1103 matches found
USN-6119-1: OpenSSL vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Matt Caswell discovered that OpenSSL incorrectly handled certain ASN.1 object identifiers. A remote attacker could possibly use this issue to cause OpenSSL to consume resources,...
CVE-2016-2183: Birthday attacks against TLS ciphers with 64bit block size | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Description Cloud Foundry BOSH System Metrics Server, all versions prior to v0.0.24 and Cloud Foundry Loggregator, 105.x versions prior to v105.6, support block ciphers with 64 bit block size. A remote unauthenticated malicious user can obtain clearte...
USN-3741-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3741-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04...
USN-3732-2: Linux kernel (HWE) vulnerability | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description USN-3732-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 18.04 LTS for Ubuntu 16.04...
USN-3756-1: Intel Microcode vulnerabilities | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 16.04 Description It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also kno...
USN-3762-2: Linux kernel (HWE) vulnerabilities | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description USN-3762-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 18.04 LTS for Ubuntu 16.04...
USN-3776-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3776-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04...
USN-3777-2: Linux kernel (HWE) vulnerabilities | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description USN-3777-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 18.04 LTS for Ubuntu 16.04...
USN-3785-1: ImageMagick vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 18.04 Description Due to a large number of issues discovered in GhostScript that prevent it from being used by ImageMagick safely, this update includes a default policy change that disables support f...
USN-3739-1: libxml2 vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Matias Brutti discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information...
USN-3797-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3797-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.0...
USN-3759-1: libtirpc vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Aldy Hernandez discovered that libtirpc incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. This issue...
USN-3706-1: libjpeg-turbo vulnerabilities | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Affected Cloud Foundry Products and Versions Severity is low unless otherwise noted. All versions of Cloud Foundry cflinuxfs2 prior to 1.224.0 Mitigation OSS users are strongly encouraged to follow one of th...
USN-3752-2: Linux kernel (HWE) vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description USN-3752-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 18.04 LTS for Ubuntu 16.0...
USN-3753-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3753-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.0...
USN-3791-1: Git vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 18.04 Description It was discovered that git did not properly validate git submodule urls or paths. A remote attacker could possibly use this to craft a git repository that causes arbitrary code...
USN-3690-1: AMD Microcode update | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker...
USN-3750-1: Pango vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Jeffrey M. discovered that Pango incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. Affected Cloud Foundry Products and Versions Severity is medium...
USN-3740-2: Linux kernel (HWE) vulnerabilities | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description USN-3740-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 18.04 LTS for Ubuntu 16.04...
USN-3755-1: GD vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 18.04 Description It was discovered that GD incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code. CVE-2018-1000222 It was discovered that GD...
USN-3758-1: libx11 vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 18.04 Description Tobias Stoeckmann discovered that libx11 incorrectly handled certain images. An attacker could possibly use this issue to access sensitive information CVE-2016-7942 Tobias Stoeckman...
CVE-2018-11084: Garden-runC prevents deletion of some app environments | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions You are using Garden-runC release versions prior to 1.16.1 Description Cloud Foundry Garden-runC release, versions prior to 1.16.1, prevents deletion of some app environments based on file attributes. A...
USN-3770-1: Little CMS vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 18.04 Description Ibrahim El-Sayed discovered that Little CMS incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. CVE-2016-10165 Quang Nguyen...
USN-3736-1: libarchive vulnerabilities | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that libarchive incorrectly handled certain archive files. A remote attacker could possibly use this issue to cause a denial of service. This...
USN-3800-1: audiofile vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that audiofile incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. CVE-2018-13440 It was discovered that audiofile incorrectly...
CVE-2018-11083: BOSH accepts refresh token as access token | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions You are using bosh-release versions prior to: v264 prior to v264.14.0 v265 prior to v265.7.0 v266 prior to v266.8.0 v267 prior to v267.2.0 Description BOSH allows refresh tokens to be used as access tokens...
CVE-2018-15796: Signing Key Extraction in Bits Service | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions You are using bits-service-release versions prior to 2.14.0 Description Cloud Foundry Bits Service, versions prior to 2.14.0, uses an insecure hashing algorithm to sign URLs. A remote malicious user may...
CVE-2018-11082: UAA MFA doesn't prevent brute force of MFA code | Cloud Foundry
Severity medium Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions You are using uaa-release versions prior to 61.0 You are using uaa versions prior to 4.20.0 Description UAA, versions prior to 4.20.0, allows brute forcing of MFA codes. A remote unauthenticated malicious...
