Oval Definition:oval:com.ubuntu.xenial:def:20195489000
Revision Date:2019-01-07Version:1
Title:CVE-2019-5489 on Ubuntu 16.04 LTS (xenial) - medium.
Description:The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2019-5489
Platform(s):Ubuntu 16.04 LTS
Product(s):
Definition Synopsis
  • Ubuntu 16.04 LTS (xenial) is installed.
  • AND Package Information
  • The 'linux' package in xenial is affected and needs fixing.
  • OR The 'linux-aws' package in xenial is affected and needs fixing.
  • OR The 'linux-aws-hwe' package in xenial is affected and needs fixing.
  • OR The 'linux-azure' package in xenial is affected and needs fixing.
  • OR The 'linux-azure-edge' package in xenial is affected and needs fixing.
  • OR While related to the CVE in some way, a decision has been made to ignore it (note: 'was needed ESM criteria').
  • OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned').
  • OR The 'linux-gcp' package in xenial is affected and needs fixing.
  • OR While related to the CVE in some way, a decision has been made to ignore it (note: 'end-of-life').
  • OR While related to the CVE in some way, a decision has been made to ignore it (note: 'end-of-life').
  • OR The 'linux-hwe' package in xenial is affected and needs fixing.
  • OR The 'linux-hwe-edge' package in xenial is affected and needs fixing.
  • OR The 'linux-kvm' package in xenial is affected and needs fixing.
  • OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned').
  • OR While related to the CVE in some way, a decision has been made to ignore it (note: 'was needs-triage now end-of-life').
  • OR The 'linux-oracle' package in xenial is affected and needs fixing.
  • OR The 'linux-raspi2' package in xenial is affected and needs fixing.
  • OR The 'linux-snapdragon' package in xenial is affected and needs fixing.
  • BACK