OVAL Reference oval:com.ubuntu.xenial:def:20155276000

Oval Definition:

oval:com.ubuntu.xenial:def:20155276000

Revision Date:	2015-11-17	Version:	1
Title:	CVE-2015-5276 on Ubuntu 16.04 LTS (xenial) - low.
Description:	The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2015-5276
Platform(s):	Ubuntu 16.04 LTS	Product(s):
Definition Synopsis
Ubuntu 16.04 LTS (xenial) is installed. AND Package Information NOT While related to the CVE in some way, the 'gcc-3.3' package in xenial is not affected (note: 'std::random_device not present'). OR The 'gcc-4.7' package in xenial is affected and needs fixing. OR The 'gcc-4.7-armel-cross' package in xenial is affected and needs fixing. OR The 'gcc-4.7-armhf-cross' package in xenial is affected and needs fixing. OR The 'gcc-4.8' package in xenial is affected and needs fixing. OR The 'gcc-4.8-arm64-cross' package in xenial is affected and needs fixing. OR The 'gcc-4.8-armhf-cross' package in xenial is affected and needs fixing. OR The 'gcc-4.8-powerpc-cross' package in xenial is affected and needs fixing. OR The 'gcc-4.8-ppc64el-cross' package in xenial is affected and needs fixing. OR NOT While related to the CVE in some way, the 'gcc-4.9' package in xenial is not affected (note: '4.9.3-13ubuntu2'). OR NOT While related to the CVE in some way, the 'gcc-5' package in xenial is not affected (note: '5.3.1-14ubuntu2.1'). OR The 'gcc-arm-linux-androideabi' package in xenial is affected and needs fixing. OR The 'gcc-arm-none-eabi' package in xenial is affected and needs fixing. OR The 'gcc-avr' package in xenial is affected and needs fixing. OR NOT While related to the CVE in some way, the 'gcc-defaults' package in xenial is not affected. OR NOT While related to the CVE in some way, the 'gcc-h8300-hms' package in xenial is not affected (note: 'std::random_device not present'). OR The 'gcc-i686-linux-android' package in xenial is affected and needs fixing. OR NOT While related to the CVE in some way, the 'gcc-m68hc1x' package in xenial is not affected (note: 'std::random_device not present'). OR NOT While related to the CVE in some way, the 'gcc-mingw-w64' package in xenial is not affected (note: '17'). OR The 'gcc-msp430' package in xenial is affected and needs fixing. OR The 'gcc-opt' package in xenial is affected and needs fixing. OR NOT While related to the CVE in some way, the 'gcc-snapshot' package in xenial is not affected (note: '20151011-0ubuntu1').

BACK