OVAL Reference oval:com.ubuntu.trusty:def:20179233000

Oval Definition:

oval:com.ubuntu.trusty:def:20179233000

Revision Date:	2017-07-25	Version:	1
Title:	CVE-2017-9233 on Ubuntu 14.04 LTS (trusty) - medium.
Description:	XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2017-9233
Platform(s):	Ubuntu 14.04 LTS	Product(s):
Definition Synopsis
Ubuntu 14.04 LTS (trusty) is installed. AND Package Information While related to the CVE in some way, a decision has been made to ignore it (note: 'code-not-compiled'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'code-not-compiled'). OR NOT While related to the CVE in some way, the 'audacity' package in trusty is not affected (note: 'uses system expat'). OR The vulnerability of the 'ayttm' package in trusty is not known (status: 'needs-triage'). It is pending evaluation. OR The vulnerability of the 'cableswig' package in trusty is not known (status: 'needs-triage'). It is pending evaluation. OR The vulnerability of the 'cadaver' package in trusty is not known (status: 'needs-triage'). It is pending evaluation. OR While related to the CVE in some way, a decision has been made to ignore it (note: 'code-not-compiled'). OR The vulnerability of the 'coin3' package in trusty is not known (status: 'needs-triage'). It is pending evaluation. OR The 'expat' package in trusty was vulnerable but has been fixed (note: '2.1.0-4ubuntu1.4'). OR The vulnerability of the 'firefox' package in trusty is not known (status: 'needs-triage'). It is pending evaluation. OR NOT While related to the CVE in some way, the 'gdcm' package in trusty is not affected (note: 'uses system expat'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'code-not-compiled'). OR The vulnerability of the 'insighttoolkit' package in trusty is not known (status: 'needs-triage'). It is pending evaluation. OR The vulnerability of the 'insighttoolkit4' package in trusty is not known (status: 'needs-triage'). It is pending evaluation. OR The vulnerability of the 'matanza' package in trusty is not known (status: 'needs-triage'). It is pending evaluation. OR NOT While related to the CVE in some way, the 'paraview' package in trusty is not affected (note: 'uses system expat'). OR NOT While related to the CVE in some way, the 'poco' package in trusty is not affected (note: 'uses system expat'). OR NOT While related to the CVE in some way, the 'simgear' package in trusty is not affected (note: 'uses system expat'). OR The vulnerability of the 'sitecopy' package in trusty is not known (status: 'needs-triage'). It is pending evaluation. OR While related to the CVE in some way, a decision has been made to ignore it (note: 'code-not-compiled'). OR The vulnerability of the 'swish-e' package in trusty is not known (status: 'needs-triage'). It is pending evaluation. OR The vulnerability of the 'tdom' package in trusty is not known (status: 'needs-triage'). It is pending evaluation. OR While related to the CVE in some way, a decision has been made to ignore it (note: 'code-not-compiled'). OR While related to the CVE in some way, a decision has been made to ignore it. OR The vulnerability of the 'tla' package in trusty is not known (status: 'needs-triage'). It is pending evaluation. OR While related to the CVE in some way, a decision has been made to ignore it. OR NOT While related to the CVE in some way, the 'vtk' package in trusty is not affected (note: 'uses system expat'). OR The vulnerability of the 'wbxml2' package in trusty is not known (status: 'needs-triage'). It is pending evaluation. OR NOT While related to the CVE in some way, the 'wxwidgets2.8' package in trusty is not affected (note: 'uses system expat'). OR The vulnerability of the 'xmlrpc-c' package in trusty is not known (status: 'needs-triage'). It is pending evaluation. OR NOT While related to the CVE in some way, the 'xotcl' package in trusty is not affected (note: 'uses system expat').

BACK