Oval Definition:	oval:com.ubuntu.xenial:def:20176074000
Revision Date: 2017-02-20 Version: 1 Title: CVE-2017-6074 on Ubuntu 16.04 LTS (xenial) - high. Description: The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to cause a denial of service (invalid free) or possibly have unspecified other impact via an application that makes an IPV6_RECVPKTINFO setsockopt system call. Andrey Konovalov discovered a use-after-free vulnerability in the DCCP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. Family: unix Class: vulnerability Status: Reference(s): CVE-2017-6074 Platform(s): Ubuntu 16.04 LTS Product(s): Definition Synopsis Ubuntu 16.04 LTS (xenial) is installed. AND Package Information The 'linux' package in xenial is affected. An update containing the fix has been completed and is pending publication. OR The 'linux-aws' package in xenial is affected. An update containing the fix has been completed and is pending publication. OR The 'linux-flo' package in xenial is affected and needs fixing. OR The 'linux-goldfish' package in xenial is affected and needs fixing. OR The 'linux-hwe' package in xenial is affected. An update containing the fix has been completed and is pending publication. OR The 'linux-hwe-edge' package in xenial is affected. An update containing the fix has been completed and is pending publication. OR The 'linux-mako' package in xenial is affected and needs fixing. OR The 'linux-raspi2' package in xenial is affected. An update containing the fix has been completed and is pending publication. OR The 'linux-snapdragon' package in xenial is affected. An update containing the fix has been completed and is pending publication.
BACK