logo
DATABASE RESOURCES PRICING ABOUT US

USN-4201-1: Ruby vulnerabilities | Cloud Foundry

Description

# ## Severity Medium ## Vendor Canonical Ubuntu ## Versions Affected * Canonical Ubuntu 18.04 ## Description It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this issue to pass path matching what can lead to an unauthorized access. (CVE-2019-15845) It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could use this issue to cause a denial of service. (CVE-2019-16201) It was discovered that Ruby incorrectly handled certain HTTP headers. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-16254) It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-16255) CVEs contained in this USN include: CVE-2019-15845, CVE-2019-16201, CVE-2019-16254, CVE-2019-16255 ## Affected Cloud Foundry Products and Versions _Severity is medium unless otherwise noted._ * All versions of Cloud Foundry cflinuxfs3 prior to 0.148.0 ## Mitigation Users of affected products are strongly encouraged to follow one of the mitigations below: * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs3 version 0.148.0 or later. ## References * [USN-4201-1](<https://usn.ubuntu.com/4201-1>) * [CVE-2019-15845](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15845>) * [CVE-2019-16201](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16201>) * [CVE-2019-16254](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16254>) * [CVE-2019-16255](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16255>)


Related