1109 matches found
CVE-2017-8048: Cloud Controller API regression | Cloud Foundry
Severity Critical Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions capi-release versions 1.33.0 and later, prior to 1.42.0 cf-release versions 268 and later, prior to 274 Please note: due to a bug in 274, it is not recommended for production use. Deployments should use...
USN-3420-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3420-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04...
USN-3415-1: tcpdump vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Wilfried Kirsch discovered a buffer overflow in the SLIP decoder in tcpdump. A remote attacker could use this to cause a denial of service application crash or possibly execute arbitrary code...
USN-3405-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3405-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.0...
USN-3418-1: GDK-PixBuf vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that the GDK-PixBuf library did not properly handle certain jpeg images. If an user or automated system were tricked into opening a specially crafted jpeg file, a remote attacker could u...
USN-3411-1: Bazaar vulnerability | Cloud Foundry
Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Adam Collard discovered that Bazaar did not properly handle host names in ‘bzr+ssh://’ URLs. A remote attacker could use this to construct a bazaar repository URL that when accessed could run arbitrary code with the...
USN-3398-1: graphite2 vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Holger Fuhrmannek and Tyson Smith discovered that graphite2 incorrectly handled certain malformed fonts. If a user or automated system were tricked into opening a specially-crafted font file, a remote...
USN-3410-1: GD library vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that the GD Graphics Library aka libgd incorrectly handled certain malformed PNG images. A remote attacker could use this issue to cause the GD Graphics Library to crash, resulting in a...
CVE-2017-9805: Apache Struts Remote Code Execution | Cloud Foundry
Severity Advisory/Critical Vendor Apache Versions Affected Apache Struts 2: 2.3.x versions prior to 2.3.34 2.5.x versions prior to 2.5.13 Description An RCE attack is possible when using the Struts REST plugin with XStream handler to deserialise XML requests 1. Affected Cloud Foundry Products and...
USN-3392-2: Linux kernel (Xenial HWE) regression | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3392-1 fixed a regression in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS...
USN-3385-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3385-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04...
USN-3388-1: Subversion vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Joern Schneeweisz discovered that Subversion did not properly handle host names in ‘svn+ssh://’ URLs. A remote attacker could use this to construct a subversion repository that when accessed could run...
USN-3387-1: Git vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Brian Neel, Joern Schneeweisz, and Jeff King discovered that Git did not properly handle host names in ‘ssh://’ URLs. A remote attacker could use this to construct a git repository that when accessed coul...
CVE-2016-6638: Credential Vulnerability for Custom Buildpacks | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation Versions Affected cf-release versions prior to 245 Please note: this CVE was intended to be fixed in cf-release 241 but it was discovered that the fix was incomplete, which was assigned CVE-2016-6658. Description Applications can be configured and...
CVE-2016-6658: Incomplete fix for Credential Vulnerability for Custom Buildpacks | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation Versions Affected cf-release versions prior to 245 Description This CVE addresses an incomplete fix for CVE-2016-6638, a credential vulnerability in the Cloud Controller database. Original text of CVE-2016-6638: Applications can be configured and...
CVE-2017-8037: Incomplete fix for Cloud Controller API access to CC VM Contents | Cloud Foundry
Severity Critical Vendor Cloud Foundry Foundation Versions Affected CAPI-release versions after v1.6.0 and prior to v1.38.0 cf-release versions after v244 and prior to v270 Description This CVE is for an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should als...
USN-3363-1: ImageMagick vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could...
USN-3356-1: Expat vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that Expat incorrectly handled certain external entities. A remote attacker could possibly use this issue to cause Expat to hang, resulting in a denial of service. Affected Cloud Foundry...
USN-3367-1: gdb vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Hanno Böck discovered that gdb incorrectly handled certain malformed AOUT headers in PE executables. If a user or automated system were tricked into processing a specially crafted binary, a remote attacke...
USN-3363-2: ImageMagick regression | Cloud Foundry
Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3363-1 fixed vulnerabilities in ImageMagick. The update caused a regression for certain users when processing images. The problematic patch has been reverted pending further investigation. We apologize for the...
USN-3353-1: Heimdal vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered that Heimdal clients incorrectly trusted unauthenticated portions of Kerberos tickets. A remote attacker could use this to impersonate...
USN-3349-1: NTP vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Yihan Lian discovered that NTP incorrectly handled certain large request data values. A remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. This issue on...
USN-3347-1: Libgcrypt vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal, and Yuval Yarom discovered that Libgcrypt was susceptible to an attack...
USN-3346-1: bind9 vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Clément Berthaux discovered that Bind did not correctly check TSIG authentication for zone update requests. An attacker could use this to improperly perform zone updates. CVE-2017-3143 Clément Berthaux...
