I have a request from my network security colleague to investigate the threat of this CVE for our environment and I'm having a hard time figuring it out. When I look on the CVE tracker for that CVE:
https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5696.html
It lists the package versions as well as the release versions. Which confuses me. Like it seems to imply that you can run the Trusty source on the Precise OS?
But that's besides the point. Our environment is predominantly Precise servers with a handful of Trusty servers and I need to know if this vulnerability applies to me. Is there a command I can run to determine if I'm using one of these packages that is listed. The package names actually specified in the tracker like "linux-lts-trusty" are not apt-get packages so "apt-cache show" doesn't help.
No comments:
Post a Comment