USN-3513-1: libxml2 vulnerability | Cloud Foundry


# # Severity Medium # Vendor Canonical Ubuntu # Versions Affected * Canonical Ubuntu 14.04 # Description It was discovered that libxml2 incorrecty handled certain files. An attacker could use this issue with specially constructed XML data to cause libxml2 to consume resources, leading to a denial of service. # Affected Cloud Foundry Products and Versions _Severity is medium unless otherwise noted._ * Cloud Foundry BOSH stemcells are vulnerable, including: * 3312.x versions prior to 3312.50 * 3363.x versions prior to 3363.45 * 3421.x versions prior to 3421.35 * 3445.x versions prior to 3445.21 * 3468.x versions prior to 3468.15 * All other stemcells not listed. * All versions of Cloud Foundry cflinuxfs2 prior to 1.176.0 # Mitigation OSS users are strongly encouraged to follow one of the mitigations below: * The Cloud Foundry project recommends upgrading the following BOSH stemcells: * Upgrade 3312.x versions to 3312.50 * Upgrade 3363.x versions to 3363.45 * Upgrade 3421.x versions to 3421.35 * Upgrade 3445.x versions to 3445.21 * Upgrade 3468.x versions to 3468.15 * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io>). * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.176.0 or later. # References * [USN-3513-1](<http://www.ubuntu.com/usn/usn-3513-1/>) * [CVE-2017-15412](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-15412>)