Reporter Cloud Foundry
CVE-2015-1330 Unattended-Upgrades Vulnerability
- Canonical Ubuntu 14.04 LTS
It was found that for some configurations, unattended-upgrades would not properly perform authentication checks on packages prior to installation. An attacker could thus trick unattended-upgrades into installing altered packages.
Affected Products and Versions
Severity is medium unless otherwise noted.
- Any Cloud Foundry deployment with Ubuntu Trusty BOSH stemcells 3003 and prior.
Users of affected versions should apply the following mitigation:
- BOSH stemcell 3004 contains the patched version of unattended-upgrades that resolves CVE-2015-1330. The Cloud Foundry team recommends upgrading to BOSH stemcell 3004 or higher to address this concern.