USN-4402-1: curl vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Marek Szlagor, Gregory Jefferis and Jeroen Ooms discovered that curl incorrectly handled certain credentials. An attacker could possibly use this issue to...

USN-4363-1: Linux kernel vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description It was discovered that the Serial CAN interface driver in the Linux kernel did not properly initialize data. A local attacker could use this to expose sensitive information kernel memory. CVE-2020-11494 I...

USN-4246-1: zlib vulnerabilities | Cloud Foundry

Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description It was discovered that zlib incorrectly handled pointer arithmetic. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2016-984...

USN-4252-1: tcpdump vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Multiple security issues were discovered in tcpdump. A remote attacker could use these issues to cause tcpdump to crash, resulting in a denial of service, or possibly execute...

USN-4144-1: Linux kernel vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description It was discovered that the XFS file system in the Linux kernel did not properly handle mount failures in some situations. A local attacker could possibly use this to cause a denial of service system crash...

USN-4016-1: Vim vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that Vim incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS...

USN-3887-1: snapd vulnerability | Cloud Foundry

Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Chris Moberly discovered that snapd versions 2.28 through 2.37 incorrectly validated and parsed the remote socket address when performing access controls on its...

CVE-2018-1269: Loggregator does not properly close some TCP connections | Cloud Foundry

Severity Medium Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions You are using loggregator-release Version 89.x prior to 89.5 Version 96.x prior to 96.1 Version 99.x prior to 99.1 Version 101.x prior to 101.9 Version 102.x prior to 102.2 Description Cloud Foundry...

USN-3458-1: ICU vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that ICU incorrectly handled certain inputs. If an application using ICU processed crafted data, a remote attacker could possibly cause it to crash or potentially execute arbitrary code...

USN-3294-1: Bash vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Bernd Dietzel discovered that Bash incorrectly expanded the hostname when displaying the prompt. If a remote attacker were able to modify a hostname, this flaw could be exploited to execute arbitrary code...

USN-3232-1: ImageMagick vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could...

USN-3193-1: Nettle vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description It was discovered that Nettle incorrectly mitigated certain timing side-channel attacks. A remote attacker could possibly use this flaw to recover private keys. Affected Cloud Foundry Products and...

USN-2919-1 JasPer vulnerabilities | Cloud Foundry

USN-2919-1 JasPer vulnerabilities Medium Vendor Ubuntu, JasPer Versions Affected Ubuntu 14.04 LTS Description Jacob Baines discovered that JasPer incorrectly handled ICC color profiles in JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote...

USN-6544-1: GNU binutils vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that GNU binutils incorrectly handled certain COFF files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS...

USN-5855-2: ImageMagick vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description USN-5855-1 fixed a vulnerability in ImageMagick. This update provides the corresponding update for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. Original advisory details: It was discovered that...

USN-5021-1: curl vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Harry Sintonen and Tomas Hoger discovered that curl incorrectly handled TELNET connections when the -t option was used on the command line. Uninitialized data possibly containing sensitive information cou...

USN-5017-1: Linux kernel vulnerabilities | Cloud Foundry

Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service syste...

USN-4922-1: Ruby vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Juho Nurminen discovered that the REXML gem bundled with Ruby incorrectly parsed and serialized XML documents. A remote attacker could possibly use this issue to perform an XML round-trip attack. CVEs...

USN-4754-1: Python vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a denial of...

USN-4376-1: OpenSSL vulnerabilities | Cloud Foundry

Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Cesar Pereida García, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley discovered that OpenSSL incorrectly handled ECDSA signatures. An...

USN-4345-1: Linux kernel vulnerabilities | Cloud Foundry

Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description Al Viro discovered that the Linux kernel for s390x systems did not properly perform page table upgrades for kernel sections that use secondary address mode. A local attacker could use this to cause a denial...

USN-4333-1: Python vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that Python incorrectly stripped certain characters from requests. A remote attacker could use this issue to perform CRLF injection...

CVE-2020-5402: UAA fails to check the state parameter when authenticating with external IDPs | Cloud Foundry

Severity High Vendor Cloud Foundry Foundation Description In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function when authenticating with external identity providers. Affected Cloud Foundry Products...

CVE-2019-11294: CAPI leaks service broker URLs and GUIDs to space developers | Cloud Foundry

Severity Medium Vendor Cloud Foundry Foundation Description Cloud Foundry Cloud Controller API CAPI, version 1.88.0, allows space developers to list all global service brokers, including service broker URLs and GUIDs, which should only be accessible to admins. Affected Cloud Foundry Products and...

CVE-2019-3798: Escalation of Privileges in Cloud Controller | Cloud Foundry

Severity Medium Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions CAPI-Release All versions prior to 1.79.0 Description Cloud Foundry Cloud Controller API Release, versions prior to 1.79.0, contains improper authentication when validating user permissions. A remote...

USN-3606-1: LibTIFF vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Affected Cloud Foundry Products and Versions Severity is medium unless otherwise noted. All versions of Cloud Foundry cflinuxfs2 prior to 1.195.0 Mitigation OSS users are strongly encouraged to follow one...

