Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cloudfoundryCloud FoundryCFOUNDRY:D6964958081B18451C45CF4BF09FA16D
HistoryMay 09, 2018 - 12:00 a.m.

USN-3624-1: Patch vulnerabilities | Cloud Foundry

2018-05-0900:00:00
Cloud Foundry
www.cloudfoundry.org
20

EPSS

0.016

Percentile

87.5%

JSON

Severity

Medium

Vendor

Canonical Ubuntu

Versions Affected

  • Canonical Ubuntu 14.04

Description

It was discovered that Patch incorrectly handled certain files. An attacker could possibly use this to cause a denial of service. (CVE-2016-10713)

It was discovered that Patch incorrectly handled certain input validation. An attacker could possibly use this to execute arbitrary code. (CVE-2018-1000156)

It was discovered that Patch incorrectly handled certain inputs. An attacker could possibly use this to cause a denial of service. (CVE-2018-6951)

Affected Cloud Foundry Products and Versions

Severity is medium unless otherwise noted.

  • Cloud Foundry BOSH stemcells are vulnerable, including:
    • 3363.x versions prior to 3363.60
    • 3421.x versions prior to 3421.56
    • 3445.x versions prior to 3445.42
    • 3468.x versions prior to 3468.41
    • 3541.x versions prior to 3541.24
    • 3586.x versions prior to 3586.5
    • All other stemcells not listed.
  • All versions of Cloud Foundry cflinuxfs2 prior to 1.199.0

Mitigation

OSS users are strongly encouraged to follow one of the mitigations below:

  • The Cloud Foundry project recommends upgrading the following BOSH stemcells:
    • Upgrade 3363.x versions to 3363.60
    • Upgrade 3421.x versions to 3421.56
    • Upgrade 3445.x versions to 3445.42
    • Upgrade 3468.x versions to 3468.41
    • Upgrade 3541.x versions to 3541.24
    • Upgrade 3586.x versions to 3586.5
    • All other stemcells should be upgraded to the latest version available on bosh.io.
  • The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.199.0 or later.