USN-3767-1: GLib vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that GLib incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary cod...
USN-3808-1: Ruby vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that Ruby incorrectly handled certain X.509 certificates. An attacker could possibly use this issue to bypass the certificate check. CVE-2018-16395 It was discovered that Ruby incorrectl...
USN-3712-1: libpng vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 18.04 Description Patrick Keshishian discovered that libpng incorrectly handled certain PNG files. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu...
USN-3748-1: base-files vulnerability | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Sander Bos discovered that the MOTD update script incorrectly handled temporary files. A local attacker could use this issue to cause a denial of service, or possibly escalate privileges if kernel symlink...
CVE-2018-11048: Garden-runC prevents deletion of some app environments | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions You are using Garden-runC release versions prior to 1.16.1 Description Cloud Foundry Garden-runC release, versions prior to 1.16.1, prevents deletion of some app environments based on file attributes. A...
USN-3786-1: libxkbcommon vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that libxkbcommon incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. CVE-2018-15853, CVE-2018-15854, CVE-2018-15855, CVE-2018-1585...
CVE-2018-1264: Log Cache logs UAA client secret on startup | Cloud Foundry
Severity Critical Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions You are using log-cache-release versions prior to 1.1.1 Description Cloud Foundry Log Cache, versions prior to 1.1.1, logs its UAA client secret on startup as part of its envstruct report. A remote...
CVE-2018-1223: CFCR leaks credentials to application logs | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions kubo-release versions prior to 0.14.0 Description Cloud Foundry Container Runtime kubo-release, versions prior to 0.14.0, may leak UAA and vCenter credentials to application logs. A malicious user with the...
USN-3765-1: curl vulnerability | Cloud Foundry
Severity Medium Vendo Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that curl incorrectly handled certain inputs. An attacker could possibly use this to execute arbitrary code. CVEs contained in this USN...
USN-3729-1: libxcursor vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that libxcursor incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. Affected Cloud Foundry Products and Versions Severity is medium...
USN-3707-1: NTP vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Yihan Lian discovered that NTP incorrectly handled certain malformed mode 6 packets. A remote attacker could possibly use this issue to cause ntpd to crash, resulting in a denial of service. This issue on...
USN-3733-1: GnuPG vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 16.04 Description Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal, and Yuval Yarom discovered that GnuPG is...
USN-3746-1: APT vulnerability | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that APT incorrectly handled the mirror method mirror://. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered...
CVE-2018-15761: UAA Privilege Escalation | Cloud Foundry
Severity Critical Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions You are using uaa-release versions prior to v64.0 You are using uaa versions prior to 4.23.0 Description Cloud Foundry UAA, release versions prior to v64.0, contains a validation error which allows for...
CVE-2018-15755: - CF networking internal policy server SQL injection | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions You are using cf-networking-release versions prior to 2.16.0 Description Cloud Foundry CF-Networking, versions 2.11.0 through 2.15.0, contain an internal api endpoint vulnerable to SQL injection between...
USN-3690-2: AMD Microcode regression | Cloud Foundry
Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3690-1 provided updated microcode for AMD processors to address CVE-2017-5715 aka Spectre. Unfortunately, the update caused some systems to fail to boot. This update reverts the update for Ubuntu 14.04 LTS. We...
USN-3931-2: Linux kernel (HWE) vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description USN-3931-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 18.04 LTS for Ubuntu 16.0...
USN-3692-1: OpenSSL vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Keegan Ryan discovered that OpenSSL incorrectly handled ECDSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. CVE-2018-0495 Guido...
USN-3689-1: Libgcrypt vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Affected Cloud Foundry Products and Versions Severity is medium unless otherwise noted. Cloud Foundry BOSH stemcells are vulnerable, including: 3586.x versions prior to 3586.25 3541.x versions prior to...
USN-3696-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3696-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.0...
USN-3693-1: JasPer vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Affected Cloud Foundry Products and Versions Severity is medium unless otherwise noted. All versions of Cloud Foundry cflinuxfs2 prior to 1.222.0 Mitigation OSS users are strongly encouraged to follow one...
CVE-2018-11041: UAA open redirect | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions You are using uaa versions later than 4.6.0 and prior to 4.19.0, except 4.10.1 and 4.7.5 You are using uaa-release versions later than v48 and prior to v60, except v57.3, v55.1 and v52.9 Description Cloud...