OVAL Reference oval:com.ubuntu.bionic:def:20158952000

Oval Definition:

oval:com.ubuntu.bionic:def:20158952000

Revision Date:	2016-10-16	Version:	1
Title:	CVE-2015-8952 on Ubuntu 18.04 LTS (bionic) - medium.
Description:	The mbcache feature in the ext2 and ext4 filesystem implementations in the Linux kernel before 4.6 mishandles xattr block caching, which allows local users to cause a denial of service (soft lockup) via filesystem operations in environments that use many attributes, as demonstrated by Ceph and Samba. Laurent Guerby discovered that the mbcache feature in the ext2 and ext4 filesystems in the Linux kernel improperly handled xattr block caching. A local attacker could use this to cause a denial of service.
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2015-8952
Platform(s):	Ubuntu 18.04 LTS	Product(s):
Definition Synopsis
Ubuntu 18.04 LTS (bionic) is installed. AND Package Information NOT While related to the CVE in some way, the 'linux' package in bionic is not affected (note: '4.13.0-16.19'). OR NOT While related to the CVE in some way, the 'linux-aws' package in bionic is not affected (note: '4.15.0-1001.1'). OR NOT While related to the CVE in some way, the 'linux-azure' package in bionic is not affected (note: '4.15.0-1002.2'). OR NOT While related to the CVE in some way, the 'linux-azure-edge' package in bionic is not affected (note: '4.15.0-1002.2'). OR NOT While related to the CVE in some way, the 'linux-gcp' package in bionic is not affected (note: '4.15.0-1001.1'). OR NOT While related to the CVE in some way, the 'linux-gcp-edge' package in bionic is not affected (note: '4.18.0-1004.5~18.04.1'). OR NOT While related to the CVE in some way, the 'linux-gke' package in bionic is not affected. OR NOT While related to the CVE in some way, the 'linux-hwe' package in bionic is not affected (note: '4.18.0-13.14~18.04.1'). OR NOT While related to the CVE in some way, the 'linux-hwe-edge' package in bionic is not affected (note: '5.0.0-14.15~18.04.1'). OR NOT While related to the CVE in some way, the 'linux-kvm' package in bionic is not affected (note: '4.15.0-1002.2'). OR NOT While related to the CVE in some way, the 'linux-oem' package in bionic is not affected (note: '4.15.0-1002.3'). OR NOT While related to the CVE in some way, the 'linux-oracle' package in bionic is not affected (note: '4.15.0-1007.9'). OR NOT While related to the CVE in some way, the 'linux-raspi2' package in bionic is not affected (note: '4.13.0-1005.5'). OR The 'linux-snapdragon' package in bionic is affected. An update containing the fix has been completed and is pending publication (note: '4.15.0-1052.56').

BACK