USN-3364-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3364-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.0...
USN-3378-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3378-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04...
CVE-2017-8038: Credentials readable from CredHub endpoint | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Versions Affected Credhub-release version 1.1.0 only Description CredHub access control lists ACLs enforce whether an authenticated user can perform an operation on a credential. For installations using ACLs, the ACL was bypassed for the CredHub...
Multiple Node.js Vulnerabilities | Cloud Foundry
Severity High Vendor Node.js Versions Affected Node.js: 4.x versions prior to 4.8.4 6.x versions prior to 6.11.1 7.x versions prior to 7.10.1 8.x versions prior to 8.1.4 Description All current versions of v4.x through to v8.x inclusive are vulnerable to an issue that can be used by an external...
CVE-2017-8033: Cloud Controller API filesystem traversal vulnerability | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Versions Affected CAPI-release versions prior to v1.35.0 cf-release versions prior to v268 Description A filesystem traversal vulnerability exists in the Cloud Controller that allows a space developer to escalate privileges by pushing a...
CVE-2017-8036: Cloud Controller API regression | Cloud Foundry
Severity Critical Vendor Cloud Foundry Foundation Versions Affected CAPI-release version 1.33.0 only Description The original fix for CVE-2017-8033 included in CAPI-release 1.33.0 introduces a regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing...
CVE-2017-8035: Cloud Controller API access to CC VM contents | Cloud Foundry
Severity Critical Vendor Cloud Foundry Foundation Versions Affected CAPI-release versions after v1.6.0 and prior to v1.35.0 cf-release versions after v244 and prior to v268 Description A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud...
CVE-2017-8034: JWT issuer validation in multiple CF components | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Versions Affected CAPI-release capi versions prior to v1.32.0 Routing-release versions prior to v0.159.0 CF-release versions prior to v267 Description The Cloud Controller and Router in Cloud Foundry do not validate the issuer on JSON Web Tokens JWTs...
USN-3344-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3344-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.0...
USN-3312-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3312-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.0...
USN-3212-2: LibTIFF regression | Cloud Foundry
Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3212-1 fixed vulnerabilities in LibTIFF. Unfortunately, some of the security patches were misapplied, which caused a regression when processing certain images. This update fixes the problem. We apologize for the...
USN-3318-1: GnuTLS vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Hubert Kario discovered that GnuTLS incorrectly handled decoding a status response TLS extension. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service...
USN-3323-1: GNU C Library vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that the GNU C library did not properly handle memory when processing environment variables for setuid programs. A local attacker could use this in combination with another vulnerability...
USN-3309-1: Libtasn1 vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Jakub Jirasek discovered that GnuTLS incorrectly handled certain assignments files. If a user were tricked into processing a specially crafted assignments file, a remote attacker could possibly execute...
USN-3311-1: libnl vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that libnl incorrectly handled memory when performing certain operations. A local attacker could possibly use this issue to cause libnl to crash, resulting in a denial of service, or...
USN-3302-1: ImageMagick vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could...
USN-3334-1: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerabili...
CVE-2017-8032: UAA Identity Zone Admin Privilege Escalation | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Versions Affected Please see additional information in the Mitigation section to determine if your foundation is affected. cf-release versions prior to v264 UAA release: All versions of UAA v2.x.x 3.6.x versions prior to v3.6.13 3.9.x versions prior t...
USN-3304-1: Sudo vulnerability | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that Sudo did not properly parse the contents of /proc/pid/stat when attempting to determine its controlling tty. A local attacker in some configurations could possibly use this to overwri...
CVE-2017-4994: Forwarded Headers in UAA | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Versions Affected cf-release versions prior to v263 UAA release: 2.x versions prior to v2.7.4.18 3.6.x versions prior to v3.6.12 3.9.x versions prior to v3.9.14 Other versions prior to v4.3.0 UAA bosh release uaa-release: 13.x versions prior to v13.16...
USN-3276-2: shadow regression | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3276-1 intended to fix a vulnerability in su. The solution introduced a regression in su signal handling. This update modifies the security fix. We apologize for the inconvenience. Original advisory...
USN-3181-1: OpenSSL vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Guido Vranken discovered that OpenSSL used undefined behaviour when performing pointer arithmetic. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of...
USN-3291-3: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3291-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.0...
USN-3283-1: rtmpdump vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Dave McDaniel discovered that rtmpdump incorrectly handled certain malformed streams. If a user were tricked into processing a specially crafted stream, a remote attacker could cause rtmpdump to crash,...
USN-3282-1: FreeType vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash,...
USN-3294-1: Bash vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Bernd Dietzel discovered that Bash incorrectly expanded the hostname when displaying the prompt. If a remote attacker were able to modify a hostname, this flaw could be exploited to execute arbitrary code...