References

Related

openvas 31
nessus 69
suse 3
ubuntu 2
mageia 2
fedora 7
archlinux 2
gentoo 1
freebsd 1
amazon 4
debiancve 4
veracode 3
redhat 10
cbl_mariner 6
centos 3
osv 7
prion 4
oraclelinux 3
ibm 3
debian 3
photon 3
nvd 4
ubuntucve 4
cgr 2
slackware 1
wolfi 2
alpinelinux 4
redhatcve 3
cve 4
cvelist 4
openvas
openvas
Ubuntu: Security Advisory (USN-3624-1)
2018-10-26 00:00:00
Mageia: Security Advisory (MGASA-2018-0277)
2022-01-28 00:00:00
openSUSE: Security Advisory for patch (openSUSE-SU-2018:1137-1)
2018-05-04 00:00:00
nessus
nessus
Ubuntu 14.04 LTS / 16.04 LTS : Patch vulnerabilities (USN-3624-1)
2018-04-11 00:00:00
SUSE SLED12 / SLES12 Security Update : patch (SUSE-SU-2018:1128-1)
2018-05-03 00:00:00
openSUSE Security Update : patch (openSUSE-2018-416)
2018-05-03 00:00:00
suse
suse
Security update for patch (important)
2018-05-03 12:08:24
Security update for patch (important)
2018-05-02 21:08:01
Security update for patch (important)
2018-05-07 21:07:23
ubuntu
ubuntu
Patch vulnerabilities
2018-04-10 00:00:00
Patch vulnerabilities
2018-04-16 00:00:00
mageia
mageia
Updated patch packages fix security vulnerabilities
2018-06-14 21:14:36
Updated patch packages fix security vulnerabilities
2018-11-16 01:04:32
fedora
fedora
[SECURITY] Fedora 26 Update: patch-2.7.6-4.fc26
2018-05-15 20:00:56
[SECURITY] Fedora 27 Update: patch-2.7.6-5.fc27
2018-10-19 15:51:21
[SECURITY] Fedora 27 Update: patch-2.7.6-4.fc27
2018-05-15 19:53:58
archlinux
archlinux
[ASA-201810-8] patch: multiple issues
2018-10-09 00:00:00
[ASA-201811-14] patch: multiple issues
2018-11-12 00:00:00
gentoo
gentoo
Patch: Multiple vulnerabilities
2019-04-17 00:00:00
freebsd
freebsd
patch -- multiple vulnerabilities
2018-04-16 00:00:00
amazon
amazon
Important: patch
2019-10-21 18:01:00
Important: patch
2019-10-18 23:22:00
Important: patch
2018-05-10 17:06:00
debiancve
debiancve
CVE-2016-10713
2018-02-13 19:29:00
CVE-2018-6951
2018-02-13 19:29:00
CVE-2018-1000156
2018-04-06 13:29:00
veracode
veracode
Denial Of Service (Dos)
2019-08-08 00:07:23
Arbitrary Code Execution
2019-01-15 09:22:55
Denial Of Service (DoS)
2020-05-10 23:24:56
redhat
redhat
(RHSA-2018:1200) Important: patch security update
2018-04-23 16:32:14
(RHSA-2018:2096) Important: patch security update
2018-06-27 18:05:33
(RHSA-2018:2092) Important: patch security update
2018-06-27 18:05:11
cbl_mariner
cbl_mariner
CVE-2018-1000156 affecting package patch 2.7.6-7
2020-09-09 06:09:14
CVE-2018-1000156 affecting package patch for versions less than 2.7.6-9
2024-03-19 17:21:46
CVE-2018-1000156 affecting package patch for versions less than 2.7.6-7
2022-04-09 06:51:43
centos
centos
patch security update
2018-05-02 12:03:45
patch security update
2018-05-30 18:24:23
patch security update
2019-08-30 03:51:18
osv
osv
CGA-f57h-jx9q-h8jr
2024-06-06 12:25:52
patch - security update
2018-04-16 00:00:00
CVE-2016-10713
2018-02-13 19:29:00
prion
prion
Out-of-bounds
2018-02-13 19:29:00
Null pointer dereference
2018-02-13 19:29:00
Command injection
2019-07-26 13:15:00
oraclelinux
oraclelinux
patch security update
2018-04-23 00:00:00
patch security update
2018-04-23 00:00:00
patch security and bug fix update
2019-08-13 00:00:00
ibm
ibm
Security Bulletin: A vulnerability in patch affects PowerKVM
2018-07-07 00:04:20
Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities (patch) vulnerability
2018-12-19 20:15:02
Security Bulletin: Open Source Libvorbis, Patch and Python-paramiko vulnerabilities affect IBM Netezza Host Management
2019-10-18 03:36:34
debian
debian
[SECURITY] [DLA 1348-1] patch security update
2018-04-16 11:15:52
[SECURITY] [DSA 4489-1] patch security update
2019-07-27 17:46:40
[SECURITY] [DSA 4489-1] patch security update
2019-07-27 17:46:40
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0142
2018-05-25 00:00:00
Important Photon OS Security Update - PHSA-2018-0142
2018-05-25 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0049
2018-05-22 00:00:00
nvd
nvd
CVE-2016-10713
2018-02-13 19:29:00
CVE-2018-6951
2018-02-13 19:29:00
CVE-2019-13638
2019-07-26 13:15:12
ubuntucve
ubuntucve
CVE-2016-10713
2018-02-13 00:00:00
CVE-2018-6951
2018-02-13 00:00:00
CVE-2018-1000156
2018-04-06 00:00:00
cgr
cgr
CVE-2018-1000156 vulnerabilities
2024-05-19 03:07:16
CVE-2018-6951 vulnerabilities
2024-05-19 03:07:16
slackware
slackware
[slackware-security] patch
2018-04-07 00:25:33
wolfi
wolfi
CVE-2018-1000156 vulnerabilities
2024-07-26 21:09:29
CVE-2018-6951 vulnerabilities
2024-07-26 21:09:29
alpinelinux
alpinelinux
CVE-2016-10713
2018-02-13 19:29:00
CVE-2018-6951
2018-02-13 19:29:00
CVE-2018-1000156
2018-04-06 13:29:00
redhatcve
redhatcve
CVE-2016-10713
2018-02-14 21:19:57
CVE-2018-6951
2018-02-14 07:19:13
CVE-2018-1000156
2019-10-10 04:15:40
cve
cve
CVE-2016-10713
2018-02-13 19:29:00
CVE-2018-6951
2018-02-13 19:29:00
CVE-2019-13638
2019-07-26 13:15:12
cvelist
cvelist
CVE-2016-10713
2018-02-13 19:00:00
CVE-2018-6951
2018-02-13 19:00:00
CVE-2018-1000156
2018-04-06 13:00:00

EPSS

0.016

Percentile

87.5%

JSON
Related for CFOUNDRY:D6964958081B18451C45CF4BF09FA16D
openvas31nessus69suse3ubuntu2mageia2fedora7archlinux2gentoo1freebsd1amazon4debiancve4veracode3redhat10cbl_mariner6centos3osv7prion4oraclelinux3ibm3debian3photon3nvd4ubuntucve4cgr2slackware1wolfi2alpinelinux4redhatcve3cve4cvelist4