OVAL Reference oval:com.ubuntu.xenial:def:201792330000000

Oval Definition:

oval:com.ubuntu.xenial:def:201792330000000

Revision Date:	2017-07-25	Version:	1
Title:	CVE-2017-9233 on Ubuntu 16.04 LTS (xenial) - medium.
Description:	XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2017-9233
Platform(s):	Ubuntu 16.04 LTS	Product(s):
Definition Synopsis
Ubuntu 16.04 LTS (xenial) is installed. AND Package Information apache2: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'code-not-compiled'). OR apr-util: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'code-not-compiled'). OR cableswig package in xenial is affected and may need fixing. OR cmake: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'code-not-compiled'). OR coin3 package in xenial is affected and needs fixing. OR expat package in xenial was vulnerable but has been fixed (note: '2.1.0-7ubuntu0.16.04.3'). OR firefox package in xenial, is related to the CVE in some way and has been fixed (note: '67.0.4+build1-0ubuntu0.16.04.1'). OR ghostscript: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'code-not-compiled'). OR insighttoolkit4 package in xenial is affected and needs fixing. OR matanza package in xenial is affected and may need fixing. OR smart: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'code-not-compiled'). OR swish-e package in xenial is affected and may need fixing. OR texlive-bin: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'code-not-compiled'). OR thunderbird package in xenial, is related to the CVE in some way and has been fixed (note: '60.7.1+build1-0ubuntu0.16.04.1'). OR vnc4: while related to the CVE in some way, a decision has been made to ignore this issue.

BACK