OVAL Reference oval:com.ubuntu.trusty:def:20126702000

Oval Definition:

oval:com.ubuntu.trusty:def:20126702000

Revision Date:	2016-06-16	Version:	1
Title:	CVE-2012-6702 on Ubuntu 14.04 LTS (trusty) - medium.
Description:	Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2012-6702
Platform(s):	Ubuntu 14.04 LTS	Product(s):
Definition Synopsis
Ubuntu 14.04 LTS (trusty) is installed. AND Package Information While related to the CVE in some way, a decision has been made to ignore it (note: 'code-not-compiled'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'code-not-compiled'). OR NOT While related to the CVE in some way, the 'audacity' package in trusty is not affected (note: 'uses system expat'). OR NOT While related to the CVE in some way, the 'ayttm' package in trusty is not affected (note: 'code not present'). OR NOT While related to the CVE in some way, the 'cableswig' package in trusty is not affected (note: 'code not present'). OR NOT While related to the CVE in some way, the 'cadaver' package in trusty is not affected (note: 'code not present'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'code-not-compiled'). OR NOT While related to the CVE in some way, the 'coin3' package in trusty is not affected (note: 'code not present'). OR The 'expat' package in trusty was vulnerable but has been fixed (note: '2.1.0-4ubuntu1.3'). OR NOT While related to the CVE in some way, the 'gdcm' package in trusty is not affected (note: 'uses system expat'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'code-not-compiled'). OR The 'insighttoolkit' package in trusty is affected and needs fixing. OR NOT While related to the CVE in some way, the 'matanza' package in trusty is not affected (note: 'code not present'). OR NOT While related to the CVE in some way, the 'paraview' package in trusty is not affected (note: 'uses system expat'). OR NOT While related to the CVE in some way, the 'poco' package in trusty is not affected (note: 'uses system expat'). OR NOT While related to the CVE in some way, the 'simgear' package in trusty is not affected (note: 'uses system expat'). OR NOT While related to the CVE in some way, the 'sitecopy' package in trusty is not affected (note: 'code not present'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'code-not-compiled'). OR NOT While related to the CVE in some way, the 'swish-e' package in trusty is not affected (note: 'code not present'). OR NOT While related to the CVE in some way, the 'tdom' package in trusty is not affected (note: 'code not present'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'code-not-compiled'). OR NOT While related to the CVE in some way, the 'tla' package in trusty is not affected (note: '1.3.5+dfsg-15'). OR While related to the CVE in some way, a decision has been made to ignore it. OR NOT While related to the CVE in some way, the 'vtk' package in trusty is not affected (note: 'uses system expat'). OR NOT While related to the CVE in some way, the 'wbxml2' package in trusty is not affected (note: 'code not present'). OR NOT While related to the CVE in some way, the 'wxwidgets2.8' package in trusty is not affected (note: 'uses system expat'). OR The 'xmlrpc-c' package in trusty is affected and needs fixing. OR NOT While related to the CVE in some way, the 'xotcl' package in trusty is not affected (note: 'code not present').

BACK