Friday, December 11, 2015

server - Are my systems vulnerable from CVE-2016-5696?

I have a request from my network security colleague to investigate the threat of this CVE for our environment and I'm having a hard time figuring it out. When I look on the CVE tracker for that CVE:
https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5696.html


It lists the package versions as well as the release versions. Which confuses me. Like it seems to imply that you can run the Trusty source on the Precise OS?


But that's besides the point. Our environment is predominantly Precise servers with a handful of Trusty servers and I need to know if this vulnerability applies to me. Is there a command I can run to determine if I'm using one of these packages that is listed. The package names actually specified in the tracker like "linux-lts-trusty" are not apt-get packages so "apt-cache show" doesn't help.

No comments:

Post a Comment

11.10 - Can't boot from USB after installing Ubuntu

I bought a Samsung series 5 notebook and a very strange thing happened: I installed Ubuntu 11.10 from a usb pen drive but when I restarted (...