this to expose sensitive information (memory from other guests or the host OS). (CVE-2018-3646) It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker could use this to expose sensitive information (memory from the kernel or other processes). (CVE-2018-3620) Andrey Konovalov discovered an out-of-bounds read in the POSIX timers subsystem in the Linux kernel. (CVE-2018-5391) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: linux-image-3.13.0-155-generic 3.13.0-155.205 linux-image-3.13.0-155-generic-lpae 3.13.0-155.205 linux-image-3.13.0-155-lowlatency 3.13.0-155.205 linux-image-3.13.0-155-powerpc-e500 3.13.0-155.205 linux-image-3.13.0-155-powerpc-e500mc 3.13.0-155.205 linux-image-3.13.0-155-powerpc-smp 3.13.0-155.205 linux-image-3.13.0-155-powerpc64-emb 3.13.0-155.205 linux-image-3.13.0-155-powerpc64-smp 3.13.0-155.205 linux-image-generic 3.13.0.155.165 linux-image-generic-lpae 3.13.0.155.165 linux-image-lowlatency 3.13.0.155.165 linux-image-powerpc-e500 3.13.0.155.165 linux-image-powerpc-e500mc 3.13.0.155.165 linux-image-powerpc-smp 3.13.0.155.165 linux-image-powerpc64-emb 3.13.0.155.165 linux-image-powerpc64-smp 3.13.0.155.165 Please note that the recommended mitigation for CVE-2018-3646 involves updating processor microcode in addition to updating the kernel; however, the kernel includes a fallback for processors that have not received microcode updates. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. This is mitigated by reducing the default limits on memory usage for incomplete fragmented packets. The same mitigation can be achieved without the need to reboot, by setting the sysctls: net.ipv4.ipfrag_high_thresh = 262144 net.ipv6.ip6frag_high_thresh = 262144 net.ipv4.ipfrag_low_thresh = 196608 net.ipv6.ip6frag_low_thresh = 196608 The default values may still be increased by local configuration if necessary. For the stable distribution (stretch), this problem has been fixed in version 4.9.110-3+deb9u2. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAltzSylfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RaQQ//ZmbZqbqzS25ZDtEN7fJbInoznmfFiXHYCS9/GNEID3ODvPEn34omQ+Tj HJHroMWFsXROIaViHvJ2mZB3dpgv+ge1huvqXFTh+VrnQxvmdzzNy0UiDUH3B7jU BnbI7IS5x2dBC4cY+5vJ1fn0mWnvh/Bg9D+HEce3mmz9f/bTmXXiwPosyCM0KnzC R8aq73EU61A+IYJd+otICU6jZk+4IdgZRhW6q8F5OgHrnBryr0Xem8hSeL4Nkv3y aLX2Ca20eAgfeGo/SAHmG+FfJLR6dG8frz1k8HsKWNW16O8AC6lDbRC1+teK1e43 6GoIjfU9fBy3Cc35I1JQ85cfzfDLaETQ6IQ23o9SUP6qh8QKtUYDIU2sEDAThmrA IeoJsscGUvRMOx/XzuW8xN6rgbU+uNp8NIYXonZjy+U28dGp11obq3ka02railwj VEhm3YPIddeySofS0tZuBJ1XKL1/a5voLQ9GEBk+wq10DPdfYvSmIXxVR/FOfYy5 mLLTdtHINomfeihEI9AOWqq7w5bVIIidWB2a5FJiBZKWW1OdiNRHlD4hNMCR5xRv vK2PPXYcCxBuO4mdcnYydDcmrDvD22b6AhN1sm8FqUkWSXQbRoHNan95A8KbgZw0 Rk68oRCEFKcScB67ZhK2hUue7hZhkz52MlbS7pJgBPSuKrVsZtw= =WPm5 -----END PGP SIGNATURE----- . 7) - aarch64, noarch, ppc64le 3. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. 6.4) - x86_64 3. (BZ#1625330) 4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2018:2846-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:2846 Issue date: 2018-10-09 CVE Names: CVE-2018-5391 CVE-2018-14634 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. (CVE-2018-5391) * kernel: Integer overflow in Linux's create_elf_tables function (CVE-2018-14634) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5391 and Qualys Research Labs for reporting CVE-2018-14634. Bug Fix(es): These updated kernel packages include also numerous bug fixes. Space precludes documenting all of the bug fixes in this advisory. See the descriptions in the related Knowledge Article: https://access.redhat.com/articles/3635371 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1609664 - CVE-2018-5391 kernel: IP fragments with random offsets allow a remote denial of service (FragmentSmack) 1616397 - kernel-2.6.32-754.3.5.el6.x86_64 crash on Dell Inc. PowerEdge 1950 1624498 - CVE-2018-14634 kernel: Integer overflow in Linux's create_elf_tables function 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: kernel-2.6.32-754.6.3.el6.src.rpm i386: kernel-2.6.32-754.6.3.el6.i686.rpm kernel-debug-2.6.32-754.6.3.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.6.3.el6.i686.rpm kernel-debug-devel-2.6.32-754.6.3.el6.i686.rpm kernel-debuginfo-2.6.32-754.6.3.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.6.3.el6.i686.rpm kernel-devel-2.6.32-754.6.3.el6.i686.rpm kernel-headers-2.6.32-754.6.3.el6.i686.rpm perf-2.6.32-754.6.3.el6.i686.rpm perf-debuginfo-2.6.32-754.6.3.el6.i686.rpm python-perf-debuginfo-2.6.32-754.6.3.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-754.6.3.el6.noarch.rpm kernel-doc-2.6.32-754.6.3.el6.noarch.rpm kernel-firmware-2.6.32-754.6.3.el6.noarch.rpm x86_64: kernel-2.6.32-754.6.3.el6.x86_64.rpm kernel-debug-2.6.32-754.6.3.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.6.3.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.6.3.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.6.3.el6.i686.rpm kernel-debug-devel-2.6.32-754.6.3.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.6.3.el6.i686.rpm kernel-debuginfo-2.6.32-754.6.3.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.6.3.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.6.3.el6.x86_64.rpm kernel-devel-2.6.32-754.6.3.el6.x86_64.rpm kernel-headers-2.6.32-754.6.3.el6.x86_64.rpm perf-2.6.32-754.6.3.el6.x86_64.rpm perf-debuginfo-2.6.32-754.6.3.el6.i686.rpm perf-debuginfo-2.6.32-754.6.3.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.6.3.el6.i686.rpm python-perf-debuginfo-2.6.32-754.6.3.