Oval Definition:oval:com.ubuntu.xenial:def:2019159030000000
Revision Date:2019-09-04Version:1
Title:CVE-2019-15903 on Ubuntu 16.04 LTS (xenial) - medium.
Description:In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2019-15903
Platform(s):Ubuntu 16.04 LTS
Product(s):
Definition Synopsis
  • Ubuntu 16.04 LTS (xenial) is installed.
  • AND Package Information
  • apache2: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'code-not-compiled').
  • OR apr-util: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'code-not-compiled').
  • OR ayttm package in xenial is affected and may need fixing.
  • OR cableswig package in xenial is affected and may need fixing.
  • OR cadaver package in xenial is affected and may need fixing.
  • OR chromium-browser package in xenial was vulnerable but has been fixed (note: '78.0.3904.70-0ubuntu0.16.04.2').
  • OR cmake: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'code-not-compiled').
  • OR coin3 package in xenial is affected and needs fixing.
  • OR expat package in xenial was vulnerable but has been fixed (note: '2.1.0-7ubuntu0.16.04.5').
  • OR firefox package in xenial was vulnerable but has been fixed (note: '70.0+build2-0ubuntu0.16.04.1').
  • OR ghostscript: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'code-not-compiled').
  • OR insighttoolkit package in xenial is affected and may need fixing.
  • OR insighttoolkit4 package in xenial is affected and may need fixing.
  • OR matanza package in xenial is affected and may need fixing.
  • OR sitecopy package in xenial is affected and may need fixing.
  • OR smart: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'code-not-compiled').
  • OR swish-e package in xenial is affected and may need fixing.
  • OR tdom package in xenial is affected and may need fixing.
  • OR texlive-bin: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'code-not-compiled').
  • OR thunderbird package in xenial is affected and needs fixing.
  • OR vnc4 package in xenial is affected and needs fixing.
  • OR vtk package in xenial is affected and needs fixing.
  • OR wbxml2 package in xenial is affected and may need fixing.
  • OR xmlrpc-c package in xenial is affected and needs fixing.
  • OR xotcl package in xenial is affected and may need fixing.
    • BACK