USN-3847-2: Linux kernel (HWE) vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description USN-3847-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 18.04 LTS for Ubuntu 16.0...

USN-3839-1: WavPack vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that WavPack incorrectly handled certain WAV files. An attacker could possibly use this issue to cause a denial of service. CVE-2018-19840, CVE-2018-19841 CVEs contained in this USN...

USN-3836-2: Linux kernel (HWE) vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description USN-3836-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 18.04 LTS for Ubuntu 16.0...

CVE-2017-4994: Forwarded Headers in UAA | Cloud Foundry

Severity High Vendor Cloud Foundry Foundation Versions Affected cf-release versions prior to v263 UAA release: 2.x versions prior to v2.7.4.18 3.6.x versions prior to v3.6.12 3.9.x versions prior to v3.9.14 Other versions prior to v4.3.0 UAA bosh release uaa-release: 13.x versions prior to v13.16...

CVE-2017-7484, 7485, 7486: PostgreSQL vulnerabilities | Cloud Foundry

Severity High Vendor PostgreSQL Versions Affected PostGreSQL versions: All versions prior to 9.2.21 9.3.x versions prior to 9.3.17 9.4.x versions prior to 9.4.12 9.5.x versions prior to 9.5.7 9.6.x versions prior to 9.6.3 Description It was found that some selectivity estimation functions did not...

USN-3132-1: tar vulnerability | Cloud Foundry

USN-3132-1: tar vulnerability Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description Harry Sintonen discovered that tar incorrectly handled extracting files when path names are specified on the command line. If a user or automated system were tricked into processi...

CVE-2016-6653 MySQL Audit logs sent to Syslog | Cloud Foundry

CVE-2016-6653 MySQL Audit logs sent to Syslog High Vendor Cloud Foundry Foundation Versions Affected Cloud Foundry MySQL Release versions 271 and 282 Description MariaDB’s auditplugin, incorporated in cf-mysql-release starting with cf-mysql-release v27, allows the Operator to enable audit trails,...

USN-6756-1: less vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that less mishandled newline characters in file names. If a user or automated system were tricked into opening specially crafted files, an...

USN-6558-1: audiofile vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that audiofile could be made to dereference invalid memory. If a user or an automated system were tricked into opening a specially crafted file, an attacker could...

USN-6644-2: LibTIFF vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description USN-6644-1 fixed vulnerabilities in LibTIFF. This update provides the corresponding updates for Ubuntu 22.04 LTS. Original advisory details: It was discovered that LibTIFF incorrectly handled certain file...

USN-6659-1: libde265 vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that libde265 could be made to write out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a...

USN-6664-1: less vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that less incorrectly handled certain file names. An attacker could possibly use this issue to cause a crash or execute arbitrary commands...

USN-6517-1: Perl vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that Perl incorrectly handled printing certain warning messages. An attacker could possibly use this issue to cause Perl to consume resources, leading to a denial of service. This issue...

USN-6581-1: GNU binutils vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that GNU binutils was not properly performing bounds checks in several functions, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of...

USN-6477-1: procps-ng vulnerability | Cloud Foundry

Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that the procps-ng ps tool incorrectly handled memory. An attacker could possibly use this issue to cause procps-ng to crash, resulting in a...

USN-6420-1: Vim vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to cras...

USN-6310-1: json-c vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that json-c incorrectly handled certain JSON files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Update Instructions: Run sudo pro fix USN-6310-1...

USN-6168-2: libx11 vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description USN-6168-1 fixed a vulnerability in libx11. This update provides the corresponding update for Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 ESM. Original advisory details:...

USN-6101-1: GNU binutils vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that GNU binutils incorrectly handled certain DWARF files. An attacker could possibly use this issue to cause a crash or execute arbitrary...

USN-5445-1: Subversion vulnerabilities | Cloud Foundry

usn-5445-1 Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Ace Olszowka discovered that Subversion incorrectly handled certain svnserve requests. A remote attacker could possibly use this issue to cause svnserver to crash, resulting in a denial of...

USN-5440-1: PostgreSQL vulnerability | Cloud Foundry

usn-5440-1 Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Alexander Lakhin discovered that PostgreSQL incorrectly handled the security restricted operation sandbox when a privileged user is maintaining another user’s objects. An attacker having...

USN-5150-1: OpenEXR vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description OpenEXR could be made to crash if it opened a specially crafted file. CVEs contained in this USN include: CVE-2021-3941. Affected Cloud Foundry Products and Versions Severity is medium unless otherwise...

USN-5147-1: Vim vulnerabilities | Cloud Foundry

Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Several security issues were fixed in Vim. CVEs contained in this USN include: CVE-2017-17087, CVE-2019-20807. Affected Cloud Foundry Products and Versions Severity is low unless...

USN-4968-1: LZ4 vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that LZ4 incorrectly handled certain memory operations. If a user or automated system were tricked into uncompressing a specially- crafted LZ4 file, a remote attacker could use this issu...

USN-4676-1: OpenEXR vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or...

USN-4677-1: p11-kit vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description David Cook discovered that p11-kit incorrectly handled certain memory operations. An attacker could use this issue to cause p11-kit to crash, resulting in a denial of service, or...

