1109 matches found
USN-3295-1: JasPer vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user or automated system using JasPer were tricked into opening a specially crafted image, an attacker could...
USN-3287-1: Git vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Timo Schmid discovered that the Git restricted shell incorrectly filtered allowed commands. A remote attacker could possibly use this issue to run an interactive pager and access sensitive information...
CVE-2017-7484, 7485, 7486: PostgreSQL vulnerabilities | Cloud Foundry
Severity High Vendor PostgreSQL Versions Affected PostGreSQL versions: All versions prior to 9.2.21 9.3.x versions prior to 9.3.17 9.4.x versions prior to 9.4.12 9.5.x versions prior to 9.5.7 9.6.x versions prior to 9.6.3 Description It was found that some selectivity estimation functions did not...
CVE-2017-4992: Privilege escalation with user invitations | Cloud Foundry
Severity Critical Vendor Cloud Foundry Foundation Versions Affected cf-release versions prior to v261 UAA release: 2.x versions prior to v2.7.4.17 3.6.x versions prior to v3.6.11 3.9.x versions prior to v3.9.13 Other versions prior to v4.2.0 UAA bosh release uaa-release: 13.x versions prior to...
CVE-2017-4991: UAA password reset vulnerability | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Versions Affected cf-release versions prior to v260 UAA release: 2.x versions prior to v2.7.4.16 3.6.x versions prior to v3.6.10 3.9.x versions prior to v3.9.12 Other versions prior to v3.17.0 UAA bosh release uaa-release: 13.x versions prior to v13.1...
USN-3246-1: Eject vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Ilja Van Sprundel discovered that dmcrypt-get-device incorrectly checked setuid and setgid return values. A local attacker could use this issue to execute code as an administrator. Affected Cloud Foundry...
CVE-2017-4961: BOSH Director Shell Injection Vulnerabilities | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Versions Affected BOSH Release: 261.x versions prior to 261.3 All 260.x versions Description In certain cases an authenticated Director user can provide a malicious checksum that could allow them to escalate their privileges on the Director VM...
USN-3265-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3265-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04...
USN-3259-1: Bind vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that the resolver in Bind made incorrect assumptions about ordering when processing responses containing a CNAME or DNAME. An attacker could use this cause a denial of service...
CVE-2017-4974: Blind SQL Injection with privileged UAA endpoints | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Versions Affected cf-release versions prior to v258 UAA release: 2.x versions prior to v2.7.4.15 3.6.x versions prior to v3.6.9 3.9.x versions prior to v3.9.11 Other versions prior to v3.16.0 UAA bosh release uaa-release: 13.x versions prior to v13.13...
USN-3263-1: FreeType vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that a heap-based buffer overflow existed in the FreeType library. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash,...
USN-2943-1 PCRE vulnerabilities | Cloud Foundry
USN-2943-1 PCRE vulnerabilities Low/Medium Vendor Canonical Ubuntu Versions Affected Ubuntu 14.04 LTS Description It was discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of...
CVE-2017-4972: Blind SQL Injection in UAA | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Versions Affected cf-release versions prior to v257 UAA release: 2.x versions prior to v2.7.4.14 3.6.x versions prior to v3.6.8 3.9.x versions prior to v3.9.10 Other versions prior to v3.15.0 UAA bosh release uaa-release: 13.x versions prior to v13.12...
CVE-2017-4973: Privilege Escalation in UAA | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Versions Affected cf-release versions prior to v257 UAA release: 2.x versions prior to v2.7.4.14 3.6.x versions prior to v3.6.8 3.9.x versions prior to v3.9.10 Other versions prior to v3.15.0 UAA bosh release uaa-release: 13.x versions prior to v13.12...
CVE-2017-4969: Bug in CC allows users to exceed quotas | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Versions Affected cf-release versions prior to v255 Description The Cloud Foundry Cloud Controller allows authenticated developer users to exceed memory and disk quotas for tasks. Mitigation OSS users are strongly encouraged to follow one of the...
USN-3256-2: Linux kernel (HWE) vulnerability | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3256-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel for...
CVE-2017-4970: Static file buildpack ignores basic authentication when misconfigured | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Versions Affected cf-release v255 Staticfile buildpack versions v1.4.0 – v1.4.3 Description A regression introduced in the Staticfile buildpack causes the Staticfile.auth configuration to be ignored when the Staticfile file is not present in the...
USN-3241-1: audiofile vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Agostino Sarubbo discovered that audiofile incorrectly handled certain malformed audio files. If a user or automated system were tricked into processing a specially crafted audio file, a remote attacker...
CVE-2017-4964: BOSH Azure CPI code injection vulnerability | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation Versions Affected BOSH Azure CPI Release v22 Description The BOSH Azure CPI could potentially allow a maliciously crafted stemcell to execute arbitrary code on VMs created by the director. Mitigation OSS users are strongly encouraged to follow the...
USN-3232-1: ImageMagick vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could...
CVE-2015-3281 HAProxy vulnerabilities | Cloud Foundry
Severity Medium Vendor HAProxy Versions Affected HAProxy 1.5.x Description It was discovered that HAProxy incorrectly handled certain buffers. A remote attacker could possibly use this issue to obtain sensitive information belonging to previous requests. Affected Products and Versions Severity is...
USN-3243-1: Git vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that Git incorrectly sanitized branch names in the PS1 variable when configured to display the repository status in the shell prompt. If a user were tricked into exploring a malicious...
