1109 matches found
USN-3169-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
Severity Medium Vendor Ubuntu Versions Affected Ubuntu 14.04 LTS Description Dmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment CS in certain error cases. A local attacker could use this to expose sensitive information kernel...
CVE-2016-6660: Cloud Controller logs application environment variables | Cloud Foundry
CVE-2016-6660: Cloud Controller logs application environment variables Low Vendor Cloud Foundry Foundation Versions Affected Cloud Foundry Release versions prior to 250 CAPI versions prior to 1.12.0 Description The Cloud Foundry Cloud Controller /v2/apps endpoint logs environment variables in...
USN-3024-1: tomcat6, tomcat7 vulnerabilities | Cloud Foundry
USN-3024-1: tomcat6, tomcat7 vulnerabilities Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description It was discovered that Tomcat incorrectly handled pathnames used by web applications in a getResource, getResourceAsStream, or getResourcePaths call. A remote...
RunC Exec Vulnerability | Cloud Foundry
Medium Vendor Open Containers Initiative Description RunC allowed additional container processes via runc exec to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the...
CVE-2016-9882: Cloud Foundry Logs Service Credentials | Cloud Foundry
CVE-2016-9882: Cloud Foundry Logs Service Credentials Medium Vendor Cloud Foundry Foundation Versions Affected cf-release versions prior to v250 CAPI-release versions prior to v1.12.0 Description Cloud Foundry logs the credentials returned from service brokers in Cloud Controller system component...
CVE-2016-3958/CVE-2016-3959: Golang vulnerabilities | Cloud Foundry
CVE-2016-3958/CVE-2016-3959: Golang vulnerabilities Medium Vendor Golang Versions Affected Golang versions prior to 1.5.4 and 1.6.x versions before 1.6.1 Description Untrusted search path vulnerability in Go before 1.5.4 and 1.6.x before 1.6.1 on Windows allows local users to gain privileges via ...
USN-3146-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
USN-3146-2: Linux kernel Xenial HWE vulnerabilities Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description It was discovered that the getuserasmex implementation in the Linux kernel for x86/x8664 contained extended asm statements that were incompatible with the...
USN-3128-2: Linux kernel (Xenial HWE) vulnerability | Cloud Foundry
USN-3128-2: Linux kernel Xenial HWE vulnerability Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface...
USN-3142-1: ImageMagick vulnerabilities | Cloud Foundry
USN-3142-1: ImageMagick vulnerabilities Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a special...
CVE-2016-8219: Space Auditor can restage apps | Cloud Foundry
CVE-2016-8219: Space Auditor can restage apps Medium Vendor Cloud Foundry Foundation Versions Affected cf-release versions prior to 250 CAPI-release versions prior to 1.12.0 Description A user with the SpaceAuditor role is over-privileged with the ability to restage applications. This could cause...
USN-3096-1: NTP vulnerabilities | Cloud Foundry
USN-3096-1 NTP vulnerabilities Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description Aanchal Malhotra discovered that NTP incorrectly handled authenticated broadcast mode. A remote attacker could use this issue to perform a replay attack. CVE-2015-7973 Matt Stree...
Multiple CVEs: httpoxy | Cloud Foundry
Multiple CVEs: httpoxy Low Vendor Cloud Foundry Versions Affected Go Buildpack versions prior to 1.7.10 PHP Buildpack versions prior to 4.3.17 Description httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. It involves to a namespace conflict...
USN-3156-1: APT vulnerability | Cloud Foundry
USN-3156-1: APT vulnerability High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description Jann Horn discovered that APT incorrectly handled InRelease files. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to insta...
USN-3117-1: GD library vulnerabilities | Cloud Foundry
USN-3117-1: GD library vulnerabilities Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description The GD library could be made to crash or run programs if it processed a specially crafted image file. Software description: libgd2 – GD Graphics Library Ibrahim El-Sayed...
USN-3131-1: ImageMagick vulnerabilities | Cloud Foundry
USN-3131-1: ImageMagick vulnerabilities Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a special...
