Reporter Cloud Foundry
USN-3128-2: Linux kernel (Xenial HWE) vulnerability
- Canonical Ubuntu 14.04 LTS
Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the
/proc/keys interface. A local attacker could use this to cause a denial of service (system crash).
Affected Cloud Foundry Products and Versions
Severity is medium unless otherwise noted.
Cloud Foundry BOSH stemcells are vulnerable, including:
- All versions prior to 3151.5
- 3233.x versions prior to 3233.6
- 3263.x versions prior to 3263.12
- 3312.x versions prior to 3312.5
- All other unmaintained versions are potentially vulnerable.
OSS users are strongly encouraged to follow one of the mitigations below:
The Cloud Foundry project recommends upgrading to the following BOSH stemcells:
- Upgrade all older versions to 3151.5 or later
- Upgrade 3233.x versions to 3233.6 or later
- Upgrade 3263.x versions to 3263.12 or later
- Upgrade 3312.x versions to 3312.5 or later
- Upgrade all other unmaintained versions to the most recent version of a maintained version line.