OVAL Reference oval:com.ubuntu.trusty:def:20173731000

Oval Definition:

oval:com.ubuntu.trusty:def:20173731000

Revision Date:	2017-05-04	Version:	1
Title:	CVE-2017-3731 on Ubuntu 14.04 LTS (trusty) - medium.
Description:	If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2017-3731
Platform(s):	Ubuntu 14.04 LTS	Product(s):
Definition Synopsis
Ubuntu 14.04 LTS (trusty) is installed. AND Package Information The 'openssl' package in trusty was vulnerable but has been fixed (note: '1.0.1f-1ubuntu2.22'). OR The vulnerability of the 'openssl098' package in trusty is not known (status: 'needs-triage'). It is pending evaluation.