OVAL Reference oval:com.ubuntu.xenial:def:2019114770000000

Oval Definition:

oval:com.ubuntu.xenial:def:2019114770000000

Revision Date:	2019-06-19	Version:	1
Title:	CVE-2019-11477 on Ubuntu 16.04 LTS (xenial) - high.
Description:	Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff. Jonathan Looney discovered that an integer overflow existed in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service (system crash).
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2019-11477
Platform(s):	Ubuntu 16.04 LTS	Product(s):
Definition Synopsis
Ubuntu 16.04 LTS (xenial) is installed. AND Package Information linux package in xenial was vulnerable but has been fixed (note: '4.4.0-151.178'). OR linux-aws package in xenial was vulnerable but has been fixed (note: '4.4.0-1085.96'). OR linux-aws-hwe package in xenial was vulnerable but has been fixed (note: '4.15.0-1041.43~16.04.1'). OR linux-azure package in xenial was vulnerable but has been fixed (note: '4.15.0-1047.51'). OR linux-euclid: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'was needed now end-of-life'). OR linux-flo: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'abandoned'). OR linux-gcp package in xenial was vulnerable but has been fixed (note: '4.15.0-1034.36~16.04.1'). OR linux-gke: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'end-of-life'). OR linux-goldfish: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'end-of-life'). OR linux-hwe package in xenial was vulnerable but has been fixed (note: '4.15.0-52.56~16.04.1'). OR linux-kvm package in xenial was vulnerable but has been fixed (note: '4.4.0-1048.55'). OR linux-mako: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'abandoned'). OR linux-meta package in xenial was vulnerable but has been fixed (note: '4.4.0-151.178'). OR linux-meta-aws package in xenial was vulnerable but has been fixed (note: '4.4.0-1085.96'). OR linux-meta-aws-hwe package in xenial was vulnerable but has been fixed (note: '4.15.0-1041.43~16.04.1'). OR linux-meta-azure package in xenial was vulnerable but has been fixed (note: '4.15.0-1047.51'). OR linux-meta-gcp package in xenial was vulnerable but has been fixed (note: '4.15.0-1034.36~16.04.1'). OR linux-meta-hwe package in xenial was vulnerable but has been fixed (note: '4.15.0-52.56~16.04.1'). OR linux-meta-kvm package in xenial was vulnerable but has been fixed (note: '4.4.0-1048.55'). OR linux-meta-oracle package in xenial was vulnerable but has been fixed (note: '4.15.0-1015.17~16.04.1'). OR linux-meta-raspi2 package in xenial was vulnerable but has been fixed (note: '4.4.0-1111.120'). OR linux-meta-snapdragon package in xenial was vulnerable but has been fixed (note: '4.4.0-1115.121'). OR linux-oem: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'was needed now end-of-life'). OR linux-oracle package in xenial was vulnerable but has been fixed (note: '4.15.0-1015.17~16.04.1'). OR linux-raspi2 package in xenial was vulnerable but has been fixed (note: '4.4.0-1111.120'). OR linux-signed package in xenial was vulnerable but has been fixed (note: '4.4.0-151.178'). OR linux-signed-azure package in xenial was vulnerable but has been fixed (note: '4.15.0-1047.51'). OR linux-signed-gcp package in xenial was vulnerable but has been fixed (note: '4.15.0-1034.36~16.04.1'). OR linux-signed-hwe package in xenial was vulnerable but has been fixed (note: '4.15.0-52.56~16.04.1'). OR linux-signed-oracle package in xenial was vulnerable but has been fixed (note: '4.15.0-1015.17~16.04.1'). OR linux-snapdragon package in xenial was vulnerable but has been fixed (note: '4.4.0-1115.121').

BACK