USN-3457-1: curl vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Brian Carpenter discovered that curl incorrectly handled IMAP FETCH response lines. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute...

USN-3189-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description USN-3189-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu...

USN-3117-1: GD library vulnerabilities | Cloud Foundry

USN-3117-1: GD library vulnerabilities Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description The GD library could be made to crash or run programs if it processed a specially crafted image file. Software description: libgd2 – GD Graphics Library Ibrahim El-Sayed...

USN-3053-1/USN-3037-1 Linux kernel (Vivid HWE) vulnerability | Cloud Foundry

USN-3053-1/USN-3037-1 Linux kernel Vivid HWE vulnerability Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description A missing permission check when settings ACLs was discovered in nfsd. A local user could exploit this flaw to gain access to any file by setting an AC...

USN-3010-1 Expat vulnerabilities | Cloud Foundry

USN-3010-1 Expat vulnerabilities Medium Vendor expat – XML parsing C library, Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description It was discovered that Expat unexpectedly called srand in certain circumstances. This could reduce the security of calling applications...

USN-2925-1 Bind9 vulnerabilities | Cloud Foundry

USN-2925-1 Bind9 vulnerabilities Medium Vendor Ubuntu, Bind9 Versions Affected Ubuntu 14.04 LTS Description Bind could be made to crash if it received specially crafted network traffic. It was discovered that Bind incorrectly handled input received by the rndc control channel. A remote attacker...

CVE-2014-0227 Apache Tomcat Request Smuggling | Cloud Foundry

CVE-2014-0227 Apache Tomcat Request Smuggling Important Vendor Apache Software Foundation Versions Affected Apache Tomcat 8.0.0-RC1 to 8.0.8 inclusive Apache Tomcat 7.0.0 to 7.0.54 inclusive Apache Tomcat 6.0.0 to 6.0.41 inclusive Description It was possible to craft a malformed chunk as part of ...

USN-6390-1: Bind vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that Bind incorrectly handled certain control channel messages. A remote attacker with access to the control channel could possibly use this issue to cause Bind to crash, resulting in a...

USN-5570-1: zlib vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Evgeny Legerov discovered that zlib incorrectly handled memory when performing certain inflate operations. An attacker could use this issue to cause zlib to crash, resulting in a...

USN-5240-1: Linux kernel vulnerability | Cloud Foundry

Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description William Liu and Jamie Hill-Daniel discovered that the file system context functionality in the Linux kernel contained an integer underflow vulnerability, leading to an out-of-bounds write. A local attacker...

USN-5267-1: Linux kernel vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that the Bluetooth subsystem in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute...

USN-5174-1: Samba vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Stefan Metzmacher discovered that Samba incorrectly handled SMB1 client connections. A remote attacker could possibly use this issue to downgrade connections to plaintext authentication. CVE-2016-2124...

USN-4038-3: bzip2 regression | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description USN-4038-1 fixed a vulnerability in bzip2. The update introduced a regression causing bzip2 to incorrect raises CRC errors for some files. We apologize for the inconvenience. Origin...

USN-3962-1: libpng vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that libpng incorrectly handled certain memory operations. If a user or automated system were tricked into opening a specially crafted PNG file, a remote attacker could use this issue to...

USN-3441-1: curl vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Daniel Stenberg discovered that curl incorrectly handled large floating point output. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute...

USN-3444-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3444-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.0...

USN-3387-1: Git vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Brian Neel, Joern Schneeweisz, and Jeff King discovered that Git did not properly handle host names in ‘ssh://’ URLs. A remote attacker could use this to construct a git repository that when accessed coul...

USN-3356-1: Expat vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that Expat incorrectly handled certain external entities. A remote attacker could possibly use this issue to cause Expat to hang, resulting in a denial of service. Affected Cloud Foundry...

USN-3364-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3364-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.0...

CVE-2016-6637 UAA CSRF Vulnerability for OAuth Approvals | Cloud Foundry

CVE-2016-6637 UAA CSRF Vulnerability for OAuth Approvals Low Vendor Cloud Foundry Foundation Versions Affected Cloud Foundry release v241 and earlier versions UAA release v2.0.0 – v2.7.4.6 & v3.0.0 – v3.6.0 UAA bosh release v15 & earlier versions Description The profile and authorize approval pag...

USN-6450-1: OpenSSL vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description Tony Battersby discovered that OpenSSL incorrectly handled key and initialization vector IV lengths. This could lead to truncation issues and result in loss of confidentiality for some symmetric cipher...

USN-6183-1: Bind vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description Shoham Danino, Anat Bremler-Barr, Yehuda Afek, and Yuval Shavitt discovered that Bind incorrectly handled the cache size limit. A remote attacker could possibly use this issue to consume memory, leading t...

USN-5310-1: GNU C Library vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Jan Engelhardt, Tavis Ormandy, and others discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could possibly use this issue to cause the GNU C Library ...

USN-5400-1: MySQL vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.29 in Ubuntu 20.04 LTS, Ubuntu 21.10, and Ubuntu...