Lucene search

K
cloudfoundryCloud FoundryCFOUNDRY:B107C8F788C2DEC31A2BBBE02184011C
HistoryDec 07, 2022 - 12:00 a.m.

USN-5718-1: pixman vulnerability | Cloud Foundry

2022-12-0700:00:00
Cloud Foundry
www.cloudfoundry.org
7
pixman library
canonical ubuntu
cloud foundry
vulnerability
denial of service
arbitrary code
update instructions
cve-2022-44638
cflinuxfs3
cf deployment
mitigation
references

EPSS

0.003

Percentile

71.9%

Severity

Medium

Vendor

Canonical Ubuntu

Versions Affected

  • Canonical Ubuntu 18.04

Description

Maddie Stone discovered that pixman incorrectly handled certain memory operations. A remote attacker could use this issue to cause pixman to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run sudo pro fix USN-5718-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpixman-1-0 – 0.34.0-2ubuntu0.1 libpixman-1-dev – 0.34.0-2ubuntu0.1 No subscription required

CVEs contained in this USN include: CVE-2022-44638.

Affected Cloud Foundry Products and Versions

Severity is medium unless otherwise noted.

  • cflinuxfs3
    • All versions prior to 0.333.0
  • CF Deployment
    • All versions prior to 23.3.0

Mitigation

Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:

  • cflinuxfs3
    • Upgrade all versions to 0.333.0 or greater
  • CF Deployment
    • Upgrade all versions to 23.3.0 or greater

References

History

2022-12-07: Initial vulnerability report published.