USN-3067-1: HarfBuzz vulnerabilities | Cloud Foundry
USN-3067-1: HarfBuzz vulnerabilities Medium Vendor Canonical Ubuntu Versions Affected Ubuntu 14.04 LTS Description Kostya Serebryany discovered that HarfBuzz incorrectly handled memory. A remote attacker could use this issue to cause HarfBuzz to crash, resulting in a denial of service, or possibl...
USN-3134-1: Python vulnerabilities | Cloud Foundry
USN-3134-1: Python vulnerabilities Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description It was discovered that the smtplib library in Python did not return an error when StartTLS fails. A remote attacker could possibly use this to expose sensitive information...
USN-3116-1: DBus vulnerabilities | Cloud Foundry
USN-3116-1: DBus vulnerabilities Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description It was discovered that DBus incorrectly validated the source of Activation Failure signals. A local attacker could use this issue to cause a denial of service. This issue only...
USN-3132-1: tar vulnerability | Cloud Foundry
USN-3132-1: tar vulnerability Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description Harry Sintonen discovered that tar incorrectly handled extracting files when path names are specified on the command line. If a user or automated system were tricked into processi...
USN-3139-1: Vim vulnerability | Cloud Foundry
USN-3139-1: Vim vulnerability Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description Florian Larysch discovered that the Vim text editor did not properly validate values for the ‘filetype’, ‘syntax’, and ‘keymap’ options. An attacker could trick a user into openin...
CVE-2016-6659: UAA Privilege Escalation | Cloud Foundry
Critical Vendor Cloud Foundry Foundation Versions Affected Cloud Foundry release v247 and earlier versions UAA release v3.9.2 & earlier versions UAA bosh release uaa-release v23 & earlier versions Description This security update resolves vulnerabilities in UAA. The most severe of the...
USN-3119-1: Bind vulnerability | Cloud Foundry
USN-3119-1: Bind vulnerability Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description Bind could be made to crash if it received specially crafted network traffic. Tony Finch and Marco Davids discovered that Bind incorrectly handled certain responses containing a...
USN-3123-1: curl vulnerabilities | Cloud Foundry
USN-3123-1: curl vulnerabilities Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description It was discovered that curl incorrectly reused client certificates when built with NSS. A remote attacker could possibly use this issue to hijack the authentication of a TLS...
USN-3088-1: Bind vulnerability | Cloud Foundry
USN-3088-1: Bind vulnerability Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description It was discovered that Bind incorrectly handled building responses to certain specially crafted requests. A remote attacker could possibly use this issue to cause Bind to crash,...
CVE-2016-8218: Unauthenticated JWT signing algorithm in routing | Cloud Foundry
CVE-2016-8218: Unauthenticated JWT signing algorithm in routing Critical Vendor Cloud Foundry Foundation Versions Affected routing-release versions prior to 0.142.0 cf-release versions 203 to 231 Description Incomplete validation logic in JSON Web Token JWT libraries can allow unprivileged...
USN-3151-2: Linux kernel (Xenial HWE) vulnerability | Cloud Foundry
USN-3151-2: Linux kernel Xenial HWE vulnerability High Vendor Canonical Ubuntu Versions Affected Ubuntu 14.04 LTS The following Cloud Foundry BOSH stemcells are vulnerable: All versions prior to 3151.5 3233.x versions prior to 3233.6 3263.x versions prior to 3263.12 3312.x versions prior to 3312....
USN-3068-1 Libidn vulnerabilities | Cloud Foundry
USN-3068-1 Libidn vulnerabilities Medium Vendor Canonical Ubuntu, libidn Versions Affected Canonical Ubuntu 14.04 LTS Description Thijs Alkemade, Gustavo Grieco, Daniel Stenberg, and Nikos Mavrogiannopoulos discovered that Libidn incorrectly handled invalid UTF-8 characters. A remote attacker cou...
CVE-2016-6655 Utility Script Command Injection | Cloud Foundry
CVE-2016-6655 Utility Script Command Injection Critical Vendor Cloud Foundry Foundation Versions Affected Cloud Foundry release versions prior to v245 cf-mysql-release versions prior to v31 Description A command injection vulnerability was discovered in a common script used by many Cloud Foundry...