USN-4436-2: librsvg regression | Cloud Foundry

Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description USN-4436-1 fixed a vulnerability in librsvg. The upstream fix caused a regression when parsing certain SVG files. This update backs out the fix pending further investigation. Original advisory details: I...

USN-4334-1: Git vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Carlo Arenas discovered that Git incorrectly handled certain URLs containing newlines, empty hosts, or lacking a scheme. A remote attacker could possibly use this issue to trick Git...

USN-4293-1: libarchive vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to access sensitive information. CVE-2019-19221 It was...

USN-4247-2: python-apt regression | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description USN-4247-1 fixed vulnerabilities in python-apt. The updated packages caused a regression when attempting to upgrade to a new Ubuntu release. This update fixes the problem. We apologize for the...

CVE-2019-11290: UAA logs query parameters in tomcat access file | Cloud Foundry

Severity High Vendor Cloud Foundry Foundation Description Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, they will be logged as well. Affected Cloud Foundry...

CVE-2019-15587: CAPI contains a vulnerable Loofah gem | Cloud Foundry

Severity Medium Vendor Cloud Foundry Foundation Description Cloud Foundry Cloud Controller CAPI, versions prior to 1.88.0, contain a vulnerable version of the Loofah gem for Ruby. Unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. Affected Cloud Foundr...

USN-4120-1: systemd vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that the systemd-resolved D-Bus interface did not enforce appropriate access controls. A local unprivileged user could exploit this to modify a system’s DNS resolver settings. CVEs...

USN-4120-2: systemd regression | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description USN-4120-1 fixed a vulnerability in systemd. The update included a recent SRU from the updates pocket that introduced networking problems for some users. This update fixes the problem. We apologize for th...

CVE-2019-3794: UAA - Login app subject to clickjacking attack | Cloud Foundry

Severity Medium Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions Severity is medium unless otherwise noted. UAA Release OSS is vulnerable prior to v73.4.0 Description Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME-OPTIONS header on various...

USN-3943-1: Wget vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information. This issue only...

USN-3855-1: systemd vulnerabilities | Cloud Foundry

Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that systemd-journald allocated variable-length buffers for certain message fields on the stack. A local attacker could potentially exploit this to cause a denial of...

CVE-2018-1277: Garden does not correctly enforce Docker image disc quotas | Cloud Foundry

Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions You are using garden-runc-release version prior to 1.13.0 You are using cf-deployment version prior to 1.28.0 Description Cloud Foundry Garden-runC, versions prior to 1.13.0, does not correctly enforce disc...

CVE-2018-1191 - Garden may log Docker passwords | Cloud Foundry

Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions You are using garden-runc-release prior to version 1.11.0 You are using cf-deployment prior to version 1.9.0 Description Cloud Foundry Garden-runC, versions prior to 1.11.0, contains an information exposure...

USN-3535-1: Bind vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Jayachandran Palanisamy discovered that the Bind resolver incorrectly handled fetch cleanup sequencing. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of...

CVE-2017-8047: Cloud Foundry router open redirect | Cloud Foundry

Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions routing-release All versions prior to v0.163.0 cf-release All versions prior to v274 Please note: due to a bug in 274, it is not recommended for production use. Deployments should use v275 or later...

CVE-2016-3091 Diego log encoding vulnerability | Cloud Foundry

CVE-2016-3091 Diego log encoding vulnerability High Vendor Cloud Foundry Foundation Versions Affected Diego-release versions 0.1468.0 through 0.1470.0 Description Due to how Diego handles breaking up large log streams on UTF-8 boundaries, it is possible to cause a denial of service on a Cloud...

USN-6793-1: Git vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that Git incorrectly handled certain submodules. An attacker could possibly use this issue to execute arbitrary code. This issue was fixed in Ubuntu 22.04 LTS, Ubuntu 23.10 and Ubuntu...

USN-6112-2: Perl vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description USN-6112-1 fixed vulnerabilities in Perl. This update provides the corresponding updates for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. Original advisory details: It was discovere...

USN-5891-1: curl vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Harry Sintonen discovered that curl incorrectly handled HSTS support when multiple URLs are requested serially. A remote attacker could possibly use this issue to cause curl to use...

USN-5871-2: Git regression | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description USN-5871-1 fixed vulnerabilities in Git. A backport fixing part of the vulnerability in CVE-2023-22490 was required. This update fix this for Ubuntu 18.04 LTS. Original advisory details: It was discovered...

USN-5714-1: LibTIFF vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that LibTIFF incorrectly handled certain memory operations when using tiffcrop. An attacker could trick a user into processing a specially crafted tiff image file...

USN-5686-1: Git vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Cory Snider discovered that Git incorrectly handled certain symbolic links. An attacker could possibly use this issue to cause an unexpected behaviour. CVE-2022-39253 Kevin Backhouse discovered that Git...

USN-5583-2: systemd regression | Cloud Foundry

Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description USN-5583-1 fixed vulnerabilities in systemd. Unfortunately this caused a regression by introducing netowrking problems for some users. This update fixes the problem. We apologize for the inconvenience...

USN-5575-1: Libxslt vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Nicolas Grégoire discovered that Libxslt incorrectly handled certain XML. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. This issue only affected Ubun...