Oval Definition:	oval:com.ubuntu.cosmic:def:20175753000
Revision Date: 2018-01-04 Version: 1 Title: CVE-2017-5753 on Ubuntu 18.10 (cosmic) - high. Description: Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. Family: unix Class: vulnerability Status: Reference(s): CVE-2017-5753 Platform(s): Ubuntu 18.10 Product(s): Definition Synopsis Ubuntu 18.10 (cosmic) is installed. AND Package Information The 'firefox' package in cosmic was vulnerable but has been fixed (note: '59.0.1+build1-0ubuntu1'). OR NOT While related to the CVE in some way, the 'linux' package in cosmic is not affected (note: '4.15.0-20.21'). OR NOT While related to the CVE in some way, the 'linux-aws' package in cosmic is not affected (note: '4.15.0-1007.7'). OR NOT While related to the CVE in some way, the 'linux-azure' package in cosmic is not affected (note: '4.15.0-1009.9'). OR NOT While related to the CVE in some way, the 'linux-gcp' package in cosmic is not affected (note: '4.15.0-1006.6'). OR NOT While related to the CVE in some way, the 'linux-kvm' package in cosmic is not affected (note: '4.15.0-1008.8'). OR NOT While related to the CVE in some way, the 'linux-oem' package in cosmic is not affected (note: '4.15.0-1004.5'). OR NOT While related to the CVE in some way, the 'linux-raspi2' package in cosmic is not affected (note: '4.15.0-1010.11'). OR The 'nvidia-graphics-drivers-384' package in cosmic was vulnerable but has been fixed (note: '384.111-0ubuntu1'). OR NOT While related to the CVE in some way, the 'webkit2gtk' package in cosmic is not affected (note: '2.18.6-1').
BACK