OVAL Reference oval:com.ubuntu.xenial:def:20149715000

Oval Definition:

oval:com.ubuntu.xenial:def:20149715000

Revision Date:	2015-05-27	Version:	1
Title:	CVE-2014-9715 on Ubuntu 16.04 LTS (xenial) - medium.
Description:	include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that triggers extension loading, as demonstrated by configuring a PPTP tunnel in a NAT environment. Vincent Tondellier discovered an integer overflow in the Linux kernel's netfilter connection tracking accounting of loaded extensions. An attacker on the local area network (LAN) could potential exploit this flaw to cause a denial of service (system crash of targeted system).
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2014-9715
Platform(s):	Ubuntu 16.04 LTS	Product(s):
Definition Synopsis
Ubuntu 16.04 LTS (xenial) is installed. AND Package Information NOT While related to the CVE in some way, the 'linux' package in xenial is not affected (note: '4.2.0-16.19'). OR NOT While related to the CVE in some way, the 'linux-aws' package in xenial is not affected (note: '4.4.0-1001.10'). OR NOT While related to the CVE in some way, the 'linux-flo' package in xenial is not affected. OR NOT While related to the CVE in some way, the 'linux-gke' package in xenial is not affected (note: '4.4.0-1003.3'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR NOT While related to the CVE in some way, the 'linux-hwe' package in xenial is not affected (note: '4.8.0-36.36~16.04.1'). OR NOT While related to the CVE in some way, the 'linux-hwe-edge' package in xenial is not affected (note: '4.8.0-36.36~16.04.1'). OR NOT While related to the CVE in some way, the 'linux-mako' package in xenial is not affected. OR NOT While related to the CVE in some way, the 'linux-raspi2' package in xenial is not affected (note: '4.2.0-1013.19'). OR NOT While related to the CVE in some way, the 'linux-snapdragon' package in xenial is not affected (note: '4.4.0-1012.12').

BACK