Oval Definition:	oval:com.ubuntu.xenial:def:2019148990000000
Revision Date: 2019-12-11 Version: 1 Title: CVE-2019-14899 on Ubuntu 16.04 LTS (xenial) - low. Description: A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel. Family: unix Class: vulnerability Status: Reference(s): CVE-2019-14899 Platform(s): Ubuntu 16.04 LTS Product(s): Definition Synopsis Ubuntu 16.04 LTS (xenial) is installed. AND Package Information linux package in xenial is affected, but a decision has been made to defer addressing it (note: '2019-12-13'). OR linux-aws package in xenial is affected, but a decision has been made to defer addressing it (note: '2019-12-13'). OR linux-aws-hwe package in xenial is affected, but a decision has been made to defer addressing it (note: '2019-12-13'). OR linux-azure package in xenial is affected, but a decision has been made to defer addressing it (note: '2019-12-13'). OR linux-gcp package in xenial is affected, but a decision has been made to defer addressing it (note: '2019-12-13'). OR linux-hwe package in xenial is affected, but a decision has been made to defer addressing it (note: '2019-12-13'). OR linux-kvm package in xenial is affected, but a decision has been made to defer addressing it (note: '2019-12-13'). OR linux-meta package in xenial is affected, but a decision has been made to defer addressing it (note: '2019-12-13'). OR linux-meta-aws package in xenial is affected, but a decision has been made to defer addressing it (note: '2019-12-13'). OR linux-meta-aws-hwe package in xenial is affected, but a decision has been made to defer addressing it (note: '2019-12-13'). OR linux-meta-azure package in xenial is affected, but a decision has been made to defer addressing it (note: '2019-12-13'). OR linux-meta-gcp package in xenial is affected, but a decision has been made to defer addressing it (note: '2019-12-13'). OR linux-meta-hwe package in xenial is affected, but a decision has been made to defer addressing it (note: '2019-12-13'). OR linux-meta-kvm package in xenial is affected, but a decision has been made to defer addressing it (note: '2019-12-13'). OR linux-meta-oracle package in xenial is affected, but a decision has been made to defer addressing it (note: '2019-12-13'). OR linux-meta-raspi2 package in xenial is affected, but a decision has been made to defer addressing it (note: '2019-12-13'). OR linux-meta-snapdragon package in xenial is affected, but a decision has been made to defer addressing it (note: '2019-12-13'). OR linux-oem: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'was needs-triage now end-of-life'). OR linux-oracle package in xenial is affected, but a decision has been made to defer addressing it (note: '2019-12-13'). OR linux-raspi2 package in xenial is affected, but a decision has been made to defer addressing it (note: '2019-12-13'). OR linux-signed package in xenial is affected, but a decision has been made to defer addressing it (note: '2019-12-13'). OR linux-signed-azure package in xenial is affected, but a decision has been made to defer addressing it (note: '2019-12-13'). OR linux-signed-gcp package in xenial is affected, but a decision has been made to defer addressing it (note: '2019-12-13'). OR linux-signed-hwe package in xenial is affected, but a decision has been made to defer addressing it (note: '2019-12-13'). OR linux-signed-oracle package in xenial is affected, but a decision has been made to defer addressing it (note: '2019-12-13'). OR linux-snapdragon package in xenial is affected, but a decision has been made to defer addressing it (note: '2019-12-13').
BACK