OVAL Reference oval:com.ubuntu.trusty:def:20164472000

Oval Definition:

oval:com.ubuntu.trusty:def:20164472000

Revision Date:	2016-06-30	Version:	1
Title:	CVE-2016-4472 on Ubuntu 14.04 LTS (trusty) - medium.
Description:	The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2016-4472
Platform(s):	Ubuntu 14.04 LTS	Product(s):
Definition Synopsis
Ubuntu 14.04 LTS (trusty) is installed. AND Package Information NOT While related to the CVE in some way, the 'audacity' package in trusty is not affected (note: 'uses system expat'). OR The 'ayttm' package in trusty is affected and needs fixing. OR The 'cableswig' package in trusty is affected and needs fixing. OR The 'cadaver' package in trusty is affected and needs fixing. OR The 'coin3' package in trusty is affected and needs fixing. OR NOT While related to the CVE in some way, the 'expat' package in trusty is not affected (note: '2.1.0-4ubuntu1.2'). OR NOT While related to the CVE in some way, the 'gdcm' package in trusty is not affected (note: 'uses system expat'). OR The 'insighttoolkit' package in trusty is affected and needs fixing. OR The 'matanza' package in trusty is affected and needs fixing. OR NOT While related to the CVE in some way, the 'paraview' package in trusty is not affected (note: 'uses system expat'). OR NOT While related to the CVE in some way, the 'poco' package in trusty is not affected (note: 'uses system expat'). OR NOT While related to the CVE in some way, the 'simgear' package in trusty is not affected (note: 'uses system expat'). OR The 'sitecopy' package in trusty is affected and needs fixing. OR While related to the CVE in some way, a decision has been made to ignore it (note: 'code-not-compiled'). OR The 'swish-e' package in trusty is affected and needs fixing. OR The 'tdom' package in trusty is affected and needs fixing. OR NOT While related to the CVE in some way, the 'tla' package in trusty is not affected (note: '1.3.5+dfsg-15'). OR While related to the CVE in some way, a decision has been made to ignore it. OR NOT While related to the CVE in some way, the 'vtk' package in trusty is not affected (note: 'uses system expat'). OR The 'wbxml2' package in trusty is affected and needs fixing. OR NOT While related to the CVE in some way, the 'wxwidgets2.8' package in trusty is not affected (note: 'uses system expat'). OR The 'xmlrpc-c' package in trusty is affected and needs fixing. OR The 'xotcl' package in trusty is affected and needs fixing.

BACK