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-754.6.3.el6.i686.rpm kernel-debuginfo-2.6.32-754.6.3.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.6.3.el6.i686.rpm perf-debuginfo-2.6.32-754.6.3.el6.i686.rpm python-perf-2.6.32-754.6.3.el6.i686.rpm python-perf-debuginfo-2.6.32-754.6.3.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-754.6.3.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.6.3.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-754.6.3.el6.x86_64.rpm perf-debuginfo-2.6.32-754.6.3.el6.x86_64.rpm python-perf-2.6.32-754.6.3.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.6.3.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: kernel-2.6.32-754.6.3.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-754.6.3.el6.noarch.rpm kernel-doc-2.6.32-754.6.3.el6.noarch.rpm kernel-firmware-2.6.32-754.6.3.el6.noarch.rpm x86_64: kernel-2.6.32-754.6.3.el6.x86_64.rpm kernel-debug-2.6.32-754.6.3.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.6.3.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.6.3.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.6.3.el6.i686.rpm kernel-debug-devel-2.6.32-754.6.3.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.6.3.el6.i686.rpm kernel-debuginfo-2.6.32-754.6.3.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.6.3.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.6.3.el6.x86_64.rpm kernel-devel-2.6.32-754.6.3.el6.x86_64.rpm kernel-headers-2.6.32-754.6.3.el6.x86_64.rpm perf-2.6.32-754.6.3.el6.x86_64.rpm perf-debuginfo-2.6.32-754.6.3.el6.i686.rpm perf-debuginfo-2.6.32-754.6.3.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.6.3.el6.i686.rpm python-perf-debuginfo-2.6.32-754.6.3.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: kernel-debug-debuginfo-2.6.32-754.6.3.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.6.3.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-754.6.3.el6.x86_64.rpm perf-debuginfo-2.6.32-754.6.3.el6.x86_64.rpm python-perf-2.6.32-754.6.3.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.6.3.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: kernel-2.6.32-754.6.3.el6.src.rpm i386: kernel-2.6.32-754.6.3.el6.i686.rpm kernel-debug-2.6.32-754.6.3.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.6.3.el6.i686.rpm kernel-debug-devel-2.6.32-754.6.3.el6.i686.rpm kernel-debuginfo-2.6.32-754.6.3.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.6.3.el6.i686.rpm kernel-devel-2.6.32-754.6.3.el6.i686.rpm kernel-headers-2.6.32-754.6.3.el6.i686.rpm perf-2.6.32-754.6.3.el6.i686.rpm perf-debuginfo-2.6.32-754.6.3.el6.i686.rpm python-perf-debuginfo-2.6.32-754.6.3.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-754.6.3.el6.noarch.rpm kernel-doc-2.6.32-754.6.3.el6.noarch.rpm kernel-firmware-2.6.32-754.6.3.el6.noarch.rpm ppc64: kernel-2.6.32-754.6.3.el6.ppc64.rpm kernel-bootwrapper-2.6.32-754.6.3.el6.ppc64.rpm kernel-debug-2.6.32-754.6.3.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-754.6.3.el6.ppc64.rpm kernel-debug-devel-2.6.32-754.6.3.el6.ppc64.rpm kernel-debuginfo-2.6.32-754.6.3.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-754.6.3.el6.ppc64.rpm kernel-devel-2.6.32-754.6.3.el6.ppc64.rpm kernel-headers-2.6.32-754.6.3.el6.ppc64.rpm perf-2.6.32-754.6.3.el6.ppc64.rpm perf-debuginfo-2.6.32-754.6.3.el6.ppc64.rpm python-perf-debuginfo-2.6.32-754.6.3.el6.ppc64.rpm s390x: kernel-2.6.32-754.6.3.el6.s390x.rpm kernel-debug-2.6.32-754.6.3.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-754.6.3.el6.s390x.rpm kernel-debug-devel-2.6.32-754.6.3.el6.s390x.rpm kernel-debuginfo-2.6.32-754.6.3.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-754.6.3.el6.s390x.rpm kernel-devel-2.6.32-754.6.3.el6.s390x.rpm kernel-headers-2.6.32-754.6.3.el6.s390x.rpm kernel-kdump-2.6.32-754.6.3.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-754.6.3.el6.s390x.rpm kernel-kdump-devel-2.6.32-754.6.3.el6.s390x.rpm perf-2.6.32-754.6.3.el6.s390x.rpm perf-debuginfo-2.6.32-754.6.3.el6.s390x.rpm python-perf-debuginfo-2.6.32-754.6.3.el6.s390x.rpm x86_64: kernel-2.6.32-754.6.3.el6.x86_64.rpm kernel-debug-2.6.32-754.6.3.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.6.3.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.6.3.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.6.3.el6.i686.rpm kernel-debug-devel-2.6.32-754.6.3.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.6.3.el6.i686.rpm kernel-debuginfo-2.6.32-754.6.3.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.6.3.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.6.3.el6.x86_64.rpm kernel-devel-2.6.32-754.6.3.el6.x86_64.rpm kernel-headers-2.6.32-754.6.3.el6.x86_64.rpm perf-2.6.32-754.6.3.el6.x86_64.rpm perf-debuginfo-2.6.32-754.6.3.el6.i686.rpm perf-debuginfo-2.6.32-754.6.3.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.6.3.el6.i686.rpm python-perf-debuginfo-2.6.32-754.6.3.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-754.6.3.el6.i686.rpm kernel-debuginfo-2.6.32-754.6.3.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.6.3.el6.i686.rpm perf-debuginfo-2.6.32-754.6.3.el6.i686.rpm python-perf-2.6.32-754.6.3.el6.i686.rpm python-perf-debuginfo-2.6.32-754.6.3.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-754.6.3.el6.ppc64.rpm kernel-debuginfo-2.6.32-754.6.3.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-754.6.3.el6.ppc64.rpm perf-debuginfo-2.6.32-754.6.3.el6.ppc64.rpm python-perf-2.6.32-754.6.3.el6.ppc64.rpm python-perf-debuginfo-2.6.32-754.6.3.