You are viewing a previous version of this security bulletin. For the most current version please visit: "Linux Kernel Updates to address SegmentSmack & FragmentSmack".
August 14, 2018 1:15 PM PDT
CVE Identifiers: CVE-2018-5390 (SegmentSmack), CVE-2018-5391 (FragmentSmack)
AWS is aware of two recently-disclosed security issues, commonly referred to as SegmentSmack and FragmentSmack, both of which affect the TCP and IP processing subsystem of several popular operating systems including Linux. With the exception of the AWS services listed below, no customer action is required to address these issues. Customers not using Amazon Linux should contact their operating system vendor for the updates necessary to address these issues.
Amazon Linux & Amazon Linux 2 AMI
An updated kernel for Amazon Linux is available within the Amazon Linux repositories — this update includes fixes for both SegmentSmack and FragmentSmack. Customers with existing Amazon Linux AMI instances should run the following command to ensure they receive the updated package: “sudo yum update kernel”. As is standard for any update of the Linux kernel, after the yum update is complete, a reboot is required for updates to take effect. More information is available at the Amazon Linux Security Center (see: ALAS-2018-1049 and ALAS-2018-1058).
For newly launched instances, we are preparing a new Amazon Linux AMI that will include the updated kernel package. We will update this bulletin once that AMI is available.
AWS Elastic Beanstalk
We are preparing platform updates for AWS Elastic Beanstalk that will include fixes for both SegmentSmack and FragmentSmack. Customers who use Linux-based platforms and have enabled managed platform updates do not need to take action. We will update this bulletin with information for customers who have not enabled managed platform updates when available.