OVAL Reference oval:com.ubuntu.precise:def:20145045000

Oval Definition:

oval:com.ubuntu.precise:def:20145045000

Revision Date:	2014-08-01	Version:	1
Title:	CVE-2014-5045 on Ubuntu 12.04 LTS (precise) - medium.
Description:	The mountpoint_last function in fs/namei.c in the Linux kernel before 3.15.8 does not properly maintain a certain reference count during attempts to use the umount system call in conjunction with a symlink, which allows local users to cause a denial of service (memory consumption or use-after-free) or possibly have unspecified other impact via the umount program. Vasily Averin discover a reference count flaw during attempts to umount in conjunction with a symlink. A local user could exploit this flaw to cause a denial of service (memory consumption or use after free) or possibly have other unspecified impact.
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2014-5045
Platform(s):	Ubuntu 12.04 LTS	Product(s):
Definition Synopsis
Ubuntu 12.04 LTS (precise) is installed. AND Package Information NOT While related to the CVE in some way, the 'linux' package in precise is not affected. OR NOT While related to the CVE in some way, the 'linux-armadaxp' package in precise is not affected. OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR NOT While related to the CVE in some way, the 'linux-lts-quantal' package in precise is not affected. OR NOT While related to the CVE in some way, the 'linux-lts-raring' package in precise is not affected. OR NOT While related to the CVE in some way, the 'linux-lts-saucy' package in precise is not affected. OR The 'linux-lts-trusty' package in precise was vulnerable but has been fixed (note: '3.13.0-35.62~precise1'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR NOT While related to the CVE in some way, the 'linux-ti-omap4' package in precise is not affected.

BACK