Oval Definition:oval:com.ubuntu.artful:def:20175120000
Revision Date:2017-10-27Version:1
Title:CVE-2017-5120 on Ubuntu 17.10 (artful) - medium.
Description:Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially downgrade HTTPS requests to HTTP via a crafted HTML page. In other words, Chrome could transmit cleartext even though the user had entered an https URL, because of a misdesigned workaround for cases where the domain name in a URL almost matches the domain name in an X.509 server certificate (but differs in the initial "www." substring).
Family:unixClass:vulnerability
Status:Reference(s):CVE-2017-5120
Platform(s):Ubuntu 17.10
Product(s):
Definition Synopsis
  • Ubuntu 17.10 (artful) is installed.
  • AND Package Information
  • The 'chromium-browser' package in artful was vulnerable but has been fixed (note: '61.0.3163.100-0ubuntu1.1378').
  • OR The vulnerability of the 'oxide-qt' package in artful is not known (status: 'needs-triage'). It is pending evaluation.
  • BACK