Oval Definition:oval:com.ubuntu.cosmic:def:2017116710000000
Revision Date:2017-07-26Version:1
Title:CVE-2017-11671 on Ubuntu 18.10 (cosmic) - low.
Description:Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2017-11671
Platform(s):Ubuntu 18.10
Product(s):
Definition Synopsis
  • Ubuntu 18.10 (cosmic) is installed.
  • AND Package Information
  • gcc-3.3: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life').
  • OR gcc-4.8: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life').
  • OR gcc-5 package in cosmic, is related to the CVE in some way and has been fixed (note: '5.5.0-12ubuntu1').
  • OR gcc-5-cross package in cosmic, is related to the CVE in some way and has been fixed (note: '33ubuntu2').
  • OR gcc-6 package in cosmic, is related to the CVE in some way and has been fixed (note: '6.4.0-17ubuntu1').
  • OR gcc-6-cross package in cosmic, is related to the CVE in some way and has been fixed (note: '30ubuntu3').
  • OR gcc-6-cross-ports package in cosmic, is related to the CVE in some way and has been fixed (note: '28ubuntu3').
  • OR gcc-7 package in cosmic, is related to the CVE in some way and has been fixed (note: '7.3.0-16ubuntu3').
  • OR gcc-7-cross package in cosmic, is related to the CVE in some way and has been fixed (note: '20ubuntu4').
  • OR gcc-7-cross-ports package in cosmic, is related to the CVE in some way and has been fixed (note: '20ubuntu4').
  • OR gcc-arm-none-eabi: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life').
  • OR gcc-avr: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life').
  • OR gcc-defaults: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life').
  • OR gcc-h8300-hms: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life').
  • OR gcc-m68hc1x: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life').
  • OR gcc-mingw-w64: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life').
  • OR gcc-msp430: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life').
  • OR gcc-snapshot package in cosmic, is related to the CVE in some way and has been fixed (note: '1:20180425-1ubuntu1').
    • BACK