Oval Definition:	oval:com.ubuntu.precise:def:20134350000
Revision Date: 2013-09-25 Version: 1 Title: CVE-2013-4350 on Ubuntu 12.04 LTS (precise) - low. Description: The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel through 3.11.1 uses data structures and function calls that do not trigger an intended configuration of IPsec encryption, which allows remote attackers to obtain sensitive information by sniffing the network. Alan Chester reported a flaw in the IPv6 Stream Control Transmission Protocol (SCTP) of the Linux kernel. A remote attacker could exploit this flaw to obtain sensitive information by sniffing network traffic. Family: unix Class: vulnerability Status: Reference(s): CVE-2013-4350 Platform(s): Ubuntu 12.04 LTS Product(s): Definition Synopsis Ubuntu 12.04 LTS (precise) is installed. AND Package Information The 'linux' package in precise was vulnerable but has been fixed (note: '3.2.0-57.87'). OR The 'linux-armadaxp' package in precise was vulnerable but has been fixed (note: '3.2.0-1628.40'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR The 'linux-lts-quantal' package in precise was vulnerable but has been fixed (note: '3.5.0-43.66~precise1'). OR The 'linux-lts-raring' package in precise was vulnerable but has been fixed (note: '3.8.0-34.49~precise1'). OR NOT While related to the CVE in some way, the 'linux-lts-saucy' package in precise is not affected (note: '3.11.0-13.20~precise2'). OR NOT While related to the CVE in some way, the 'linux-lts-trusty' package in precise is not affected (note: '3.13.0-24.46~precise1'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR The 'linux-ti-omap4' package in precise was vulnerable but has been fixed (note: '3.2.0-1441.60').
BACK