USN-3740-2: Linux kernel (HWE) vulnerabilities | Cloud Foundry

Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description USN-3740-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 18.04 LTS for Ubuntu 16.04...

USN-3746-1: APT vulnerability | Cloud Foundry

Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that APT incorrectly handled the mirror method mirror://. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered...

USN-3706-1: libjpeg-turbo vulnerabilities | Cloud Foundry

Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Affected Cloud Foundry Products and Versions Severity is low unless otherwise noted. All versions of Cloud Foundry cflinuxfs2 prior to 1.224.0 Mitigation OSS users are strongly encouraged to follow one of th...

USN-3681-1: ImageMagick vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could...

USN-3501-1: libxcursor vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that libxcursor incorrectly handled certain files. An attacker could use these issues to cause libxcursor to crash, resulting in a denial of service, or possibly execute arbitrary code...

USN-3509-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry

Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3509-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04...

USN-3432-1: ca-certificates update | Cloud Foundry

Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 20170717 package. Affected Cloud Foundry Products and Versions Cloud Foundry BOSH...

USN-3420-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry

Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3420-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04...

USN-3387-1: Git vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Brian Neel, Joern Schneeweisz, and Jeff King discovered that Git did not properly handle host names in ‘ssh://’ URLs. A remote attacker could use this to construct a git repository that when accessed coul...

CVE-2017-4969: Bug in CC allows users to exceed quotas | Cloud Foundry

Severity High Vendor Cloud Foundry Foundation Versions Affected cf-release versions prior to v255 Description The Cloud Foundry Cloud Controller allows authenticated developer users to exceed memory and disk quotas for tasks. Mitigation OSS users are strongly encouraged to follow one of the...

CVE-2017-4964: BOSH Azure CPI code injection vulnerability | Cloud Foundry

Severity Medium Vendor Cloud Foundry Foundation Versions Affected BOSH Azure CPI Release v22 Description The BOSH Azure CPI could potentially allow a maliciously crafted stemcell to execute arbitrary code on VMs created by the director. Mitigation OSS users are strongly encouraged to follow the...

USN-3151-2: Linux kernel (Xenial HWE) vulnerability | Cloud Foundry

USN-3151-2: Linux kernel Xenial HWE vulnerability High Vendor Canonical Ubuntu Versions Affected Ubuntu 14.04 LTS The following Cloud Foundry BOSH stemcells are vulnerable: All versions prior to 3151.5 3233.x versions prior to 3233.6 3263.x versions prior to 3263.12 3312.x versions prior to 3312....

CVE-2016-6655 Utility Script Command Injection | Cloud Foundry

CVE-2016-6655 Utility Script Command Injection Critical Vendor Cloud Foundry Foundation Versions Affected Cloud Foundry release versions prior to v245 cf-mysql-release versions prior to v31 Description A command injection vulnerability was discovered in a common script used by many Cloud Foundry...