OVAL Reference oval:com.ubuntu.trusty:def:20141738000

Oval Definition:

oval:com.ubuntu.trusty:def:20141738000

Revision Date:	2014-05-11	Version:	1
Title:	CVE-2014-1738 on Ubuntu 14.04 LTS (trusty) - high.
Description:	The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device. Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory.
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2014-1738
Platform(s):	Ubuntu 14.04 LTS	Product(s):
Definition Synopsis
Ubuntu 14.04 LTS (trusty) is installed. AND Package Information The 'linux' package in trusty was vulnerable but has been fixed (note: '3.13.0-27.50'). OR NOT While related to the CVE in some way, the 'linux-aws' package in trusty is not affected (note: '4.4.0-1002.2'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'was needed now end-of-life'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'was needed now end-of-life'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR NOT While related to the CVE in some way, the 'linux-lts-utopic' package in trusty is not affected (note: '3.16.0-25.33~14.04.2'). OR NOT While related to the CVE in some way, the 'linux-lts-vivid' package in trusty is not affected (note: '3.19.0-18.18~14.04.1'). OR NOT While related to the CVE in some way, the 'linux-lts-wily' package in trusty is not affected (note: '4.2.0-18.22~14.04.1'). OR NOT While related to the CVE in some way, the 'linux-lts-xenial' package in trusty is not affected (note: '4.4.0-13.29~14.04.1'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'was needed now end-of-life'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'was needed now end-of-life').

BACK