USN-3228-1: libevent vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Guido Vranken discovered that libevent incorrectly handled memory when processing certain data. A remote attacker could possibly use this issue with an application that uses libevent to cause a denial of...
USN-3237-1: FreeType vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash,...
USN-3247-1: AppArmor vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Stéphane Graber discovered that AppArmor incorrectly unloaded some profiles when restarted or upgraded, contrary to expected behavior. Affected Cloud Foundry Products and Versions Severity is medium unles...
USN-3183-2: GnuTLS vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that GnuTLS incorrectly handled certain OpenPGP certificates. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly...
USN-3225-1: libarchive vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that libarchive incorrectly handled hardlink entries when extracting archives. A remote attacker could possibly use this issue to overwrite arbitrary files. CVE-2016-5418 Christian...
USN-3239-2: GNU C Library Regression | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3239-1 fixed vulnerabilities in the GNU C Library. Unfortunately, the fix for CVE-2015-5180 introduced an internal ABI change within the resolver library. Original advisory details: It was discovered...
USN-3227-1: ICU vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that ICU incorrectly handled certain memory operations when processing data. If an application using ICU processed crafted data, a remote attacker could possibly cause it to crash or...
USN-3213-1: GD library vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Stefan Esser discovered that the GD library incorrectly handled memory when processing certain images. If a user or automated system were tricked into processing a specially crafted image, an attacker cou...
USN-3249-2: Linux kernel (Xenial HWE) vulnerability | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that the xfrm framework for transforming packets in the Linux kernel did not properly validate data received from user space. A local attacker could use this to cause a denial of service...
USN-3235-1: libxml2 vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that libxml2 incorrectly handled format strings. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash,...
USN-3234-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Ralf Spenneberg discovered that the ext4 implementation in the Linux kernel did not properly validate meta block groups. An attacker with physical access could use this to specially craft an ext4 image th...
USN-3222-1: ImageMagick vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could...
USN-3201-1: Bind vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that Bind incorrectly handled rewriting certain query responses when using both DNS64 and RPZ. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a deni...
CVE-2017-4963: Session Fixation for UAA External Authentication | Cloud Foundry
Severity Low Vendor Cloud Foundry Foundation Versions Affected Cloud Foundry release v252 and earlier versions UAA stand-alone release v2.0.0 – v2.7.4.12 & v3.0.0 – v3.11.0 UAA bosh release v26 & earlier versions Description UAA is vulnerable to session fixation when configured to authenticate...
Multiple PHP vulnerabilities | Cloud Foundry
Severity Medium Vendor PHP Versions Affected Cloud Foundry PHP buildpack versions prior to 4.3.29 Note: The PHP buildpack is patched from upstream PHP source Description It was discovered that PHP incorrectly handled certain arguments to the localegetdisplayname function. A remote attacker could...
USN-3185-1: libXpm vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could use this issue to cause...
USN-3212-1: LibTIFF vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the applicatio...
CVE-2017-5638: Apache Struts Remote Code Execution | Cloud Foundry
Severity Advisory/Critical Vendor Apache Versions Affected Apache Struts 2: 2.3.x versions prior to 2.3.32 2.5.x versions prior to 2.5.10.1 Description The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 1 mishandles file upload, which allows remote...
USN-3205-1: tcpdump vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description It was discovered that tcpdump incorrectly handled certain packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary...
USN-3142-2: ImageMagick regression | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description USN-3142-1 fixed vulnerabilities in ImageMagick. The security fixes introduced a regression with text labels and a regression with the textcoder. This update fixes the problem. It was discovered that...
USN-3189-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description USN-3189-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu...
USN-3193-1: Nettle vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description It was discovered that Nettle incorrectly mitigated certain timing side-channel attacks. A remote attacker could possibly use this flaw to recover private keys. Affected Cloud Foundry Products and...
USN-3183-1: GnuTLS Vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description Stefan Buehler discovered that GnuTLS incorrectly verified the serial length of OCSP responses. A remote attacker could possibly use this issue to bypass certain certificate validation measures. This...
USN-3220-2: Linux kernel (Xenial HWE) vulnerability | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Ubuntu 14.04 LTS Description Alexander Popov discovered that the NHDLC line discipline implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service system crash or...
CVE-2017-4960: UAA OAuth DOS via lockout feature | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Versions Affected Cloud Foundry release v247 – v252 UAA stand-alone release v3.9.0 – v3.11.0 UAA Bosh Release v21 – v26 Description There is a potential to subject the UAA OAuth clients to a denial of service attack. Mitigation OSS users are strongly...
USN-3208-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description It was discovered that the generic SCSI block layer in the Linux kernel did not properly restrict write operations in certain situations. A local attacker could use this to cause a denial of service...
USN-3161-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
Severity Medium Vendor Ubuntu Versions Affected Ubuntu 14.04 LTS Description Tilman Schmidt and Sasha Levin discovered a use-after-free condition in the TTY implementation in the Linux kernel. A local attacker could use this to expose sensitive information kernel memory. CVE-2015-8964 It was...
USN-3172-1: Bind vulnerabilities | Cloud Foundry
Severity Medium Vendor Ubuntu Versions Affected Ubuntu 14.04 LTS Description It was discovered that Bind incorrectly handled certain malformed responses to an ANY query. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. CVE-2016-9131 It was...