USN-6105-1: ca-certificates update | Cloud Foundry

Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.60 version of the Mozilla certificate...

USN-6055-2: Ruby regression | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description USN-6055-1 fixed a vulnerability in Ruby. Unfortunately it introduced a regression. This update reverts the patches applied to CVE-2023-28755 in order to fix the regression pending further investigation. ...

USN-6112-1: Perl vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that Perl was not properly verifying TLS certificates when using CPAN together with HTTP::Tiny to download modules over HTTPS. If a remote attacker were able to...

USN-6101-1: GNU binutils vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that GNU binutils incorrectly handled certain DWARF files. An attacker could possibly use this issue to cause a crash or execute arbitrary...

cflinuxfs3 Removal | Cloud Foundry

cflinuxfs3 Removal Please be advised that starting with release v30.0.0 of cf-deployment the platform now comes without the cflinuxfs3 stack and the cflinuxfs3 buildpacks 1. The stack is based on Ubuntu Bionic and has reached end of life. The new cflinuxfs4 stack with Ubuntu Jammy buildpacks are...

USN-6087-1: Ruby vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. CVE-2023-28755 It was discovered that Ruby incorrectly...

USN-6078-1: libwebp vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Irvan Kurniawan discovered that libwebp incorrectly handled certain memory operations. If a user or automated system were tricked into opening a specially crafted image file, a remo...

USN-5958-1: FFmpeg vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that FFmpeg could be made to dereference a null pointer. An attacker could possibly use this to cause a denial of service via application crash. These issues only...

USN-5310-1: GNU C Library vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Jan Engelhardt, Tavis Ormandy, and others discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could possibly use this issue to cause the GNU C Library ...

USN-5702-1: curl vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Robby Simpson discovered that curl incorrectly handled certain POST operations after PUT operations. This issue could cause applications using curl to send the wrong data, perform...

USN-5960-1: Python vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Yebo Cao discovered that Python incorrectly handled certain URLs. An attacker could possibly use this issue to bypass blocklisting methods by supplying a URL...

USN-5952-1: OpenJPEG vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Sebastian Poeplau discovered that OpenJPEG incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly u...

USN-6028-1: libxml2 vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that lixml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code...

USN-5963-1: Vim vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that Vim was not properly performing memory management operations. An attacker could possibly use this issue to cause a denial of service or...

USN-5959-1: Kerberos vulnerabilities Severity | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that Kerberos incorrectly handled memory when processing KDC data, which could lead to a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service ...

USN-6005-1: Sudo vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Matthieu Barjole and Victor Cutillas discovered that Sudo incorrectly escaped control characters in log messages and sudoreplay output. An attacker could possibly use these issues t...

USN-5995-1: Vim vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to cras...

USN-5891-1: curl vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Harry Sintonen discovered that curl incorrectly handled HSTS support when multiple URLs are requested serially. A remote attacker could possibly use this issue to cause curl to use...

USN-5923-1: LibTIFF vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that LibTIFF could be made to read out of bounds when processing certain malformed image files with the tiffcrop tool. If a user were tricke...

USN-5767-3: Python vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description USN-5767-1 fixed vulnerabilities in Python. This update fixes the problem for Ubuntu 18.04 LTS. Original advisory details: Nicky Mouha discovered that Python incorrectly handled certain SHA-3 internals. A...