OVAL Reference oval:com.ubuntu.precise:def:20153332000

Oval Definition:

oval:com.ubuntu.precise:def:20153332000

Revision Date:	2015-05-27	Version:	1
Title:	CVE-2015-3332 on Ubuntu 12.04 LTS (precise) - medium.
Description:	A certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash) via the Fast Open feature, as demonstrated by visiting the chrome://flags/#enable-tcp-fast-open URL when using certain 3.10.x through 3.16.x kernel builds, including longterm-maintenance releases and ckt (aka Canonical Kernel Team) builds. A flaw was discovered in the Linux kernel's IPv4 networking when using TCP fast open to initiate a connection. An unprivileged local user could exploit this flaw to cause a denial of service (system crash).
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2015-3332
Platform(s):	Ubuntu 12.04 LTS	Product(s):
Definition Synopsis
Ubuntu 12.04 LTS (precise) is installed. AND Package Information NOT While related to the CVE in some way, the 'linux' package in precise is not affected (note: '3.2.0-85.122'). OR NOT While related to the CVE in some way, the 'linux-armadaxp' package in precise is not affected (note: '3.2.0-1651.71'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR NOT While related to the CVE in some way, the 'linux-lts-quantal' package in precise is not affected. OR NOT While related to the CVE in some way, the 'linux-lts-raring' package in precise is not affected. OR NOT While related to the CVE in some way, the 'linux-lts-saucy' package in precise is not affected. OR The 'linux-lts-trusty' package in precise was vulnerable but has been fixed (note: '3.13.0-53.89~precise1'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR NOT While related to the CVE in some way, the 'linux-ti-omap4' package in precise is not affected (note: '3.2.0-1465.85').

BACK