August 21, 2018 4:00 AM PDT
CVE Identifiers: CVE-2018-5390 (SegmentSmack), CVE-2018-5391 (FragmentSmack)
AWS is aware of two recently-disclosed security issues, commonly referred to as SegmentSmack and FragmentSmack, both of which affect the TCP and IP processing subsystem of several popular operating systems including Linux. With the exception of the AWS services listed below, no customer action is required to address these issues. Customers not using Amazon Linux should contact their operating system vendor for the updates necessary to address these issues.
Amazon Linux & Amazon Linux 2 AMI
An updated kernel for Amazon Linux is available within the Amazon Linux repositories — this update includes fixes for both SegmentSmack and FragmentSmack. Customers with existing Amazon Linux AMI instances should run the following command to ensure they receive the updated package: “sudo yum update kernel”. As is standard for any update of the Linux kernel, after the yum update is complete, a reboot is required for updates to take effect. More information is available at the Amazon Linux Security Center (see: ALAS-2018-1049 and ALAS-2018-1058).
We have released new versions of the Amazon Linux and Amazon Linux 2 AMIs that automatically include the updated kernel. AMI IDs for images with the updated kernels can be found at Amazon Linux 2018.03 AMI IDs, Amazon Linux 2 AMI IDs, and in the AWS Systems Manager Parameter Store.
AWS Elastic Beanstalk
We have released updates for Linux-based Elastic Beanstalk platforms that includes fixes for both SegmentSmack and FragmentSmack. If you have Managed Platform Updates enabled for your environment, it will be automatically updated to the latest platform version in your selected maintenance window and no customer action is required. You can also update immediately by going to the Managed Updates configuration page and clicking on the "Apply Now" button. Customers who have not enabled Managed Platform Updates can update their environment's platform by following instructions here.