Oval Definition:oval:com.ubuntu.xenial:def:2019102200000000
Revision Date:2019-11-27Version:1
Title:CVE-2019-10220 on Ubuntu 16.04 LTS (xenial) - medium.
Description:Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists. Michael Hanselmann discovered that the CIFS implementation in the Linux kernel did not sanitize paths returned by an SMB server. An attacker controlling an SMB server could use this to overwrite arbitrary files.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2019-10220
Platform(s):Ubuntu 16.04 LTS
Product(s):
Definition Synopsis
  • Ubuntu 16.04 LTS (xenial) is installed.
  • AND Package Information
  • linux package in xenial is affected and needs fixing.
  • OR linux-aws package in xenial is affected and needs fixing.
  • OR linux-aws-hwe package in xenial is affected and needs fixing.
  • OR linux-azure package in xenial is affected and needs fixing.
  • OR linux-gcp package in xenial is affected and needs fixing.
  • OR linux-hwe package in xenial is affected and needs fixing.
  • OR linux-kvm package in xenial is affected and needs fixing.
  • OR linux-meta package in xenial is affected and needs fixing.
  • OR linux-meta-aws package in xenial is affected and needs fixing.
  • OR linux-meta-aws-hwe package in xenial is affected and needs fixing.
  • OR linux-meta-azure package in xenial is affected and needs fixing.
  • OR linux-meta-gcp package in xenial is affected and needs fixing.
  • OR linux-meta-hwe package in xenial is affected and needs fixing.
  • OR linux-meta-kvm package in xenial is affected and needs fixing.
  • OR linux-meta-oracle package in xenial is affected and needs fixing.
  • OR linux-meta-raspi2 package in xenial is affected and needs fixing.
  • OR linux-meta-snapdragon package in xenial is affected and needs fixing.
  • OR linux-oem: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'was needs-triage now end-of-life').
  • OR linux-oracle package in xenial is affected and needs fixing.
  • OR linux-raspi2 package in xenial is affected and needs fixing.
  • OR linux-signed package in xenial is affected and needs fixing.
  • OR linux-signed-azure package in xenial is affected and needs fixing.
  • OR linux-signed-gcp package in xenial is affected and needs fixing.
  • OR linux-signed-hwe package in xenial is affected and needs fixing.
  • OR linux-signed-oracle package in xenial is affected and needs fixing.
  • OR linux-snapdragon package in xenial is affected and needs fixing.
    • BACK