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-754.6.3.el6.s390x.rpm kernel-debuginfo-2.6.32-754.6.3.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-754.6.3.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-754.6.3.el6.s390x.rpm perf-debuginfo-2.6.32-754.6.3.el6.s390x.rpm python-perf-2.6.32-754.6.3.el6.s390x.rpm python-perf-debuginfo-2.6.32-754.6.3.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-754.6.3.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.6.3.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-754.6.3.el6.x86_64.rpm perf-debuginfo-2.6.32-754.6.3.el6.x86_64.rpm python-perf-2.6.32-754.6.3.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.6.3.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: kernel-2.6.32-754.6.3.el6.src.rpm i386: kernel-2.6.32-754.6.3.el6.i686.rpm kernel-debug-2.6.32-754.6.3.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.6.3.el6.i686.rpm kernel-debug-devel-2.6.32-754.6.3.el6.i686.rpm kernel-debuginfo-2.6.32-754.6.3.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.6.3.el6.i686.rpm kernel-devel-2.6.32-754.6.3.el6.i686.rpm kernel-headers-2.6.32-754.6.3.el6.i686.rpm perf-2.6.32-754.6.3.el6.i686.rpm perf-debuginfo-2.6.32-754.6.3.el6.i686.rpm python-perf-debuginfo-2.6.32-754.6.3.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-754.6.3.el6.noarch.rpm kernel-doc-2.6.32-754.6.3.el6.noarch.rpm kernel-firmware-2.6.32-754.6.3.el6.noarch.rpm x86_64: kernel-2.6.32-754.6.3.el6.x86_64.rpm kernel-debug-2.6.32-754.6.3.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.6.3.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.6.3.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.6.3.el6.i686.rpm kernel-debug-devel-2.6.32-754.6.3.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.6.3.el6.i686.rpm kernel-debuginfo-2.6.32-754.6.3.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.6.3.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.6.3.el6.x86_64.rpm kernel-devel-2.6.32-754.6.3.el6.x86_64.rpm kernel-headers-2.6.32-754.6.3.el6.x86_64.rpm perf-2.6.32-754.6.3.el6.x86_64.rpm perf-debuginfo-2.6.32-754.6.3.el6.i686.rpm perf-debuginfo-2.6.32-754.6.3.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.6.3.el6.i686.rpm python-perf-debuginfo-2.6.32-754.6.3.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-754.6.3.el6.i686.rpm kernel-debuginfo-2.6.32-754.6.3.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.6.3.el6.i686.rpm perf-debuginfo-2.6.32-754.6.3.el6.i686.rpm python-perf-2.6.32-754.6.3.el6.i686.rpm python-perf-debuginfo-2.6.32-754.6.3.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-754.6.3.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.6.3.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-754.6.3.el6.x86_64.rpm perf-debuginfo-2.6.32-754.6.3.el6.x86_64.rpm python-perf-2.6.32-754.6.3.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.6.3.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-5391 https://access.redhat.com/security/cve/CVE-2018-14634 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/3635371 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW7zOftzjgjWX9erEAQiEUQ/7Bf7ZNzQRjVsC0KxJrld/vbiMofOVmmlH MxMQi+jt6lID6OUNFhV/r0393RFmQjiyhz+mfsEPgJqbc3EorYw9IbEc8Wc+RQUt mCs9OJDm+D0lObphSVhjRyzntXQYZMag7/wt34HuaAUPxW9mQhbOIMGxS2UxdbE3 r2I9+2tfY6t5COqrzuWzryq7j/Ib/+pVcICs27IhNepaT4V5nfS8SxYe12ixSXpE l1DEAA7Px+JDs6/kOfQjn9h+LqHSBpvEGOi7YGQave7LgVCcPbdpp8LgGW1QA7ux UqQq5+bKpuAal1Im01GBMKg7KYQiH3TPer/YVsboiUDSTvBQ142zaCxtmBWCVuhM 6pD49EERzN+m8VdnB4+dJiqp5sYyYb3afeCGnPUUaHvva5HKa0ip8fqtCbQ+6OWw 9kLwFNCWB4JmCUKLWCMK77Z0SPwl6CUn5c+xh/RzpADeFKa1xLcY3pHQ5WCckNJ5 +yrbAwgspaHv6IGzlQbceQOT3zj2uO8CeHZLnHdaTJhzbLEKq/ljyhcVJHVcQpXf 6CIEhzlME3SqZtNjvbXe0W3byJWyqG2dLuHp5NivQ2vkXTQfTHIvfFtVZo8ltm9u zHzDesYpxOoQvWE7ZITypbhXK9z2DHuGBUHBRHMVwUekMzHFUqUzjkuTlTJ4kipK n8pOg6WjsAM= =7bHz -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Bug Fix(es): * Previously, the kernel source code lacked support to report the Speculative Store Bypass Disable (SSBD) vulnerability status on IBM Power Systems. As a consequence, the /sys/devices/system/cpu/vulnerabilities/spec_store_bypass file incorrectly reported "Not affected". This fix updates the kernel source code to properly report the SSBD status either as "Vulnerable" or "Mitigation: Kernel entry/exit barrier (TYPE)", where TYPE is one of "eieio", "hwsync", "fallback", or "unknown". (BZ#1629634) 4. 6.6) - noarch, x86_64 3. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. Bug Fix(es): * After updating the system to prevent the L1 Terminal Fault (L1TF) vulnerability, only one thread was detected on systems that offer processing of two threads on a single processor core. With this update, the "__max_smt_threads()" function has been fixed. As a result, both threads are now detected correctly in the described situation. (BZ#1625334) * Previously, a kernel panic occurred when the kernel tried to make an out of bound access to the array that describes the L1 Terminal Fault (L1TF) mitigation state on systems without Extended Page Tables (EPT) support. This update extends the array of mitigation states to cover all the states, which effectively prevents out of bound array access. Also, this update enables rejecting invalid, irrelevant values, that might be erroneously provided by the userspace. As a result, the kernel no longer panics in the described scenario. (BZ#1629633) 4

