OVAL Reference oval:com.ubuntu.cosmic:def:20121148000

Oval Definition:

oval:com.ubuntu.cosmic:def:20121148000

Revision Date:	2012-07-03	Version:	1
Title:	CVE-2012-1148 on Ubuntu 18.10 (cosmic) - low.
Description:	Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities.
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2012-1148
Platform(s):	Ubuntu 18.10	Product(s):
Definition Synopsis
Ubuntu 18.10 (cosmic) is installed. AND Package Information While related to the CVE in some way, a decision has been made to ignore it (note: 'code-not-compiled'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'code-not-compiled'). OR NOT While related to the CVE in some way, the 'audacity' package in cosmic is not affected (note: 'uses system expat'). OR The 'cadaver' package in cosmic is affected and needs fixing. OR While related to the CVE in some way, a decision has been made to ignore it (note: 'code-not-compiled'). OR The 'coin3' package in cosmic is affected and needs fixing. OR NOT While related to the CVE in some way, the 'expat' package in cosmic is not affected (note: '2.1.0-1'). OR NOT While related to the CVE in some way, the 'gdcm' package in cosmic is not affected (note: 'uses system expat'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'code-not-compiled'). OR The 'matanza' package in cosmic is affected and needs fixing. OR NOT While related to the CVE in some way, the 'paraview' package in cosmic is not affected (note: 'uses system expat'). OR NOT While related to the CVE in some way, the 'poco' package in cosmic is not affected (note: 'uses system expat'). OR NOT While related to the CVE in some way, the 'simgear' package in cosmic is not affected (note: 'uses system expat'). OR The 'sitecopy' package in cosmic is affected and needs fixing. OR While related to the CVE in some way, a decision has been made to ignore it (note: 'code-not-compiled'). OR The 'swish-e' package in cosmic is affected and needs fixing. OR NOT While related to the CVE in some way, the 'tdom' package in cosmic is not affected. OR While related to the CVE in some way, a decision has been made to ignore it (note: 'code-not-compiled'). OR NOT While related to the CVE in some way, the 'tla' package in cosmic is not affected (note: '1.3.5+dfsg-15'). OR While related to the CVE in some way, a decision has been made to ignore it. OR The 'wbxml2' package in cosmic is affected and needs fixing. OR The 'xmlrpc-c' package in cosmic was vulnerable but has been fixed (note: '1.16.33-3.1ubuntu6'). OR The 'xotcl' package in cosmic is affected and needs fixing.

BACK