Oval Definition:oval:com.ubuntu.disco:def:201954890000000
Revision Date:2019-01-07Version:1
Title:CVE-2019-5489 on Ubuntu 19.04 (disco) - medium.
Description:The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2019-5489
Platform(s):Ubuntu 19.04
Product(s):
Definition Synopsis
  • Ubuntu 19.04 (disco) is installed.
  • AND Package Information
  • linux package in disco was vulnerable but has been fixed (note: '5.0.0-25.26').
  • OR linux-aws package in disco is affected. An update containing the fix has been completed and is pending publication (note: '5.0.0-1014.16').
  • OR linux-azure package in disco was vulnerable but has been fixed (note: '5.0.0-1014.14').
  • OR linux-gcp package in disco was vulnerable but has been fixed (note: '5.0.0-1013.13').
  • OR linux-kvm package in disco was vulnerable but has been fixed (note: '5.0.0-1013.14').
  • OR linux-meta package in disco was vulnerable but has been fixed (note: '5.0.0-25.26').
  • OR linux-meta-aws package in disco is affected. An update containing the fix has been completed and is pending publication (note: '5.0.0-1014.16').
  • OR linux-meta-azure package in disco was vulnerable but has been fixed (note: '5.0.0-1014.14').
  • OR linux-meta-gcp package in disco was vulnerable but has been fixed (note: '5.0.0-1013.13').
  • OR linux-meta-kvm package in disco was vulnerable but has been fixed (note: '5.0.0-1013.14').
  • OR linux-meta-oem package in disco is affected. An update containing the fix has been completed and is pending publication (note: '4.15.0-1056.65').
  • OR linux-meta-oem-osp1 package in disco is affected. An update containing the fix has been completed and is pending publication (note: '5.0.0-1018.20').
  • OR linux-meta-oracle package in disco was vulnerable but has been fixed (note: '5.0.0-1004.8').
  • OR linux-meta-raspi2 package in disco is affected. An update containing the fix has been completed and is pending publication (note: '5.0.0-1014.14').
  • OR linux-oem package in disco is affected. An update containing the fix has been completed and is pending publication (note: '4.15.0-1056.65').
  • OR linux-oem-osp1 package in disco is affected. An update containing the fix has been completed and is pending publication (note: '5.0.0-1018.20').
  • OR linux-oracle package in disco was vulnerable but has been fixed (note: '5.0.0-1004.8').
  • OR linux-raspi2 package in disco is affected. An update containing the fix has been completed and is pending publication (note: '5.0.0-1014.14').
  • OR linux-signed package in disco was vulnerable but has been fixed (note: '5.0.0-25.26').
  • OR linux-signed-azure package in disco was vulnerable but has been fixed (note: '5.0.0-1014.14').
  • OR linux-signed-gcp package in disco was vulnerable but has been fixed (note: '5.0.0-1013.13').
  • OR linux-signed-oem package in disco is affected. An update containing the fix has been completed and is pending publication (note: '4.15.0-1056.65').
  • OR linux-signed-oem-osp1 package in disco is affected. An update containing the fix has been completed and is pending publication (note: '5.0.0-1018.20').
  • OR linux-signed-oracle package in disco was vulnerable but has been fixed (note: '5.0.0-1004.8').
  • OR linux-snapdragon package in disco was vulnerable but has been fixed (note: '5.0.0-1018.19').
  • BACK