OVAL Reference oval:com.ubuntu.cosmic:def:201836390000000

Oval Definition:

oval:com.ubuntu.cosmic:def:201836390000000

Revision Date:	2018-05-22	Version:	1
Title:	CVE-2018-3639 on Ubuntu 18.10 (cosmic) - medium.
Description:	Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory.
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2018-3639
Platform(s):	Ubuntu 18.10	Product(s):
Definition Synopsis
Ubuntu 18.10 (cosmic) is installed. AND Package Information intel-microcode package in cosmic, is related to the CVE in some way and has been fixed (note: '3.20180807a.1'). OR libvirt package in cosmic was vulnerable but has been fixed (note: '4.0.0-1ubuntu11'). OR linux package in cosmic, is related to the CVE in some way and has been fixed (note: '4.15.0-22.24'). OR linux-aws package in cosmic, is related to the CVE in some way and has been fixed (note: '4.15.0-1009.9'). OR linux-azure package in cosmic, is related to the CVE in some way and has been fixed (note: '4.15.0-1012.12'). OR linux-gcp package in cosmic, is related to the CVE in some way and has been fixed (note: '4.15.0-1008.8'). OR linux-kvm package in cosmic, is related to the CVE in some way and has been fixed (note: '4.15.0-1010.10'). OR linux-meta package in cosmic, is related to the CVE in some way and has been fixed (note: '4.15.0-22.24'). OR linux-meta-aws package in cosmic, is related to the CVE in some way and has been fixed (note: '4.15.0-1009.9'). OR linux-meta-azure package in cosmic, is related to the CVE in some way and has been fixed (note: '4.15.0-1012.12'). OR linux-meta-gcp package in cosmic, is related to the CVE in some way and has been fixed (note: '4.15.0-1008.8'). OR linux-meta-kvm package in cosmic, is related to the CVE in some way and has been fixed (note: '4.15.0-1010.10'). OR linux-meta-oem package in cosmic, is related to the CVE in some way and has been fixed (note: '4.15.0-1006.9'). OR linux-meta-raspi2 package in cosmic, is related to the CVE in some way and has been fixed (note: '4.15.0-1021.23'). OR linux-oem package in cosmic, is related to the CVE in some way and has been fixed (note: '4.15.0-1006.9'). OR linux-oracle package in cosmic, is related to the CVE in some way and has been fixed (note: '4.15.0-1007.9'). OR linux-raspi2 package in cosmic, is related to the CVE in some way and has been fixed (note: '4.15.0-1021.23'). OR linux-signed package in cosmic, is related to the CVE in some way and has been fixed (note: '4.15.0-22.24'). OR linux-signed-azure package in cosmic, is related to the CVE in some way and has been fixed (note: '4.15.0-1012.12'). OR linux-signed-gcp package in cosmic, is related to the CVE in some way and has been fixed (note: '4.15.0-1008.8'). OR linux-signed-oem package in cosmic, is related to the CVE in some way and has been fixed (note: '4.15.0-1006.9'). OR qemu package in cosmic was vulnerable but has been fixed (note: '1:2.11+dfsg-1ubuntu10').

BACK