OVAL Reference oval:com.ubuntu.xenial:def:2018146190000000

Oval Definition:

oval:com.ubuntu.xenial:def:2018146190000000

Revision Date:	2018-08-30	Version:	1
Title:	CVE-2018-14619 on Ubuntu 16.04 LTS (xenial) - medium.
Description:	A flaw was found in the crypto subsystem of the Linux kernel before version kernel-4.15-rc4. The "null skcipher" was being dropped when each af_alg_ctx was freed instead of when the aead_tfm was freed. This can cause the null skcipher to be freed while it is still in use leading to a local user being able to crash the system or possibly escalate privileges.
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2018-14619
Platform(s):	Ubuntu 16.04 LTS	Product(s):
Definition Synopsis
Ubuntu 16.04 LTS (xenial) is installed. AND Package Information linux-azure package in xenial, is related to the CVE in some way and has been fixed (note: '4.15.0-1013.13~16.04.2'). OR linux-flo: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'abandoned'). OR linux-gcp package in xenial, is related to the CVE in some way and has been fixed (note: '4.15.0-1014.14~16.04.1'). OR linux-gke: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'end-of-life'). OR linux-goldfish: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'end-of-life'). OR linux-hwe package in xenial, is related to the CVE in some way and has been fixed (note: '4.15.0-24.26~16.04.1'). OR linux-mako: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'abandoned'). OR linux-meta-azure package in xenial, is related to the CVE in some way and has been fixed (note: '4.15.0-1013.13~16.04.2'). OR linux-meta-gcp package in xenial, is related to the CVE in some way and has been fixed (note: '4.15.0-1014.14~16.04.1'). OR linux-meta-hwe package in xenial, is related to the CVE in some way and has been fixed (note: '4.15.0-24.26~16.04.1'). OR linux-signed-azure package in xenial, is related to the CVE in some way and has been fixed (note: '4.15.0-1013.13~16.04.2'). OR linux-signed-gcp package in xenial, is related to the CVE in some way and has been fixed (note: '4.15.0-1014.14~16.04.1'). OR linux-signed-hwe package in xenial, is related to the CVE in some way and has been fixed (note: '4.15.0-24.26~16.04.1').

BACK