Oval Definition:	oval:com.ubuntu.trusty:def:20163134000
Revision Date: 2016-04-27 Version: 1 Title: CVE-2016-3134 on Ubuntu 14.04 LTS (trusty) - high. Description: The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call. Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Family: unix Class: vulnerability Status: Reference(s): CVE-2016-3134 Platform(s): Ubuntu 14.04 LTS Product(s): Definition Synopsis Ubuntu 14.04 LTS (trusty) is installed. AND Package Information The 'linux' package in trusty was vulnerable but has been fixed (note: '3.13.0-91.138'). OR NOT While related to the CVE in some way, the 'linux-aws' package in trusty is not affected (note: '4.4.0-1002.2'). OR While related to the CVE in some way, a decision has been made to ignore it. OR While related to the CVE in some way, a decision has been made to ignore it. OR While related to the CVE in some way, a decision has been made to ignore it. OR The 'linux-lts-utopic' package in trusty was vulnerable but has been fixed (note: '3.16.0-76.98~14.04.1'). OR The 'linux-lts-vivid' package in trusty was vulnerable but has been fixed (note: '3.19.0-64.72~14.04.1'). OR The 'linux-lts-wily' package in trusty was vulnerable but has been fixed (note: '4.2.0-41.48~14.04.1'). OR The 'linux-lts-xenial' package in trusty was vulnerable but has been fixed (note: '4.4.0-28.47~14.04.1'). OR While related to the CVE in some way, a decision has been made to ignore it. OR While related to the CVE in some way, a decision has been made to ignore it. OR While related to the CVE in some way, a decision has been made to ignore it.
BACK