Oval Definition:oval:com.ubuntu.precise:def:20131664000
Revision Date:2013-04-02Version:1
Title:CVE-2013-1664 on Ubuntu 12.04 LTS (precise) - medium.
Description:The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2013-1664
Platform(s):Ubuntu 12.04 LTS
Product(s):
Definition Synopsis
  • Ubuntu 12.04 LTS (precise) is installed.
  • AND Package Information
  • The 'keystone' package in precise was vulnerable but has been fixed (note: '2012.1+stable~20120824-a16a0ab9-0ubuntu2.5').
  • OR The 'nova' package in precise was vulnerable but has been fixed (note: '2012.1.3+stable-20120827-4d2a4afe-0ubuntu1.2').
  • OR The 'python-django' package in precise was vulnerable but has been fixed (note: '1.3.1-4ubuntu1.6').
  • OR NOT While related to the CVE in some way, the 'quantum' package in precise is not affected (note: 'code-not-present').
    • BACK