OVAL Reference oval:com.ubuntu.trusty:def:20134736000

Oval Definition:

oval:com.ubuntu.trusty:def:20134736000

Revision Date:	2014-02-10	Version:	1
Title:	CVE-2013-4736 on Ubuntu 14.04 LTS (trusty) - low.
Description:	Multiple integer overflows in the JPEG engine drivers in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service (system crash) via a large number of commands in an ioctl call, related to (1) camera_v1/gemini/msm_gemini_sync.c, (2) camera_v2/gemini/msm_gemini_sync.c, (3) camera_v2/jpeg_10/msm_jpeg_sync.c, (4) gemini/msm_gemini_sync.c, (5) jpeg_10/msm_jpeg_sync.c, and (6) mercury/msm_mercury_sync.c.
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2013-4736
Platform(s):	Ubuntu 14.04 LTS	Product(s):
Definition Synopsis
Ubuntu 14.04 LTS (trusty) is installed. AND Package Information NOT While related to the CVE in some way, the 'linux' package in trusty is not affected. OR NOT While related to the CVE in some way, the 'linux-aws' package in trusty is not affected. OR While related to the CVE in some way, a decision has been made to ignore it (note: 'was needed now end-of-life'). OR NOT While related to the CVE in some way, the 'linux-goldfish' package in trusty is not affected. OR NOT While related to the CVE in some way, the 'linux-grouper' package in trusty is not affected. OR NOT While related to the CVE in some way, the 'linux-lts-utopic' package in trusty is not affected. OR NOT While related to the CVE in some way, the 'linux-lts-vivid' package in trusty is not affected. OR NOT While related to the CVE in some way, the 'linux-lts-wily' package in trusty is not affected. OR NOT While related to the CVE in some way, the 'linux-lts-xenial' package in trusty is not affected. OR NOT While related to the CVE in some way, the 'linux-maguro' package in trusty is not affected. OR While related to the CVE in some way, a decision has been made to ignore it (note: 'was needed now end-of-life'). OR NOT While related to the CVE in some way, the 'linux-manta' package in trusty is not affected.

BACK