Trust: 2.88

sources: NVD: CVE-2018-5391 // CERT/CC: VU#641765 // VULHUB: VHN-135422 // VULMON: CVE-2018-5391 // PACKETSTORM: 148915 // PACKETSTORM: 148912 // PACKETSTORM: 148928 // PACKETSTORM: 150070 // PACKETSTORM: 149543 // PACKETSTORM: 149726 // PACKETSTORM: 149832 // PACKETSTORM: 150191 // PACKETSTORM: 150314 // PACKETSTORM: 149826 // PACKETSTORM: 148916 // PACKETSTORM: 148913

AFFECTED PRODUCTS

vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.6
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	14.04	Trust: 1.6
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	12.04	Trust: 1.6
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.04	Trust: 1.6
vendor:	redhat	model:	enterprise linux server eus	scope:	eq	version:	6.7	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	6.6	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	11.5.1	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	7.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	13.1.3	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	11.6.5.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	14.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	12.1.5	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	microsoft	model:	windows server 2016	scope:	eq	version:	-	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	14.1.2.4	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	12.1.5	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lt	version:	11.6.5.1	Trust: 1.0
vendor:	microsoft	model:	windows 10	scope:	eq	version:	1803	Trust: 1.0
vendor:	microsoft	model:	windows 7	scope:	eq	version:	-	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lt	version:	14.0.1.1	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	7.3	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	siemens	model:	simatic rf186ci	scope:	lt	version:	1.3	Trust: 1.0
vendor:	siemens	model:	simatic rf188	scope:	lt	version:	1.3	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	14.1.2.4	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lt	version:	11.6.5.1	Trust: 1.0
vendor:	siemens	model:	simatic net cp 1543-1	scope:	lt	version:	2.2	Trust: 1.0
vendor:	redhat	model:	enterprise linux server eus	scope:	eq	version:	7.4	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	11.6.5.1	Trust: 1.0
vendor:	siemens	model:	simatic net cp 1542sp-1	scope:	lt	version:	2.1	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lt	version:	14.0.1.1	Trust: 1.0
vendor:	redhat	model:	enterprise linux server eus	scope:	eq	version:	7.5	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	6.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	14.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	14.1.2.4	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	14.1.2.4	Trust: 1.0
vendor:	siemens	model:	sinema remote connect server	scope:	gte	version:	1.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	6.4	Trust: 1.0
vendor:	microsoft	model:	windows server 2012	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance m-800	scope:	lt	version:	6.1	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	11.5.1	Trust: 1.0
vendor:	microsoft	model:	windows 10	scope:	eq	version:	1709	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lt	version:	13.1.3	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	7.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	11.6.5.1	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	12.1.5	Trust: 1.0
vendor:	siemens	model:	sinema remote connect server	scope:	lt	version:	2.0.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	14.0.1.1	Trust: 1.0
vendor:	microsoft	model:	windows 8.1	scope:	eq	version:	-	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	11.6.5.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	12.1.5	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	14.0.1.1	Trust: 1.0
vendor:	microsoft	model:	windows server 2016	scope:	eq	version:	1803	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	11.6.5.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	11.6.5.1	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	12.1.5	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	13.1.3	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	microsoft	model:	windows server 2012	scope:	eq	version:	r2	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	14.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.4	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lte	version:	4.18	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	14.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	siemens	model:	simatic net cp 1543sp-1	scope:	lt	version:	2.1	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lt	version:	12.1.5	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	13.1.3	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	11.5.1	Trust: 1.0
vendor:	siemens	model:	simatic rf188ci	scope:	lt	version:	1.3	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	6.5	Trust: 1.0
vendor:	siemens	model:	simatic rf186c	scope:	lt	version:	1.3	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	13.1.3	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	14.1.2.4	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	13.1.3	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lt	version:	12.1.5	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lt	version:	13.1.3	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	13.1.3	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	11.6.5.1	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	3.9	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	12.1.5	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	11.6.5.1	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	14.0.1.1	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.2	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	6.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	14.0.1.1	Trust: 1.0
vendor:	microsoft	model:	windows server 2016	scope:	eq	version:	1709	Trust: 1.0
vendor:	siemens	model:	simatic net cp 1243-7 lte eu	scope:	lt	version:	3.2	Trust: 1.0
vendor:	siemens	model:	scalance s615	scope:	lt	version:	6.1	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	lt	version:	14.1.2.4	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	siemens	model:	scalance w700 ieee 802.11a\/b\/g\/n	scope:	lt	version:	6.4	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	13.1.3	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	microsoft	model:	windows server 2008	scope:	eq	version:	-	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server eus	scope:	eq	version:	7.3	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	7.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom rox ii	scope:	lt	version:	2.13.3	Trust: 1.0
vendor:	siemens	model:	simatic net cp 1242-7	scope:	lt	version:	3.2	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	lt	version:	14.1.2.4	Trust: 1.0
vendor:	microsoft	model:	windows 10	scope:	eq	version:	1607	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	11.6.5.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom rm1224	scope:	lt	version:	6.1	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	6.6	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	14.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	12.1.5	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	12.1.5	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	microsoft	model:	windows server 2008	scope:	eq	version:	r2	Trust: 1.0
vendor:	microsoft	model:	windows rt 8.1	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	scalance sc-600	scope:	lt	version:	2.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	7.4	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	11.6.5.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	11.5.1	Trust: 1.0
vendor:	siemens	model:	simatic net cp 1243-1	scope:	lt	version:	3.2	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	14.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	14.1.2.4	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	11.6.5.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	14.1.2.4	Trust: 1.0
vendor:	siemens	model:	simatic net cp 1243-7 lte us	scope:	lt	version:	3.2	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	12.1.5	Trust: 1.0
vendor:	siemens	model:	simatic net cp 1542sp-1 irc	scope:	lt	version:	2.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	14.0.1.1	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.3	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	microsoft	model:	windows 10	scope:	eq	version:	-	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	14.1.2.4	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	12.1.5	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	14.1.2.4	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	11.5.1	Trust: 1.0
vendor:	microsoft	model:	windows 10	scope:	eq	version:	1703	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	6.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	13.1.3	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	7.2	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	13.1.3	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	gte	version:	11.5.1	Trust: 1.0
vendor:	siemens	model:	simatic net cp 1243-8 irc	scope:	lt	version:	3.2	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	13.1.3	Trust: 1.0
vendor:	siemens	model:	scalance w1700 ieee 802.11ac	scope:	lt	version:	2.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	13.1.3	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	14.1.2.4	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	siemens	model:	simatic rf185c	scope:	lt	version:	1.3	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	14.1.2.4	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	12.1.5	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	arista	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	check point	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	debian gnu linux	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	microsoft	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	red hat	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	suse linux	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	ubuntu	model:	-	scope:	-	version:	-	Trust: 0.8

