Lucene search
Cloud FoundryCFOUNDRY:894C76C0EB39D03A818F5E3BFAA0E55AHistoryJul 10, 2018 - 12:00 a.m.
USN-3689-1: Libgcrypt vulnerability | Cloud Foundry
2018-07-1000:00:00
Cloud Foundry
www.cloudfoundry.org
293
4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
31.9%
Severity
Medium
Vendor
Canonical Ubuntu
Versions Affected
- Canonical Ubuntu 14.04
Description
Affected Cloud Foundry Products and Versions
Severity is medium unless otherwise noted.
- Cloud Foundry BOSH stemcells are vulnerable, including:
- 3586.x versions prior to 3586.25
- 3541.x versions prior to 3541.35
- 3468.x versions prior to 3468.53
- 3445.x versions prior to 3445.53
- 3421.x versions prior to 3421.68
- 3363.x versions prior to 3363.67
- All other stemcells not listed.
- All versions of Cloud Foundry cflinuxfs2 prior to 1.220.0
Mitigation
OSS users are strongly encouraged to follow one of the mitigations below:
- The Cloud Foundry project recommends upgrading the following BOSH stemcells:
- Upgrade 3586.x versions to 3586.25
- Upgrade 3541.x versions to 3541.35
- Upgrade 3468.x versions to 3468.53
- Upgrade 3445.x versions to 3445.53
- Upgrade 3421.x versions to 3421.68
- Upgrade 3363.x versions to 3363.67
- All other stemcells should be upgraded to the latest version available on bosh.io.
- The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.220.0 or later.
References
Related
prion
prion
Memory corruption
2018-06-13 23:29:00
nessus
nessus
Slackware 14.2 / current : libgcrypt (SSA:2018-164-01)
2018-06-14 00:00:00
SUSE SLED12 / SLES12 Security Update : libgcrypt (SUSE-SU-2018:2089-1)
2018-07-30 00:00:00
Fedora 27 : libgcrypt (2018-6788454ab6)
2018-06-18 00:00:00
osv
osv
CVE-2018-0495
2018-06-13 23:29:00
libgcrypt20 - security update
2018-06-29 00:00:00
libgcrypt20 - security update
2018-06-17 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2018:2089-1)
2021-04-19 00:00:00
openSUSE: Security Advisory for libgcrypt (openSUSE-SU-2018:2178-1)
2018-08-04 00:00:00
openSUSE: Security Advisory for libgcrypt (openSUSE-SU-2018:2122-1)
2018-10-26 00:00:00
ubuntu
ubuntu
Libgcrypt vulnerability
2018-06-19 00:00:00
Libgcrypt vulnerability
2018-06-19 00:00:00
OpenSSL vulnerabilities
2018-06-26 00:00:00
redhatcve
redhatcve
CVE-2018-0495
2018-06-14 08:19:05
CVE-2018-12437
2018-06-15 18:20:03
slackware
slackware
[slackware-security] libgcrypt
2018-06-13 22:09:13
debian
debian
[SECURITY] [DSA 4231-1] libgcrypt20 security update
2018-06-17 18:53:17
[SECURITY] [DSA 4231-1] libgcrypt20 security update
2018-06-17 18:53:17
[SECURITY] [DLA 1405-1] libgcrypt20 security update
2018-06-29 08:04:20
ubuntucve
ubuntucve
CVE-2018-0495
2018-06-13 00:00:00
alpinelinux
alpinelinux
CVE-2018-0495
2018-06-13 23:29:00
freebsd
freebsd
libgcrypt -- side-channel attack vulnerability
2018-06-13 00:00:00
archlinux
archlinux
[ASA-201806-10] libgcrypt: private key recovery
2018-06-16 00:00:00
f5
f5
K20001553 : Libgcrypt vulnerability CVE-2018-0495
2018-09-28 00:00:00
suse
suse
Security update for libgcrypt (moderate)
2018-07-28 16:00:35
Security update for libgcrypt (moderate)
2018-08-03 21:07:44
Security update for mozilla-nspr and mozilla-nss (moderate)
2018-12-28 21:12:25
cve
cve
CVE-2018-0495
2018-06-13 23:29:00
veracode
veracode
Side-channel Attack
2019-06-03 00:25:00
fedora
fedora
[SECURITY] Fedora 27 Update: libgcrypt-1.8.3-1.fc27
2018-06-17 19:45:43
[SECURITY] Fedora 28 Update: libgcrypt-1.8.3-1.fc28
2018-06-18 16:20:42
[SECURITY] Fedora 27 Update: botan2-2.7.0-1.fc27
2018-07-11 19:32:47
debiancve
debiancve
CVE-2018-0495
2018-06-13 23:29:00
mageia
mageia
Updated libcrypt packages fix a security vulnerability
2018-07-02 01:17:47
Updated nss packages fix security vulnerability
2019-01-16 01:15:34
Updated libgcrypt packages fix security vulnerability
2018-07-01 20:17:14
oraclelinux
oraclelinux
openssl security, bug fix, and enhancement update
2018-11-05 00:00:00
openssl security update
2018-11-06 00:00:00
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2018-1.0-0182
2018-09-05 00:00:00
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2018-2.0-0091
2018-09-06 00:00:00
Critical Photon OS Security Update - PHSA-2018-0091
2018-09-06 00:00:00
redhat
redhat
(RHSA-2020:1461) Important: nss-softokn security update
2020-04-14 14:33:58
(RHSA-2020:1345) Important: nss-softokn security update
2020-04-07 08:30:50
(RHSA-2020:1267) Important: nss-softokn security update
2020-04-01 07:33:21
amazon
amazon
Medium: nss
2019-09-30 22:57:00
Medium: openssl
2018-12-05 23:20:00
Important: nss, nss-softokn, nss-util, nspr
2020-03-16 21:29:00
ibm
ibm
cloudfoundry
cloudfoundry
USN-3692-1: OpenSSL vulnerabilities | Cloud Foundry
2018-07-10 00:00:00
centos
centos
nspr, nss security update
2019-08-30 03:43:23
openssl security update
2018-11-15 18:50:49
rosalinux
rosalinux
Advisory ROSA-SA-2021-1870
2021-07-02 17:14:28
oracle
oracle
Oracle Critical Patch Update Advisory - April 2019
2019-04-16 00:00:00
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00
4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
31.9%
Related for CFOUNDRY:894C76C0EB39D03A818F5E3BFAA0E55A