Severity

Medium

Vendor

Canonical Ubuntu

Versions Affected

• Canonical Ubuntu 14.04

Description

It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.

Affected Cloud Foundry Products and Versions

Severity is medium unless otherwise noted.

• All versions of Cloud Foundry cflinuxfs2 prior to 1.125.0

Mitigation

OSS users are strongly encouraged to follow one of the mitigations below:

• The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.125.0 or later.

References

• USN-3302-1
• CVE-2017-7606
• CVE-2017-7619
• CVE-2017-7941
• CVE-2017-7942
• CVE-2017-7943
• CVE-2017-8343
• CVE-2017-8344
• CVE-2017-8345
• CVE-2017-8346
• CVE-2017-8347
• CVE-2017-8348
• CVE-2017-8349
• CVE-2017-8350
• CVE-2017-8351
• CVE-2017-8352
• CVE-2017-8353
• CVE-2017-8354
• CVE-2017-8355
• CVE-2017-8356
• CVE-2017-8357
• CVE-2017-8765
• CVE-2017-8830
• CVE-2017-9098
• CVE-2017-9141
• CVE-2017-9142
• CVE-2017-9143
• CVE-2017-9144