Ubuntu and Debian Stretch Receive Linux Kernel Security Update to Fix TCP Flaw

In Summary :

Canonical and Debian Project released new Linux kernel security updates for their supported operating systems to address a critical vulnerability affecting the TCP implementation.

Discovered and reported by security researcher Juha-Matti Tilli, the security flaw (CVE-2018-5390) could allow a remote attacker to cause a denial of service on affected machines by triggering worst-case code paths in Transmission Control Protocol (TCP) stream reassembly that has low rates using malicious packets.

"Juha-Matti Tilli discovered that the TCP implementation in the Linux kernel performed algorithmically expensive operations in some situations when handling incoming packets. A remote attacker could use this to cause a denial of service," reads Canonical's latest security advisory for Linux kernel.

Additionally, the kernel security update released by the Debian Project also patches a security vulnerability (CVE-2018-13405) discovered by Jann Horn in Linux kernel's inode_init_owner function in fs/inode.c, which could allow local attackers to escalate their privileges by crafting files with unintended group ownership. [...]

kindly refer the following link as follow up :
https://news.softpedia.com/news/ubuntu-and-debian-stretch-receive-linux-kernel-security-update-to-fix-tcp-flaw-522273.shtml