OVAL Reference oval:com.ubuntu.xenial:def:20179242000

Oval Definition:

oval:com.ubuntu.xenial:def:20179242000

Revision Date:	2017-05-26	Version:	1
Title:	CVE-2017-9242 on Ubuntu 16.04 LTS (xenial) - medium.
Description:	The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls. It was discovered that the IPv6 stack in the Linux kernel was performing its over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash).
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2017-9242
Platform(s):	Ubuntu 16.04 LTS	Product(s):
Definition Synopsis
Ubuntu 16.04 LTS (xenial) is installed. AND Package Information The 'linux' package in xenial was vulnerable but has been fixed (note: '4.4.0-83.106'). OR The 'linux-aws' package in xenial was vulnerable but has been fixed (note: '4.4.0-1022.31'). OR NOT While related to the CVE in some way, the 'linux-azure' package in xenial is not affected (note: '4.11.0-1009.9'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'was needed ESM criteria'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR NOT While related to the CVE in some way, the 'linux-gcp' package in xenial is not affected (note: '4.10.0-1004.4'). OR The 'linux-gke' package in xenial was vulnerable but has been fixed (note: '4.4.0-1018.18'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'was needed now end-of-life'). OR The 'linux-hwe' package in xenial was vulnerable but has been fixed (note: '4.8.0-58.63~16.04.1'). OR The 'linux-hwe-edge' package in xenial was vulnerable but has been fixed (note: '4.8.0-58.63~16.04.1'). OR NOT While related to the CVE in some way, the 'linux-kvm' package in xenial is not affected (note: '4.4.0-1004.9'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR NOT While related to the CVE in some way, the 'linux-oem' package in xenial is not affected (note: '4.13.0-1008.9'). OR The 'linux-raspi2' package in xenial was vulnerable but has been fixed (note: '4.4.0-1061.69'). OR The 'linux-snapdragon' package in xenial was vulnerable but has been fixed (note: '4.4.0-1063.68').

BACK