Lucene search

K
cloudfoundryCloud FoundryCFOUNDRY:3A7A092EC0FB5C0D4211DE77DD6E9EC9
HistorySep 30, 2019 - 12:00 a.m.

USN-4120-2: systemd regression | Cloud Foundry

2019-09-3000:00:00
Cloud Foundry
www.cloudfoundry.org
10

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

3.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

28.3%

Severity

Medium

Vendor

Canonical Ubuntu

Versions Affected

  • Canonical Ubuntu 18.04

Description

USN-4120-1 fixed a vulnerability in systemd. The update included a recent SRU from the updates pocket that introduced networking problems for some users. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that the systemd-resolved D-Bus interface did not enforce appropriate access controls. A local unprivileged user could exploit this to modify a system’s DNS resolver settings.

CVEs contained in this USN include: CVE-2019-15718

Affected Cloud Foundry Products and Versions

Severity is medium unless otherwise noted.

  • All versions of Cloud Foundry cflinuxfs3 prior to 0.125.0

Mitigation

Users of affected products are strongly encouraged to follow one of the mitigations below:

  • The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs3 version 0.125.0 or later.

References

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

3.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

28.3%

Related for CFOUNDRY:3A7A092EC0FB5C0D4211DE77DD6E9EC9