4 matches found
Improper Validation of Integrity Check Value
Overview Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value inadequate validation of the combined fingerprint during image downloads from simplestreams servers. An attacker can cause users to deploy malicious images by providing manipulated image file...
CVE-2017-14388
Cloud Foundry Foundation GrootFS release 0.3.x versions prior to 0.30.0 do not validate DiffIDs, allowing specially crafted images to poison the grootfs volume cache. For example, this could allow an attacker to provide an image layer that GrootFS would consider to be the Ubuntu base layer...
CVE-2017-14388
Cloud Foundry Foundation GrootFS release 0.3.x versions prior to 0.30.0 do not validate DiffIDs, allowing specially crafted images to poison the grootfs volume cache. For example, this could allow an attacker to provide an image layer that GrootFS would consider to be the Ubuntu base layer...
CVE-2017-14388
Summary: CVE-2017-14388 affects Cloud Foundry GrootFS 0.3.x prior to 0.30.0, where GrootFS does not validate DiffIDs, allowing a specially crafted image to poison the grootfs volume cache. Affected software: GrootFS (root filesystem component) within Cloud Foundry, specifically releases in the 0....