Oval Definition:	oval:com.ubuntu.trusty:def:20166136000
Revision Date: 2016-08-06 Version: 1 Title: CVE-2016-6136 on Ubuntu 14.04 LTS (trusty) - low. Description: Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerability. Pengfei Wang discovered a race condition in the audit subsystem in the Linux kernel. A local attacker could use this to corrupt audit logs or disrupt system-call auditing. Family: unix Class: vulnerability Status: Reference(s): CVE-2016-6136 Platform(s): Ubuntu 14.04 LTS Product(s): Definition Synopsis Ubuntu 14.04 LTS (trusty) is installed. AND Package Information The 'linux' package in trusty was vulnerable but has been fixed (note: '3.13.0-98.145'). OR NOT While related to the CVE in some way, the 'linux-aws' package in trusty is not affected (note: '4.4.0-1002.2'). OR While related to the CVE in some way, a decision has been made to ignore it. OR While related to the CVE in some way, a decision has been made to ignore it. OR While related to the CVE in some way, a decision has been made to ignore it. OR While related to the CVE in some way, a decision has been made to ignore it (note: 'end-of-life'). OR The 'linux-lts-vivid' package in trusty was vulnerable but has been fixed (note: '3.19.0-71.79~14.04.1'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'end-of-life'). OR The 'linux-lts-xenial' package in trusty was vulnerable but has been fixed (note: '4.4.0-38.57~14.04.1'). OR While related to the CVE in some way, a decision has been made to ignore it. OR While related to the CVE in some way, a decision has been made to ignore it. OR While related to the CVE in some way, a decision has been made to ignore it.
BACK