USN-4318-1: Linux kernel vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description Al Viro discovered that the vfs layer in the Linux kernel contained a use- after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly expose sensitive...

Code injection

An endpoint of the Agent running on the BOSH Director VM with stemcell versions prior to 3232.6 and 3146.13 may allow unauthenticated clients to read or write blobs or cause a denial of service attack on the Director VM. This vulnerability requires that the unauthenticated clients guess or find a...

CVE-2016-4435

An endpoint of the Agent running on the BOSH Director VM with stemcell versions prior to 3232.6 and 3146.13 may allow unauthenticated clients to read or write blobs or cause a denial of service attack on the Director VM. This vulnerability requires that the unauthenticated clients guess or find a...

CVE-2016-4435

An endpoint of the Agent running on the BOSH Director VM with stemcell versions prior to 3232.6 and 3146.13 may allow unauthenticated clients to read or write blobs or cause a denial of service attack on the Director VM. This vulnerability requires that the unauthenticated clients guess or find a...

Pivotal Software Cloud Foundry Foundation BOSH Azure CPI Code Injection Vulnerability

Pivotal Software Cloud Foundry Foundation BOSH Azure CPI is a set of open source tools for deployment and lifecycle management of distributed systems from Pivotal Software, USA. A code injection vulnerability exists in version v22 of Pivotal Software Cloud Foundry Foundation BOSH Azure CPI. An...

USN-2914-1 OpenSSL vulnerabilities | Cloud Foundry

USN-2914-1 OpenSSL vulnerabilities Low Vendor Ubuntu, OpenSSL Versions Affected Ubuntu 14.04 LTS SSLv1 Description Several security issues were fixed in OpenSSL. Yuval Yarom, Daniel Genkin, and Nadia Heninger discovered that OpenSSL was vulnerable to a side-channel attack on modular exponentiatio...

USN-2871-1 Linux kernel vulnerability | Cloud Foundry

USN-2871-1 Linux kernel vulnerability High Vendor Ubuntu Versions Affected Ubuntu 14.04 Description Yevgeny Pats discovered that the session keyring implementation in the Linux kernel did not properly reference count when joining an existing session keyring. A local attacker could use this to cau...

USN-2869-1 OpenSSH vulnerability | Cloud Foundry

USN-2869-1 OpenSSH vulnerability High Vendor OpenSSH Versions Affected Ubuntu 14.04 Description It was discovered that the OpenSSH client experimental support for resuming connections contained multiple security issues. A malicious server could use this issue to leak client memory to the server,...

USN-2865-1 GnuTLS vulnerability | Cloud Foundry

USN-2865-1 GnuTLS vulnerability Medium Vendor GnuTLS Versions Affected Ubuntu 14.04 Description Karthikeyan Bhargavan and Gaetan Leurent discovered that GnuTLS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a man-in-the-middle attack, this fl...

USN-2830-1 OpenSSL vulnerability | Cloud Foundry

USN-2830-1 OpenSSL vulnerability Medium Vendor OpenSSL Versions Affected Ubuntu 14.04 Description Loïc Jonas Etienne discovered that OpenSSL incorrectly handled ASN.1 signatures with a missing PSS parameter. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a...

USN-2836-1 grub2 vulnerability | Cloud Foundry

USN-2836-1 grub2 vulnerability Medium Vendor grub2 Versions Affected Ubuntu 14.04 Description Hector Marco and Ismael Ripoll discovered that GRUB incorrectly handled the backspace key when configured to use authentication. A local attacker could use this issue to bypass GRUB password protection...

USN-2857-1 Linux kernel vulnerability | Cloud Foundry

USN-2857-1 Linux kernel vulnerability High Vendor Linux kernel Versions Affected Ubuntu 14.04 Description Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permissi...

USN-2829-1 Linux kernel vulnerability | Cloud Foundry

USN-2829-1 Linux kernel vulnerability Medium Vendor Linux kernel Versions Affected Ubuntu 14.04 Description It was discovered that the SCTP protocol implementation in the Linux kernel performed an incorrect sequence of protocol-initialization steps. A local attacker could use this to cause a deni...

USN-2820-1 dpkg vulnerability | Cloud Foundry

USN-2820-1 dpkg vulnerability Medium Vendor dpkg Versions Affected Ubuntu 14.04 Description Hanno Boeck discovered that the dpkg-deb tool incorrectly handled certain old style Debian binary packages. If a user or an automated system were tricked into unpacking a specially crafted binary package, ...

USN-2810-1 Kerberos vulnerability | Cloud Foundry

USN-2810-1 Kerberos vulnerability Medium Vendor Kerberos Versions Affected Ubuntu 14.04 Description It was discovered that Kerberos incorrectly handled null bytes in certain data fields. A remote attacker could possibly use this issue to cause a denial of service. It was discovered that the...

USN-2815-1 PNG vulnerability | Cloud Foundry

USN-2815-1 PNG vulnerability Medium Vendor PNG Versions Affected Ubuntu 14.04 Description Qixue Xiao discovered that libpng incorrectly handled certain time values. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to...

USN-2812-1 libxml2 vulnerability | Cloud Foundry

USN-2812-1 libxml2 vulnerability Medium Vendor libxml2 Versions Affected Ubuntu 14.04 Description Florian Weimer discovered that libxml2 incorrectly handled certain XML data. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause...

USN-2806-1 Linux kernel vulnerability | Cloud Foundry

USN-2806-1 Linux kernel vulnerability High Vendor Vivid Versions Affected Ubuntu 14.04 Description Ben Serebrin discovered that the KVM hypervisor implementation in the Linux kernel did not properly catch Alignment Check exceptions. An attacker in a guest virtual machine could use this to cause a...

USN-2798-1 Linux kernel vulnerability | Cloud Foundry

USN-2798-1 Linux kernel vulnerability Medium Vendor Vivid Versions Affected Ubuntu 14.04 Description It was discovered that in certain situations, a directory could be renamed outside of a bind mounted location. An attacker could use this to escape bind mount containment and gain access to...

USN-2778-1 Linux kernel vulnerabilities | Cloud Foundry

USN-2778-1 Linux kernel vulnerabilities Medium Vendor Vivid Versions Affected Ubuntu 14.04 Description It was discovered that the Linux kernel did not check if a new IPv6 MTU set by a user space application was valid. A remote attacker could forge a route advertisement with an invalid MTU that a...