Oval Definition:oval:com.ubuntu.bionic:def:2019159030000000
Revision Date:2019-09-04Version:1
Title:CVE-2019-15903 on Ubuntu 18.04 LTS (bionic) - medium.
Description:In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2019-15903
Platform(s):Ubuntu 18.04 LTS
Product(s):
Definition Synopsis
  • Ubuntu 18.04 LTS (bionic) is installed.
  • AND Package Information
  • apache2: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'code-not-compiled').
  • OR apr-util: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'code-not-compiled').
  • OR cadaver package in bionic is affected and may need fixing.
  • OR chromium-browser package in bionic was vulnerable but has been fixed (note: '78.0.3904.70-0ubuntu0.18.04.2').
  • OR cmake: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'code-not-compiled').
  • OR coin3 package in bionic is affected and needs fixing.
  • OR expat package in bionic was vulnerable but has been fixed (note: '2.2.5-3ubuntu0.2').
  • OR firefox package in bionic was vulnerable but has been fixed (note: '70.0+build2-0ubuntu0.18.04.1').
  • OR ghostscript: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'code-not-compiled').
  • OR insighttoolkit4 package in bionic is affected and may need fixing.
  • OR matanza package in bionic is affected and may need fixing.
  • OR sitecopy package in bionic is affected and may need fixing.
  • OR smart: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'code-not-compiled').
  • OR swish-e package in bionic is affected and may need fixing.
  • OR tdom package in bionic is affected and may need fixing.
  • OR texlive-bin: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'code-not-compiled').
  • OR thunderbird package in bionic was vulnerable but has been fixed (note: '1:68.2.1+build1-0ubuntu0.18.04.1').
  • OR vnc4 package in bionic is affected and needs fixing.
  • OR wbxml2 package in bionic is affected and may need fixing.
  • OR xmlrpc-c package in bionic is affected and needs fixing.
  • OR xotcl package in bionic is affected and may need fixing.
    • BACK