sources: CERT/CC: VU#641765 // CNNVD: CNNVD-201808-570 // NVD: CVE-2018-5391

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-5391
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-5391
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201808-570
value:	HIGH
Trust: 0.6
VULHUB:	VHN-135422
value:	HIGH
Trust: 0.1
VULMON:	CVE-2018-5391
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-5391
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	CVE-2018-5391
severity:	HIGH
baseScore:	7.8
vectorString:	NONE
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-135422
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-5391
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CERT/CC: VU#641765 // VULHUB: VHN-135422 // VULMON: CVE-2018-5391 // CNNVD: CNNVD-201808-570 // NVD: CVE-2018-5391

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.1
problemtype:	CWE-400	Trust: 1.0

sources: VULHUB: VHN-135422 // NVD: CVE-2018-5391

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 148928 // CNNVD: CNNVD-201808-570

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201808-570

PATCH

title:	Linux kernel Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=84156	Trust: 0.6
title:	Red Hat: Important: kernel security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182846 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: kernel security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20183459 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: kernel security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182785 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: kernel security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182925 - Security Advisory	Trust: 0.1
title:	Debian Security Advisories: DSA-4272-1 linux -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=c4fc75c3940ecd62e6e3d43c90c1ead1	Trust: 0.1
title:	Red Hat: Important: kernel security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182791 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: kernel security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182924 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: kernel security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20183590 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: kernel security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20183540 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: kernel security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182933 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: kernel-rt security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20183586 - Security Advisory	Trust: 0.1
title:	Arch Linux Advisories: [ASA-201903-11] linux-hardened: denial of service	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201903-11	Trust: 0.1
title:	Ubuntu Security Notice: linux-hwe, linux-azure, linux-gcp vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3740-2	Trust: 0.1
title:	IBM: IBM Security Bulletin: Vulnerability in the Linux kernel affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2018-5391)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=0e5803196f7b186e3c0e200d43325ad6	Trust: 0.1
title:	Red Hat: CVE-2018-5391	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2018-5391	Trust: 0.1
title:	Cisco: Linux Kernel IP Fragment Reassembly Denial of Service Vulnerability Affecting Cisco Products: August 2018	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20180824-linux-ip-fragment	Trust: 0.1
title:	Ubuntu Security Notice: linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem, linux-raspi2 vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3740-1	Trust: 0.1
title:	Arch Linux Issues:	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2018-5391	Trust: 0.1
title:	Ubuntu Security Notice: linux regressions	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3741-3	Trust: 0.1
title:	Ubuntu Security Notice: linux-lts-xenial, linux-aws vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3741-2	Trust: 0.1
title:	IBM: IBM Security Bulletin: This Power System update is being released to address CVE-2018-5391	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=c5babfeb02fdf3e145c777d8eb6dfd0f	Trust: 0.1
title:	Ubuntu Security Notice: linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3741-1	Trust: 0.1
title:	IBM: IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability (CVE-2018-5391)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=cb5671de27781f97454cf1b56d2087e0	Trust: 0.1
title:	IBM: IBM Security Bulletin: IBM MQ Appliance is affected by a kernel vulnerability (CVE-2018-5391)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=4b24750b4f4494d02c26c4b32a0e107a	Trust: 0.1
title:	Ubuntu Security Notice: linux-lts-trusty regressions	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3742-3	Trust: 0.1
