OVAL Reference oval:com.ubuntu.artful:def:20152305000

Oval Definition:

oval:com.ubuntu.artful:def:20152305000

Revision Date:	2015-03-30	Version:	1
Title:	CVE-2015-2305 on Ubuntu 17.10 (artful) - medium.
Description:	Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2015-2305
Platform(s):	Ubuntu 17.10	Product(s):
Definition Synopsis
Ubuntu 17.10 (artful) is installed. AND Package Information NOT While related to the CVE in some way, the 'alpine' package in artful is not affected (note: 'code not built'). OR The 'clamav' package in artful was vulnerable but has been fixed (note: '0.98.7+dfsg-0ubuntu1'). OR NOT While related to the CVE in some way, the 'cups' package in artful is not affected (note: 'code not built'). OR NOT While related to the CVE in some way, the 'efl' package in artful is not affected (note: 'code not built'). OR NOT While related to the CVE in some way, the 'haskell-regex-posix' package in artful is not affected (note: 'code not built'). OR NOT While related to the CVE in some way, the 'knews' package in artful is not affected (note: 'code not built'). OR NOT While related to the CVE in some way, the 'librcsb-core-wrapper' package in artful is not affected (note: '1.005-3'). OR The vulnerability of the 'newlib' package in artful is not known (status: 'needs-triage'). It is pending evaluation. OR The vulnerability of the 'nvi' package in artful is not known (status: 'needs-triage'). It is pending evaluation. OR NOT While related to the CVE in some way, the 'olsrd' package in artful is not affected (note: 'code not built'). OR The vulnerability of the 'openrpt' package in artful is not known (status: 'needs-triage'). It is pending evaluation. OR NOT While related to the CVE in some way, the 'ptlib' package in artful is not affected (note: 'code not built'). OR The vulnerability of the 'radare2' package in artful is not known (status: 'needs-triage'). It is pending evaluation. OR NOT While related to the CVE in some way, the 'sma' package in artful is not affected (note: 'code not built'). OR NOT While related to the CVE in some way, the 'vigor' package in artful is not affected (note: '0.016-24'). OR NOT While related to the CVE in some way, the 'vnc4' package in artful is not affected (note: 'code not built'). OR NOT While related to the CVE in some way, the 'yap' package in artful is not affected (note: '6.2.2-3'). OR NOT While related to the CVE in some way, the 'z88dk' package in artful is not affected (note: 'code not built').

BACK