OVAL Reference oval:com.ubuntu.trusty:def:20155276000

Oval Definition:

oval:com.ubuntu.trusty:def:20155276000

Revision Date:	2015-11-17	Version:	1
Title:	CVE-2015-5276 on Ubuntu 14.04 LTS (trusty) - low.
Description:	The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2015-5276
Platform(s):	Ubuntu 14.04 LTS	Product(s):
Definition Synopsis
Ubuntu 14.04 LTS (trusty) is installed. AND Package Information NOT While related to the CVE in some way, the 'gcc-3.3' package in trusty is not affected. OR The 'gcc-4.4' package in trusty is affected and needs fixing. OR The 'gcc-4.6' package in trusty is affected and needs fixing. OR The 'gcc-4.7' package in trusty is affected and needs fixing. OR The 'gcc-4.7-armel-cross' package in trusty is affected and needs fixing. OR The 'gcc-4.7-armhf-cross' package in trusty is affected and needs fixing. OR The 'gcc-4.8' package in trusty is affected and needs fixing. OR The 'gcc-4.8-arm64-cross' package in trusty is affected and needs fixing. OR The 'gcc-4.8-armhf-cross' package in trusty is affected and needs fixing. OR The 'gcc-4.8-powerpc-cross' package in trusty is affected and needs fixing. OR The 'gcc-4.8-ppc64el-cross' package in trusty is affected and needs fixing. OR The 'gcc-arm-linux-androideabi' package in trusty is affected and needs fixing. OR The 'gcc-arm-none-eabi' package in trusty is affected and needs fixing. OR The 'gcc-avr' package in trusty is affected and needs fixing. OR NOT While related to the CVE in some way, the 'gcc-defaults' package in trusty is not affected. OR NOT While related to the CVE in some way, the 'gcc-defaults-arm64-cross' package in trusty is not affected. OR NOT While related to the CVE in some way, the 'gcc-defaults-armel-cross' package in trusty is not affected. OR NOT While related to the CVE in some way, the 'gcc-defaults-armhf-cross' package in trusty is not affected. OR NOT While related to the CVE in some way, the 'gcc-defaults-powerpc-cross' package in trusty is not affected. OR NOT While related to the CVE in some way, the 'gcc-defaults-ppc64el-cross' package in trusty is not affected. OR NOT While related to the CVE in some way, the 'gcc-h8300-hms' package in trusty is not affected (note: 'std::random_device not present'). OR The 'gcc-i686-linux-android' package in trusty is affected and needs fixing. OR NOT While related to the CVE in some way, the 'gcc-m68hc1x' package in trusty is not affected (note: 'std::random_device not present'). OR The 'gcc-mingw-w64' package in trusty is affected and needs fixing. OR The 'gcc-msp430' package in trusty is affected and needs fixing. OR The 'gcc-opt' package in trusty is affected and needs fixing. OR The 'gcc-snapshot' package in trusty is affected and needs fixing. OR NOT While related to the CVE in some way, the 'gccgo-4.9' package in trusty is not affected (note: 'vulnerable code is built but libgo doesn't use it'). OR NOT While related to the CVE in some way, the 'gccgo-go' package in trusty is not affected.

BACK