title:	Ubuntu Security Notice: linux-lts-trusty vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3742-2	Trust: 0.1
title:	Ubuntu Security Notice: linux vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3742-1	Trust: 0.1
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=d3eead9065d15844d9f0f319ebc3ef51	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2018-1058	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2018-1058	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2018-1058	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2018-1058	Trust: 0.1
title:	Palo Alto Networks Security Advisory:	url:	https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory&qid=0944feb15e174ce784cc2c5c40d923ea	Trust: 0.1
title:	Red Hat: Important: kernel-alt security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182948 - Security Advisory	Trust: 0.1
title:	Palo Alto Networks Security Advisory: CVE-2018-5391 Information about FragmentSmack findings	url:	https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory&qid=3c616fb9e55ec6924cfd6ba2622c6c7e	Trust: 0.1
title:	Red Hat: Important: kernel security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20183083 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: kernel-rt security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20183096 - Security Advisory	Trust: 0.1
title:	Symantec Security Advisories: Linux Kernel Aug 2017 - Sep 2018 Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=b3193a96468975c04eb9f136ca9abec4	Trust: 0.1
title:	IBM: IBM Security Bulletin: IBM Security Guardium is affected by Red Hat kernel vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=75b9d198a73a91d81765c8b428423224	Trust: 0.1
title:	Oracle Linux Bulletins: Oracle Linux Bulletin - July 2018	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=204a1aa9ebf7b5f47151e8b011269862	Trust: 0.1
title:	Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2018	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins&qid=05b5bbd6fb289370b459faf1f4e3919d	Trust: 0.1
title:	Oracle Linux Bulletins: Oracle Linux Bulletin - October 2018	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=9cb9a8ed428c6faca615e91d2f1a216d	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple Security Vulnerabilities have been fixed in IBM Security Privileged Identity Manager Appliance.	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=f5bb2b180c7c77e5a02747a1f31830d9	Trust: 0.1
title:	IBM: IBM Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal’s dependencies – Cumulative list from June 28, 2018 to December 13, 2018	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=43da2cd72c1e378d8d94ecec029fcc61	Trust: 0.1
title:	my_ref	url:	https://github.com/chetanshirke/my_ref	Trust: 0.1
title:	-	url:	https://github.com/ozipoetra/natvps-dns	Trust: 0.1
title:	cve_diff_checker	url:	https://github.com/lcatro/cve_diff_checker	Trust: 0.1
title:	SamsungReleaseNotes	url:	https://github.com/samreleasenotes/SamsungReleaseNotes	Trust: 0.1
title:	BleepingComputer	url:	https://www.bleepingcomputer.com/news/security/windows-systems-vulnerable-to-fragmentsmack-90s-like-dos-bug/	Trust: 0.1
title:	BleepingComputer	url:	https://www.bleepingcomputer.com/news/linux/two-ddos-friendly-bugs-fixed-in-linux-kernel/	Trust: 0.1
title:	BleepingComputer	url:	https://www.bleepingcomputer.com/news/security/over-80-cisco-products-affected-by-fragmentsmack-dos-bug/	Trust: 0.1

sources: VULMON: CVE-2018-5391 // CNNVD: CNNVD-201808-570

EXTERNAL IDS

db:	NVD	id:	CVE-2018-5391	Trust: 3.0
db:	CERT/CC	id:	VU#641765	Trust: 2.6
db:	OPENWALL	id:	OSS-SECURITY/2019/06/28/2	Trust: 1.8
db:	OPENWALL	id:	OSS-SECURITY/2019/07/06/4	Trust: 1.8
db:	OPENWALL	id:	OSS-SECURITY/2019/07/06/3	Trust: 1.8
db:	SIEMENS	id:	SSA-377115	Trust: 1.8
db:	SECTRACK	id:	1041476	Trust: 1.8
db:	SECTRACK	id:	1041637	Trust: 1.8
db:	BID	id:	105108	Trust: 1.8
db:	CNNVD	id:	CNNVD-201808-570	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.0545	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.0623	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.0854	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1315	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.0675	Trust: 0.6
db:	ICS CERT	id:	ICSA-20-105-05	Trust: 0.6
db:	PACKETSTORM	id:	148928	Trust: 0.2
db:	VULHUB	id:	VHN-135422	Trust: 0.1
db:	VULMON	id:	CVE-2018-5391	Trust: 0.1
db:	PACKETSTORM	id:	148915	Trust: 0.1
db:	PACKETSTORM	id:	148912	Trust: 0.1
db:	PACKETSTORM	id:	150070	Trust: 0.1
db:	PACKETSTORM	id:	149543	Trust: 0.1
db:	PACKETSTORM	id:	149726	Trust: 0.1
db:	PACKETSTORM	id:	149832	Trust: 0.1
db:	PACKETSTORM	id:	150191	Trust: 0.1
db:	PACKETSTORM	id:	150314	Trust: 0.1
db:	PACKETSTORM	id:	149826	Trust: 0.1
db:	PACKETSTORM	id:	148916	Trust: 0.1
db:	PACKETSTORM	id:	148913	Trust: 0.1

