Oval Definition:	oval:com.ubuntu.trusty:def:20176074000
Revision Date: 2017-02-20 Version: 1 Title: CVE-2017-6074 on Ubuntu 14.04 LTS (trusty) - high. Description: The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to cause a denial of service (invalid free) or possibly have unspecified other impact via an application that makes an IPV6_RECVPKTINFO setsockopt system call. Andrey Konovalov discovered a use-after-free vulnerability in the DCCP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. Family: unix Class: vulnerability Status: Reference(s): CVE-2017-6074 Platform(s): Ubuntu 14.04 LTS Product(s): Definition Synopsis Ubuntu 14.04 LTS (trusty) is installed. AND Package Information The 'linux' package in trusty is affected. An update containing the fix has been completed and is pending publication. OR While related to the CVE in some way, a decision has been made to ignore it. OR While related to the CVE in some way, a decision has been made to ignore it. OR While related to the CVE in some way, a decision has been made to ignore it. OR While related to the CVE in some way, a decision has been made to ignore it (note: 'end-of-life'). OR The vulnerability of the 'linux-lts-vivid' package in trusty is not known (status: 'needs-triage'). It is pending evaluation. OR While related to the CVE in some way, a decision has been made to ignore it (note: 'end-of-life'). OR The 'linux-lts-xenial' package in trusty is affected. An update containing the fix has been completed and is pending publication. OR While related to the CVE in some way, a decision has been made to ignore it. OR While related to the CVE in some way, a decision has been made to ignore it. OR While related to the CVE in some way, a decision has been made to ignore it.
BACK