Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cloudfoundryCloud FoundryCFOUNDRY:B5E740952DB37A265609D7340482ED2C
HistoryJan 07, 2016 - 12:00 a.m.

USN-2829-1 Linux kernel vulnerability | Cloud Foundry

2016-01-0700:00:00
Cloud Foundry
www.cloudfoundry.org
28

4.7 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

0.0005 Low

EPSS

Percentile

15.6%

JSON

USN-2829-1 Linux kernel vulnerability

Medium

Vendor

Linux kernel

Versions Affected

  • Ubuntu 14.04

Description

It was discovered that the SCTP protocol implementation in the Linux kernel performed an incorrect sequence of protocol-initialization steps. A local attacker could use this to cause a denial of service (system crash). (CVE-2015-5283)

Dmitry Vyukov discovered that the Linux kernelโ€™s keyring handler attempted to garbage collect incompletely instantiated keys. A local unprivileged attacker could use this to cause a denial of service (system crash). (CVE-2015-7872)

The Cloud Foundry project released a BOSH stemcell version 3146.1 and 3149 that has the patched version of the Linux kernel.

Affected Products and Versions

_Severity is medium unless otherwise noted.
_

  • All versions of Cloud Foundry BOSH stemcells prior to 3149 are vulnerable, besides patched versions of 3146.x.

Mitigation

Users of affected versions should apply the following mitigation:

  • The Cloud Foundry project recommends that Cloud Foundry deployments run with BOSH stemcells 3149 or later versions, or patched 3146.x versions.

Credit

Dmitry Vyukov

References

Related

nessus 49
ubuntu 11
openvas 45
ubuntucve 2
f5 4
debiancve 2
prion 2
cve 2
amazon 1
oraclelinux 6
redhat 6
suse 21
veracode 1
centos 3
debian 4
osv 2
ibm 1
mageia 3
androidsecurity 1
nessus
nessus
Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2826-1)
2015-12-04 00:00:00
Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-2823-1)
2015-12-02 00:00:00
Ubuntu 14.04 LTS : Linux kernel (Vivid HWE) vulnerabilities (USN-2829-2)
2015-12-07 00:00:00
ubuntu
ubuntu
Linux kernel (Vivid HWE) vulnerabilities
2015-12-04 00:00:00
Linux kernel vulnerabilities
2015-12-04 00:00:00
Linux kernel (Trusty HWE) vulnerabilities
2015-12-03 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-2829-2)
2015-12-05 00:00:00
Ubuntu: Security Advisory (USN-2826-1)
2015-12-04 00:00:00
Ubuntu: Security Advisory (USN-2823-1)
2015-12-02 00:00:00
ubuntucve
ubuntucve
CVE-2015-5283
2015-10-19 00:00:00
CVE-2015-7872
2015-11-16 00:00:00
f5
f5
SOL37510383 - Linux kernel SCTP vulnerability CVE-2015-5283
2016-01-28 00:00:00
K37510383 : Linux kernel SCTP vulnerability CVE-2015-5283
2016-01-28 00:00:00
K94105604 : Linux kernel vulnerability CVE-2015-7872
2016-01-13 00:00:00
debiancve
debiancve
CVE-2015-7872
2015-11-16 11:59:00
CVE-2015-5283
2015-10-19 10:59:00
prion
prion
Memory corruption
2015-10-19 10:59:00
Command injection
2015-11-16 11:59:00
cve
cve
CVE-2015-5283
2015-10-19 10:59:00
CVE-2015-7872
2015-11-16 11:59:00
amazon
amazon
Medium: kernel
2015-11-23 13:41:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2015-11-27 00:00:00
Unbreakable Enterprise kernel security update
2016-01-08 00:00:00
kernel security and bug fix update
2016-02-16 00:00:00
redhat
redhat
(RHSA-2016:0224) Important: kernel-rt security, bug fix, and enhancement update
2016-02-16 00:00:00
(RHSA-2016:0185) Important: kernel security and bug fix update
2016-02-16 10:28:15
(RHSA-2016:0212) Important: kernel-rt security, bug fix, and enhancement update
2016-02-16 10:28:21
suse
suse
Security update for the Linux Kernel (important)
2015-10-29 17:52:39
Security update for the Linux Kernel (important)
2015-12-04 14:10:52
Security update for kernel live patch 4 (important)
2016-02-08 18:13:14
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:24:43
centos
centos
kernel, perf, python security update
2016-02-17 03:38:06
kernel, perf, python security update
2015-12-16 00:07:51
kernel, perf, python security update
2015-11-30 19:36:22
debian
debian
[SECURITY] [DSA 3372-1] linux security update
2015-10-13 09:55:29
[SECURITY] [DSA 3372-1] linux security update
2015-10-13 09:55:29
[SECURITY] [DSA 3396-1] linux security update
2015-11-10 08:08:51
osv
osv
linux - security update
2015-10-13 00:00:00
linux - security update
2015-11-10 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM
2018-06-18 01:33:24
mageia
mageia
Updated kernel packages fix security vulnerabilities
2016-01-11 13:44:41
Updated kernel-linus packages fix security vulnerabilities
2016-01-14 04:44:39
Updated kernel-tmb packages provides 4.1 longterm kernel and fixes security issues
2016-01-14 04:44:39
androidsecurity
androidsecurity
Android Security Bulletinโ€”December 2016
2016-12-05 00:00:00

4.7 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

0.0005 Low

EPSS

Percentile

15.6%

JSON
Related for CFOUNDRY:B5E740952DB37A265609D7340482ED2C
nessus49ubuntu11openvas45ubuntucve2f54debiancve2prion2cve2amazon1oraclelinux6redhat6suse21veracode1centos3debian4osv2ibm1mageia3androidsecurity1