logo
DATABASE RESOURCES PRICING ABOUT US

USN-3235-1: libxml2 vulnerabilities | Cloud Foundry

Description

# # Severity Medium # Vendor Canonical Ubuntu # Versions Affected * Canonical Ubuntu 14.04 # Description It was discovered that libxml2 incorrectly handled format strings. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. ([CVE-2016-4448](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-4448>)) It was discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code. ([CVE-2016-4658](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-4658>)) Nick Wellnhofer discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code. ([CVE-2016-5131](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-5131>)) # Affected Cloud Foundry Products and Versions _Severity is medium unless otherwise noted._ * Cloud Foundry BOSH stemcells are vulnerable, including: * 3151.x versions prior to 3151.14 * 3233.x versions prior to 3233.16 * 3263.x versions prior to 3263.22 * 3312.x versions prior to 3312.22 * 3363.x versions prior to 3363.14 * All other stemcells not listed. * All versions of Cloud Foundry cflinuxfs2 prior to 1.108.0 # Mitigation OSS users are strongly encouraged to follow one of the mitigations below: * The Cloud Foundry project recommends upgrading the following BOSH stemcells: * Upgrade 3151.x versions to 3151.14 or later * Upgrade 3233.x versions to 3233.16 or later * Upgrade 3263.x versions to 3263.22 or later * Upgrade 3312.x versions to 3312.22 or later * Upgrade 3363.x versions to 3363.14 or later * All other stemcells should be upgraded to the latest version. * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 versions 1.108.0 or later. # References * [USN-3235-1](<http://www.ubuntu.com/usn/usn-3235-1/>) * [CVE-2016-4448](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-4448>) * [CVE-2016-4658](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-4658>) * [CVE-2016-5131](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-5131>)


Related