16 matches found
USN-2871-1 Linux kernel vulnerability | Cloud Foundry
USN-2871-1 Linux kernel vulnerability High Vendor Ubuntu Versions Affected Ubuntu 14.04 Description Yevgeny Pats discovered that the session keyring implementation in the Linux kernel did not properly reference count when joining an existing session keyring. A local attacker could use this to cau...
USN-2865-1 GnuTLS vulnerability | Cloud Foundry
USN-2865-1 GnuTLS vulnerability Medium Vendor GnuTLS Versions Affected Ubuntu 14.04 Description Karthikeyan Bhargavan and Gaetan Leurent discovered that GnuTLS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a man-in-the-middle attack, this fl...
USN-2869-1 OpenSSH vulnerability | Cloud Foundry
USN-2869-1 OpenSSH vulnerability High Vendor OpenSSH Versions Affected Ubuntu 14.04 Description It was discovered that the OpenSSH client experimental support for resuming connections contained multiple security issues. A malicious server could use this issue to leak client memory to the server,...
USN-2836-1 grub2 vulnerability | Cloud Foundry
USN-2836-1 grub2 vulnerability Medium Vendor grub2 Versions Affected Ubuntu 14.04 Description Hector Marco and Ismael Ripoll discovered that GRUB incorrectly handled the backspace key when configured to use authentication. A local attacker could use this issue to bypass GRUB password protection...
USN-2857-1 Linux kernel vulnerability | Cloud Foundry
USN-2857-1 Linux kernel vulnerability High Vendor Linux kernel Versions Affected Ubuntu 14.04 Description Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permissi...
USN-2829-1 Linux kernel vulnerability | Cloud Foundry
USN-2829-1 Linux kernel vulnerability Medium Vendor Linux kernel Versions Affected Ubuntu 14.04 Description It was discovered that the SCTP protocol implementation in the Linux kernel performed an incorrect sequence of protocol-initialization steps. A local attacker could use this to cause a deni...
USN-2830-1 OpenSSL vulnerability | Cloud Foundry
USN-2830-1 OpenSSL vulnerability Medium Vendor OpenSSL Versions Affected Ubuntu 14.04 Description Loïc Jonas Etienne discovered that OpenSSL incorrectly handled ASN.1 signatures with a missing PSS parameter. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a...
USN-2820-1 dpkg vulnerability | Cloud Foundry
USN-2820-1 dpkg vulnerability Medium Vendor dpkg Versions Affected Ubuntu 14.04 Description Hanno Boeck discovered that the dpkg-deb tool incorrectly handled certain old style Debian binary packages. If a user or an automated system were tricked into unpacking a specially crafted binary package, ...
USN-2812-1 libxml2 vulnerability | Cloud Foundry
USN-2812-1 libxml2 vulnerability Medium Vendor libxml2 Versions Affected Ubuntu 14.04 Description Florian Weimer discovered that libxml2 incorrectly handled certain XML data. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause...
USN-2810-1 Kerberos vulnerability | Cloud Foundry
USN-2810-1 Kerberos vulnerability Medium Vendor Kerberos Versions Affected Ubuntu 14.04 Description It was discovered that Kerberos incorrectly handled null bytes in certain data fields. A remote attacker could possibly use this issue to cause a denial of service. It was discovered that the...
USN-2806-1 Linux kernel vulnerability | Cloud Foundry
USN-2806-1 Linux kernel vulnerability High Vendor Vivid Versions Affected Ubuntu 14.04 Description Ben Serebrin discovered that the KVM hypervisor implementation in the Linux kernel did not properly catch Alignment Check exceptions. An attacker in a guest virtual machine could use this to cause a...
USN-2798-1 Linux kernel vulnerability | Cloud Foundry
USN-2798-1 Linux kernel vulnerability Medium Vendor Vivid Versions Affected Ubuntu 14.04 Description It was discovered that in certain situations, a directory could be renamed outside of a bind mounted location. An attacker could use this to escape bind mount containment and gain access to...
USN-2718-1 Address Configuration Change Vulnerabilities | Cloud Foundry
USN-2718-1 Address Configuration Change Vulnerabilities Medium Vendor Vivid Versions Affected Ubuntu 14.04 Description Marcelo Ricardo Leitner discovered a race condition in the Linux kernel’s SCTP address configuration lists when using Address Configuration Change ASCONF options on a socket. An...
USN-2694-1 PCRE Vulnerabilities | Cloud Foundry
USN-2694-1 PCRE Vulnerabilities Medium Vendor Perl 5 Versions Affected Ubuntu 14.04 Description Michele Spagnuolo discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of servic...
CVE-2015-1420 file_handle size verification | Cloud Foundry
CVE-2015-1420 filehandle size verification Medium Vendor Ubuntu Versions Affected Ubuntu 14.04 Description A race condition was discovered in the Linux kernel’s filehandle size verification. A local user could exploit this flaw to read potentially sensitive memory locations. The Cloud Foundry...
CVE-2015-1328 - overlayfs privilege escalation | Cloud Foundry
CVE-2015-1328 – overlayfs privilege escalation High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS with 3.16 kernel Description Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to...