Lucene search
Cloud FoundryCFOUNDRY:60AEBA5C38F655FA4D016F65102FE558HistoryNov 01, 2017 - 12:00 a.m.
USN-3434-1: Libidn vulnerability | Cloud Foundry
2017-11-0100:00:00
Cloud Foundry
www.cloudfoundry.org
26
0.006 Low
EPSS
Percentile
77.7%
Severity
Medium
Vendor
Canonical Ubuntu
Versions Affected
- Canonical Ubuntu 14.04
Description
It was discovered that Libidn incorrectly handled decoding certain digits. A remote attacker could use this issue to cause Libidn to crash, resulting in a denial of service, or possibly execute arbitrary code.
Affected Cloud Foundry Products and Versions
Severity is medium unless otherwise noted.
- Cloud Foundry BOSH stemcells are vulnerable, including:
- 3363.x versions prior to 3363.40
- 3421.x versions prior to 3421.29
- 3445.x versions prior to 3445.15
- All other stemcells not listed.
- All versions of Cloud Foundry cflinuxfs2 prior to 1.158.0
Mitigation
OSS users are strongly encouraged to follow one of the mitigations below:
- The Cloud Foundry project recommends upgrading the following BOSH stemcells:
- Upgrade 3363.x versions prior to 3363.40
- Upgrade 3421.x versions prior to 3421.29
- Upgrade 3445.x versions prior to 3445.15
- All other stemcells should be upgraded to the latest version available on bosh.io.
- The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.158.0 or later.
References
Related
openvas
openvas
Ubuntu: Security Advisory (USN-3421-1)
2018-10-26 00:00:00
Huawei EulerOS: Security Advisory for libidn (EulerOS-SA-2020-1960)
2020-09-08 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:0903-1)
2021-06-09 00:00:00
nessus
nessus
EulerOS Virtualization for ARM 64 3.0.3.0 : libidn (EulerOS-SA-2019-2337)
2019-12-03 00:00:00
SUSE SLES11 Security Update : libidn (SUSE-SU-2018:0903-1)
2018-04-10 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS : Libidn vulnerability (USN-3434-1)
2017-10-03 00:00:00
prion
prion
Integer overflow
2017-08-31 16:29:00
nvd
nvd
CVE-2017-14062
2017-08-31 16:29:00
debian
debian
[SECURITY] [DSA 3988-1] libidn2-0 security update
2017-09-30 19:18:58
[SECURITY] [DLA 1447-1] libidn security update
2018-07-27 14:16:15
[SECURITY] [DLA 1084-1] libidn security update
2017-09-02 21:41:37
osv
osv
libidn - security update
2017-09-02 00:00:00
CVE-2017-14062
2017-08-31 16:29:00
libidn2-0 - security update
2017-09-30 00:00:00
ubuntu
ubuntu
Libidn vulnerability
2017-10-23 00:00:00
Libidn2 vulnerability
2017-09-18 00:00:00
Libidn vulnerability
2017-10-02 00:00:00
ibm
ibm
ubuntucve
ubuntucve
CVE-2017-14062
2017-08-31 00:00:00
redhatcve
redhatcve
CVE-2017-14062
2017-09-01 21:48:56
cve
cve
CVE-2017-14062
2017-08-31 16:29:00
mageia
mageia
Updated libidn packages fix security vulnerability
2017-10-09 12:51:10
f5
f5
K76594024 : libidn vulnerability CVE-2017-14062
2018-09-11 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: libidn-1.34-1.fc28
2018-04-06 11:11:06
[SECURITY] Fedora 27 Update: libidn-1.34-1.fc27
2018-04-06 15:04:11
[SECURITY] Fedora 25 Update: libidn2-2.0.4-1.fc25
2017-09-03 04:25:31
debiancve
debiancve
CVE-2017-14062
2017-08-31 16:29:00
veracode
veracode
Denial Of Service (DoS) Through Integer Overflow
2018-04-25 08:07:48
cvelist
cvelist
CVE-2017-14062
2017-08-31 16:00:00
altlinux
altlinux
gentoo
gentoo
glibc: Multiple vulnerabilities
2018-04-04 00:00:00