Lucene search

K
cloudfoundryCloud FoundryCFOUNDRY:F8F590C4EA2497964E8F2BE7C4D6BD17
HistoryDec 05, 2019 - 12:00 a.m.

USN-4199-1: libvpx vulnerabilities | Cloud Foundry

2019-12-0500:00:00
Cloud Foundry
www.cloudfoundry.org
37

0.011 Low

EPSS

Percentile

84.5%

Severity

Low

Vendor

Canonical Ubuntu

Versions Affected

  • Canonical Ubuntu 18.04

Description

It was discovered that libvpx did not properly handle certain malformed WebM media files. If an application using libvpx opened a specially crafted WebM file, a remote attacker could cause a denial of service, or possibly execute arbitrary code.

CVEs contained in this USN include: CVE-2017-13194, CVE-2019-2126, CVE-2019-9232, CVE-2019-9325, CVE-2019-9371, CVE-2019-9433

Affected Cloud Foundry Products and Versions

Severity is low unless otherwise noted.

  • All versions of Cloud Foundry cflinuxfs3 prior to 0.147.0

Mitigation

Users of affected products are strongly encouraged to follow one of the mitigations below:

  • The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs3 version 0.147.0 or later.

References