Oval Definition:	oval:com.ubuntu.precise:def:20144667000
Revision Date: 2014-07-03 Version: 1 Title: CVE-2014-4667 on Ubuntu 12.04 LTS (precise) - medium. Description: The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet. An integer underflow flaw was discovered in the Linux kernel's handling of the backlog value for certain SCTP packets. A remote attacker could exploit this flaw to cause a denial of service (socket outage) via a crafted SCTP packet. Family: unix Class: vulnerability Status: Reference(s): CVE-2014-4667 Platform(s): Ubuntu 12.04 LTS Product(s): Definition Synopsis Ubuntu 12.04 LTS (precise) is installed. AND Package Information The 'linux' package in precise was vulnerable but has been fixed (note: '3.2.0-68.102'). OR The 'linux-armadaxp' package in precise was vulnerable but has been fixed (note: '3.2.0-1637.54'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'was pending [3.5.0-55.82~precise1] OEM release'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'was needed now end-of-life'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'was pending [3.11.0-28.48~precise1] OEM release'). OR The 'linux-lts-trusty' package in precise was vulnerable but has been fixed (note: '3.13.0-35.62~precise1'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR The 'linux-ti-omap4' package in precise was vulnerable but has been fixed (note: '3.2.0-1452.72').
BACK