Hi There,
Last week the following LINUX Vurnebility has been posted on the internet:
https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5696.html
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5696
Does someone know if the Ubuntu Mate (16.04) is affected bt the cve?
The Linux kernel before 4.7 are affected, so this includes Ubuntu MATE if you do not run kernel version 4.7.
So either upgrade to kernel 4.7 or wait for the patches, which are for now scheduled for the next SRU (august 27th, 2016).
That particular CVE is marked as DNE (Does Not Exist). Are you sure this is the same vulnerability?
It doesn’t exist in the upstream released kernel 4.7
Upstream: released (4.7)
Ubuntu 12.04 LTS (Precise Pangolin): DNE
Ubuntu 14.04 LTS (Trusty Tahr): needed
Ubuntu Touch 15.04: DNE
Ubuntu Core 15.04: DNE
Ubuntu 16.04 LTS (Xenial Xerus): DNE
Ubuntu 16.10 (Yakkety Yak): DNE
If you run any kernel older than 4.7, this CVE affects you.
Vulnerable software and versions
+ Configuration 1
* OR
* cpe:/o:linux:linux_kernel:4.6.6 and previous versions
2 Likes
Thanks @wizd3m
Those reports are hard to read. But I think I’m starting to understand how to interpret them.