sources: CERT/CC: VU#641765 // VULHUB: VHN-135422 // VULMON: CVE-2018-5391 // PACKETSTORM: 148915 // PACKETSTORM: 148912 // PACKETSTORM: 148928 // PACKETSTORM: 150070 // PACKETSTORM: 149543 // PACKETSTORM: 149726 // PACKETSTORM: 149832 // PACKETSTORM: 150191 // PACKETSTORM: 150314 // PACKETSTORM: 149826 // PACKETSTORM: 148916 // PACKETSTORM: 148913 // CNNVD: CNNVD-201808-570 // NVD: CVE-2018-5391

REFERENCES

url:	http://www.securityfocus.com/bid/105108	Trust: 3.0
url:	https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html	Trust: 2.4
url:	https://www.kb.cert.org/vuls/id/641765	Trust: 1.9
url:	https://access.redhat.com/errata/rhsa-2018:2791	Trust: 1.9
url:	https://access.redhat.com/errata/rhsa-2018:2846	Trust: 1.9
url:	https://access.redhat.com/errata/rhsa-2018:2924	Trust: 1.9
url:	https://access.redhat.com/errata/rhsa-2018:2925	Trust: 1.9
url:	https://access.redhat.com/errata/rhsa-2018:2948	Trust: 1.9
url:	https://access.redhat.com/errata/rhsa-2018:3459	Trust: 1.9
url:	https://access.redhat.com/errata/rhsa-2018:3540	Trust: 1.9
url:	http://www.arubanetworks.com/assets/alert/aruba-psa-2018-004.txt	Trust: 1.8
url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-linux-en	Trust: 1.8
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf	Trust: 1.8
url:	https://security.netapp.com/advisory/ntap-20181003-0002/	Trust: 1.8
url:	https://www.debian.org/security/2018/dsa-4272	Trust: 1.8
url:	https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/commit/?id=c30f1fc041b74ecdb072dd44f858750414b8b19f	Trust: 1.8
url:	https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html	Trust: 1.8
url:	http://www.openwall.com/lists/oss-security/2019/06/28/2	Trust: 1.8
url:	http://www.openwall.com/lists/oss-security/2019/07/06/3	Trust: 1.8
url:	http://www.openwall.com/lists/oss-security/2019/07/06/4	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2018:2785	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2018:2933	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2018:3083	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2018:3096	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2018:3586	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2018:3590	Trust: 1.8
url:	http://www.securitytracker.com/id/1041476	Trust: 1.8
url:	http://www.securitytracker.com/id/1041637	Trust: 1.8
url:	https://usn.ubuntu.com/3740-1/	Trust: 1.8
url:	https://usn.ubuntu.com/3740-2/	Trust: 1.8
url:	https://usn.ubuntu.com/3741-1/	Trust: 1.8
url:	https://usn.ubuntu.com/3741-2/	Trust: 1.8
url:	https://usn.ubuntu.com/3742-1/	Trust: 1.8
url:	https://usn.ubuntu.com/3742-2/	Trust: 1.8
url:	https://support.f5.com/csp/article/k74374841?utm_source=f5support&amp%3butm_medium=rss	Trust: 1.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-5391	Trust: 1.1
url:	about vulnerability notes	Trust: 0.8
url:	contact us about this vulnerability	Trust: 0.8
url:	provide a vendor statement	Trust: 0.8
url:	https://www.arista.com/en/support/advisories-notices/security-advisories/5782-security-advisory-37	Trust: 0.8
url:	https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=&solutionid=sk134253	Trust: 0.8
url:	https://security-tracker.debian.org/tracker/cve-2018-5391	Trust: 0.8
url:	https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv180022	Trust: 0.8
url:	https://access.redhat.com/articles/3553061https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-5391	Trust: 0.8
url:	https://www.suse.com/security/cve/cve-2018-5391	Trust: 0.8
url:	https://people.canonical.com/	Trust: 0.8
url:	https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-690	Trust: 0.8
url:	https://access.redhat.com/articles/11258	Trust: 0.7
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.7
url:	https://bugzilla.redhat.com/):	Trust: 0.7
url:	https://access.redhat.com/security/team/contact/	Trust: 0.7
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.7
url:	https://access.redhat.com/security/cve/cve-2018-5391	Trust: 0.7
url:	https://access.redhat.com/security/team/key/	Trust: 0.7
url:	https://support.f5.com/csp/article/k74374841?utm_source=f5support&utm_medium=rss	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20190541-1.html	Trust: 0.6
url:	https://security.business.xerox.com/wp-content/uploads/2019/11/cert_security_mini_bulletin_xrx19ak_for_altalinkb80xx-c80xx.pdf	Trust: 0.6
url:	http://www.ibm.com/support/docview.wss	Trust: 0.6
url:	http://www.ibm.com/support/docview.wss?uid=ibm10872368	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1315/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/75930	Trust: 0.6
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190123-01-linux-cn	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/76246	Trust: 0.6
url:	http://www.ibm.com/support/docview.wss?uid=ibm10792535	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/76474	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180824-linux-ip-fragment	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-20-105-05	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/77246	Trust: 0.6
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200115-01-linux-cn	Trust: 0.6
url:	https://www.us-cert.gov/ics/advisories/icsa-20-105-05	Trust: 0.6
url:	https://access.redhat.com/articles/3553061	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-3646	Trust: 0.4
url:	https://wiki.ubuntu.com/securityteam/knowledgebase/l1tf	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2017-18344	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-5390	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-3620	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-10675	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2018-10675	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2018-14634	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14634	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2018-5390	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2017-18344	Trust: 0.3
url:	https://access.redhat.com/security/vulnerabilities/mutagen-astronomy	Trust: 0.3
url:	https://usn.ubuntu.com/usn/usn-3740-1	Trust: 0.2
url:	https://support.f5.com/csp/article/k74374841?utm_source=f5support&amp;utm_medium=rss	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://github.com/chetanshirke/my_ref	Trust: 0.1
url:	https://tools.cisco.com/security/center/viewalert.x?alertid=58766	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://usn.ubuntu.com/usn/usn-3742-1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux/3.13.0-155.205	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1019.19	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1021.21	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1019.19	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1017.18	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1015.18	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1020.22	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux/4.15.0-32.35	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/linux	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-7566	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-1120	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-1000200	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2017-16648	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-10880	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-10882	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-10883	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-1065	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-5803	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-10881	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-10322	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-14619	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-10877	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-10878	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-13405	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-10880	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-10882	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-18208	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-12232	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-17805	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-1000026	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-3639	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-1000200	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2017-17805	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-10877	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-10879	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-10883	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-1000204	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-10322	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-16648	Trust: 0.1
url:	https://access.redhat.com/security/vulnerabilities/ssbd	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-10879	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-1092	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-11506	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-5750	Trust: 0.1
url:	https://access.redhat.com/articles/3658021	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-18075	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-10881	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-1095	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13166	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-1118	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2017-17806	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2017-13166	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-1000026	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-8781	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2017-18208	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-9363	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-14641	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-1065	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-1068	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-5344	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-1094	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-10940	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-1068	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-1092	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-1094	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-7757	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-10940	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-5848	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-1118	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-10878	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-1095	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-1000204	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2017-18075	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-17806	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-1120	Trust: 0.1
url:	https://access.redhat.com/articles/3635371	Trust: 0.1
url:	https://access.redhat.com/articles/3674801	Trust: 0.1
url:	https://access.redhat.com/articles/3684891	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1027.30	Trust: 0.1
url:	https://usn.ubuntu.com/usn/usn-3741-1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-lts-xenial/4.4.0-133.159~14.04.1	Trust: 0.1
url:	https://usn.ubuntu.com/usn/usn-3741-2	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1017.18~16.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-32.35~16.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1021.21~16.04.1	Trust: 0.1
url:	https://usn.ubuntu.com/usn/usn-3740-2	Trust: 0.1

