A networking flaw has been discovered in the Linux kernel that could trigger a remote denial-of-service attack.
Versions 4.9 and up are "vulnerable to denial-of-service conditions with low rates of specially crafted packets", according to a US-CERT advisory this week. The bug is being tracked as SegmentSmack (CVE-2018-5390).
SegmentSmack – which sounds a bit like an American wrestler whose speciality is to close bouts just before an ad break – has prompted fixes for a wide variety of networking kit.
The flaw could be worse – there's no remote code execution – but it's an issue because hackers may be able to remotely tie up or crash vulnerable systems provided they are configured with an open port. Firewalls are a sufficient defence here.
Fortunately patches are already available to address the vulnerability from a long list of networking, security, storage and open-source OS vendors.
-- Spectre and Meltdown vulnerabilities
-- Change in MX sources
-- MX Linux on social media: here
-- Mepis support still here
-- MX-17.1 Final release info here
-- antiX-17 release info here
-- Please read this first, and don't forget to add system and hardware information to posts!
-- Here are the Forum Rules
1 post • Page 1 of 1