USN-3095-1 PHP vulnerabilities | Cloud Foundry
USN-3095-1 PHP vulnerabilities Medium Vendor PHP Versions Affected Cloud Foundry PHP buildpack versions prior to 4.3.21 Note: The PHP buildpack is patched from upstream PHP source Description Taoguang Chen discovered that PHP incorrectly handled certain invalid objects when unserializing data. A...
USN-3099-2 Linux kernel vulnerabilities | Cloud Foundry
USN-3099-2 Linux kernel vulnerabilities High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description USN-3099-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from...
CVE-2016-6653 MySQL Audit logs sent to Syslog | Cloud Foundry
CVE-2016-6653 MySQL Audit logs sent to Syslog High Vendor Cloud Foundry Foundation Versions Affected Cloud Foundry MySQL Release versions 271 and 282 Description MariaDB’s auditplugin, incorporated in cf-mysql-release starting with cf-mysql-release v27, allows the Operator to enable audit trails,...
USN-3083-1 Linux kernel vulnerabilities | Cloud Foundry
USN-3083-1 Linux kernel vulnerabilities High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description Dmitry Vyukov discovered that the IPv6 implementation in the Linux kernel did not properly handle options data, including a use-after-free. A local attacker could use this...
CVE-2016-6662 - Multiple MySQL Vulnerabilities | Cloud Foundry
CVE-2016-6662 – Multiple MySQL Vulnerabilities Medium Vendor Cloud Foundry Foundation, MariaDB Versions Affected MariaDB versions prior to 10.1.17 cf-mysql versions prior to v29 Description The Cloud Foundry MySQL team recently completed an upgrade of MariaDB to 10.1.17, which includes a large...
USN-3087-2 OpenSSL Regression | Cloud Foundry
USN-3087-2 OpenSSL Regression High Vendor Canonical Ubuntu, OpenSSL Versions Affected Canonical Ubuntu 14.04 LTS, OpenSSLv1 Description USN-3087-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2016-2182 was incomplete and caused a regression when parsing certificates. This update fixes the...
USN-3085-1 GDK-PixBuf vulnerabilities | Cloud Foundry
USN-3085-1 GDK-PixBuf vulnerabilities Medium Vendor Canonical Ubuntu, gdk-pixbuf Versions Affected Canonical Ubuntu 14.04 LTS Description It was discovered that the GDK-PixBuf library did not properly handle specially crafted bmp images, leading to a heap-based buffer overflow. If a user or...
CVE-2016-6651 Privilege Escalation in UAA | Cloud Foundry
CVE-2016-6651 Privilege Escalation in UAA High Vendor Cloud Foundry Foundation Versions Affected Cloud Foundry release v242 and earlier versions UAA release v3.7.0 & earlier versions UAA bosh release uaa-release v16 & earlier versions Description A privilege escalation vulnerability has been...
CVE-2016-6637 UAA CSRF Vulnerability for OAuth Approvals | Cloud Foundry
CVE-2016-6637 UAA CSRF Vulnerability for OAuth Approvals Low Vendor Cloud Foundry Foundation Versions Affected Cloud Foundry release v241 and earlier versions UAA release v2.0.0 – v2.7.4.6 & v3.0.0 – v3.6.0 UAA bosh release v15 & earlier versions Description The profile and authorize approval pag...
CVE-2016-6636 UAA Open Redirect Vulnerability for Subdomains | Cloud Foundry
CVE-2016-6636 UAA Open Redirect Vulnerability for Subdomains Medium Vendor Cloud Foundry Foundation Versions Affected Cloud Foundry release v241 and earlier versions UAA release v2.0.0 – v2.7.4.6, v3.0.0 – v3.4.2 UAA BOSH release v12.3 & earlier versions Description Subdomains in the redirecturi...
CVE-2014-9130: LibYAML vulnerability | Cloud Foundry
CVE-2014-9130: LibYAML vulnerability Medium Vendor LibYAML Versions Affected Cloud Foundry Ruby Buildpack versions prior to 1.6.25 Description Stanisław Pitucha and Jonathan Gray discovered that LibYAML did not properly handle wrapped strings. An attacker could create specially crafted YAML data ...
