USN-2991-1 nginx vulnerability - Cloud Foundry

2016-06-13T00:00:00
ID CFOUNDRY:596553F071DD27A4EDB0045E940B9DB3
Type cloudfoundry
Reporter Cloud Foundry
Modified 2016-06-13T00:00:00

Description

USN-2991-1 nginx vulnerability

Medium

Vendor

Nginx, Canonical Ubuntu

Versions Affected

  • BOSH-release versions prior to 255.11

Description

It was discovered that nginx incorrectly handled saving client request bodies to temporary files. A remote attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service.

Mitigation

Users of affected versions should apply the following mitigation:

  • For BOSH-only deployments, upgrade BOSH-release to version 255.11

References

  • [1] <http://bosh.io>
  • [2] <http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4450.html>