CREDITS

Red Hat

Trust: 0.7

sources: PACKETSTORM: 150070 // PACKETSTORM: 149543 // PACKETSTORM: 149726 // PACKETSTORM: 149832 // PACKETSTORM: 150191 // PACKETSTORM: 150314 // PACKETSTORM: 149826

SOURCES

db:	CERT/CC	id:	VU#641765
db:	VULHUB	id:	VHN-135422
db:	VULMON	id:	CVE-2018-5391
db:	PACKETSTORM	id:	148915
db:	PACKETSTORM	id:	148912
db:	PACKETSTORM	id:	148928
db:	PACKETSTORM	id:	150070
db:	PACKETSTORM	id:	149543
db:	PACKETSTORM	id:	149726
db:	PACKETSTORM	id:	149832
db:	PACKETSTORM	id:	150191
db:	PACKETSTORM	id:	150314
db:	PACKETSTORM	id:	149826
db:	PACKETSTORM	id:	148916
db:	PACKETSTORM	id:	148913
db:	CNNVD	id:	CNNVD-201808-570
db:	NVD	id:	CVE-2018-5391

LAST UPDATE DATE

2025-03-31T14:31:10.291000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#641765	date:	2018-10-12T00:00:00
db:	VULHUB	id:	VHN-135422	date:	2022-12-28T00:00:00
db:	VULMON	id:	CVE-2018-5391	date:	2023-11-07T00:00:00
db:	CNNVD	id:	CNNVD-201808-570	date:	2022-12-29T00:00:00
db:	NVD	id:	CVE-2018-5391	date:	2024-11-21T04:08:43.897

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#641765	date:	2018-08-14T00:00:00
db:	VULHUB	id:	VHN-135422	date:	2018-09-06T00:00:00
db:	VULMON	id:	CVE-2018-5391	date:	2018-09-06T00:00:00
db:	PACKETSTORM	id:	148915	date:	2018-08-15T04:42:52
db:	PACKETSTORM	id:	148912	date:	2018-08-15T04:42:35
db:	PACKETSTORM	id:	148928	date:	2018-08-14T22:22:00
db:	PACKETSTORM	id:	150070	date:	2018-10-31T01:11:59
db:	PACKETSTORM	id:	149543	date:	2018-09-25T23:02:25
db:	PACKETSTORM	id:	149726	date:	2018-10-09T17:02:09
db:	PACKETSTORM	id:	149832	date:	2018-10-17T15:42:22
db:	PACKETSTORM	id:	150191	date:	2018-11-06T21:04:13
db:	PACKETSTORM	id:	150314	date:	2018-11-14T01:33:01
db:	PACKETSTORM	id:	149826	date:	2018-10-17T15:40:19
db:	PACKETSTORM	id:	148916	date:	2018-08-15T04:42:57
db:	PACKETSTORM	id:	148913	date:	2018-08-15T04:42:40
db:	CNNVD	id:	CNNVD-201808-570	date:	2018-08-20T00:00:00
db:	NVD	id:	CVE-2018-5391	date:	2018-09-06T21:29:00.363