USN-3128-2: Linux kernel (Xenial HWE) vulnerability | Cloud Foundry


USN-3128-2: Linux kernel (Xenial HWE) vulnerability # Medium # Vendor Canonical Ubuntu # Versions Affected * Canonical Ubuntu 14.04 LTS # Description Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the `/proc/keys` interface. A local attacker could use this to cause a denial of service (system crash). # Affected Cloud Foundry Products and Versions Severity is medium unless otherwise noted. Cloud Foundry BOSH stemcells are vulnerable, including: * All versions prior to 3151.5 * 3233.x versions prior to 3233.6 * 3263.x versions prior to 3263.12 * 3312.x versions prior to 3312.5 * All other unmaintained versions are potentially vulnerable. # Mitigation OSS users are strongly encouraged to follow one of the mitigations below: The Cloud Foundry project recommends upgrading to the following BOSH stemcells: * Upgrade all older versions to 3151.5 or later * Upgrade 3233.x versions to 3233.6 or later * Upgrade 3263.x versions to 3263.12 or later * Upgrade 3312.x versions to 3312.5 or later * Upgrade all other unmaintained versions to the most recent version of a maintained version line. # Credit Ondrej Kozina # References * <https://www.ubuntu.com/usn/usn-3128-2/> * <http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7042.html> * <http://bosh.io>