USN-3045-1 PHP vulnerabilities | Cloud Foundry
USN-3045-1 PHP vulnerabilities Medium Vendor PHP Versions Affected Cloud Foundry PHP buildpack versions prior to 4.3.18 Note: The PHP buildpack is patched from upstream PHP source Description It was discovered that PHP incorrectly handled certain SplMinHeap::compare operations. A remote attacker...
CVE-2016-6639: PHP Buildpack exposes .profile file | Cloud Foundry
CVE-2016-6639: PHP Buildpack exposes .profile file Medium Vendor Cloud Foundry Foundation Versions Affected PHP Buildpack versions prior to v4.3.18 Cf-release versions prior to v242 Description The .profile file, which can potentially include environment variables and credentials, is exposed by...
USN-3061-1 OpenSSH vulnerability | Cloud Foundry
USN-3061-1 OpenSSH vulnerability Medium Vendor Canonical Ubuntu, openssh Versions Affected Canonical Ubuntu 14.04 LTS Description Eddie Harari discovered that OpenSSH incorrectly handled password hashing when authenticating non-existing users. A remote attacker could perform a timing attack and...
USN-3053-1/USN-3037-1 Linux kernel (Vivid HWE) vulnerability | Cloud Foundry
USN-3053-1/USN-3037-1 Linux kernel Vivid HWE vulnerability Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description A missing permission check when settings ACLs was discovered in nfsd. A local user could exploit this flaw to gain access to any file by setting an AC...
USN-3030-1/USN-3060-1 GD library vulnerability | Cloud Foundry
USN-3030-1/USN-3060-1 GD library vulnerability Medium Vendor Canonical Ubuntu, libgd Versions Affected Canonical Ubuntu 14.04 LTS Description It was discovered that the GD library incorrectly handled memory when using gdImageScaleTwoPass. A remote attacker could possibly use this issue to cause a...
USN-3065-1 Libgcrypt vulnerability | Cloud Foundry
USN-3065-1 Libgcrypt vulnerability High Vendor Canonical Ubuntu, libgcrypt Versions Affected Canonical Ubuntu 14.04 LTS Description Felix Dörre and Vladimir Klebanov discovered that Libgcrypt incorrectly handled mixing functions in the random number generator. An attacker able to obtain 4640 bits...
USN-3033-1 libarchive vulnerability | Cloud Foundry
USN-3033-1 libarchive vulnerability Medium Vendor Canonical Ubuntu, libarchive Versions Affected Canonical Ubuntu 14.04 LTS Description Hanno Böck discovered that libarchive contained multiple security issues when processing certain malformed archive files. A remote attacker could use this issue ...
USN-3063-1 Fontconfig vulnerability | Cloud Foundry
USN-3063-1 Fontconfig vulnerability Medium Vendor Canonical Ubuntu, fontconfig Versions Affected Canonical Ubuntu 14.04 LTS Description Tobias Stoeckmann discovered that Fontconfig incorrectly handled cache files. A local attacker could possibly use this issue with a specially crafted cache file ...
USN-3064-1 GnuPG vulnerability | Cloud Foundry
USN-3064-1 GnuPG vulnerability High Vendor Canonical Ubuntu, gnupg Versions Affected Canonical Ubuntu 14.04 LTS Description Felix Dörre and Vladimir Klebanov discovered that GnuPG incorrectly handled mixing functions in the random number generator. An attacker able to obtain 4640 bits from the RN...
USN-3048-1 curl vulnerability | Cloud Foundry
USN-3048-1 curl vulnerability Medium Vendor Canonical Ubuntu, curl Versions Affected Canonical Ubuntu 14.04 LTS Description Bru Rom discovered that curl incorrectly handled client certificates when resuming a TLS session. CVE-2016-5419 It was discovered that curl incorrectly handled client...
CVE-2016-5016 UAA accepts expired certificates | Cloud Foundry
CVE-2016-5016 UAA accepts expired certificates High Vendor Cloud Foundry Foundation Versions Affected Cloud Foundry release v239 and earlier versions UAA release v3.4.1 and earlier versions UAA release V12.2 and earlier versions Description UAA uses the OpenJDK Java Runtime Environment TrustManag...