OVAL Reference oval:com.ubuntu.bionic:def:20164472000

Oval Definition:

oval:com.ubuntu.bionic:def:20164472000

Revision Date:	2016-06-30	Version:	1
Title:	CVE-2016-4472 on Ubuntu 18.04 LTS (bionic) - medium.
Description:	The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2016-4472
Platform(s):	Ubuntu 18.04 LTS	Product(s):
Definition Synopsis
Ubuntu 18.04 LTS (bionic) is installed. AND Package Information NOT While related to the CVE in some way, the 'audacity' package in bionic is not affected (note: 'uses system expat'). OR The 'cadaver' package in bionic is affected and needs fixing. OR The 'coin3' package in bionic is affected and needs fixing. OR NOT While related to the CVE in some way, the 'expat' package in bionic is not affected (note: '2.1.1-1ubuntu1'). OR NOT While related to the CVE in some way, the 'gdcm' package in bionic is not affected (note: 'uses system expat'). OR The 'matanza' package in bionic is affected and needs fixing. OR NOT While related to the CVE in some way, the 'paraview' package in bionic is not affected (note: 'uses system expat'). OR NOT While related to the CVE in some way, the 'poco' package in bionic is not affected (note: 'uses system expat'). OR NOT While related to the CVE in some way, the 'simgear' package in bionic is not affected (note: 'uses system expat'). OR The 'sitecopy' package in bionic is affected and needs fixing. OR While related to the CVE in some way, a decision has been made to ignore it (note: 'code-not-compiled'). OR The 'swish-e' package in bionic is affected and needs fixing. OR NOT While related to the CVE in some way, the 'tdom' package in bionic is not affected. OR NOT While related to the CVE in some way, the 'tla' package in bionic is not affected (note: '1.3.5+dfsg-15'). OR While related to the CVE in some way, a decision has been made to ignore it. OR The 'wbxml2' package in bionic is affected and needs fixing. OR The 'xmlrpc-c' package in bionic is affected and needs fixing. OR The 'xotcl' package in bionic is affected and needs fixing.

BACK