1111 matches found
USN-5376-3: Git regression | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description USN-5376-1 fixed vulnerabilities in Git, some patches were missing to properly fix the issue. This update fixes the problem. Original advisory details: 俞晨东 discovered that Git incorrectly handled certain...
USN-5329-1: tar vulnerability | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that tar incorrectly handled certain files. An attacker could possibly use this issue to cause tar to crash, resulting in a denial of service. CVEs contained in this...
USN-5328-1: OpenSSL vulnerability | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Tavis Ormandy discovered that OpenSSL incorrectly parsed certain certificates. A remote attacker could possibly use this issue to cause OpenSSH to stop responding, resulting in a denial of service. CVEs...
USN-5378-2: XZ Utils vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Cleemy Desu Wayo discovered that XZ Utils incorrectly handled certain filenames. If a user or automated system were tricked into performing xzgrep operations with specially crafted filenames, a remote...
USN-5397-1: curl vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Patrick Monnerat discovered that curl incorrectly handled certain OAUTH2. An attacker could possibly use this issue to access sensitive information. CVE-2022-22576 Harry Sintonen discovered that curl...
USN-5380-1: Bash vulnerability | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that Bash did not properly drop privileges when the binary had the setuid bit enabled. An attacker could possibly use this issue to escalate privileges. Update...
USN-5391-1: libsepol vulnerabilities | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Nicolas Iooss discovered that libsepol incorrectly handled memory when handling policies. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, ...
USN-5342-1: Python vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description David Schwörer discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu...
USN-5349-1: GNU binutils vulnerability | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description It was discovered that GNU binutils gold incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. CVEs contained in this USN include: CVE-2019-1010204...
USN-5339-1: Linux kernel vulnerabilities | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 releaseagent feature. A local attacker could...
USN-5332-1: Bind vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Xiang Li, Baojun Liu, Chaoyi Lu, and Changgen Zou discovered that Bind incorrectly handled certain bogus NS records when using forwarders. A remote attacker could possibly use this issue to manipulate cac...
USN-5319-1: Linux kernel vulnerabilities | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano Giuffrida discovered that hardware mitigations added by Intel to their processors to address Spectre-BTI were insufficient. A local...
USN-5288-1: Expat vulnerabilities | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. CVEs contained in this USN includ...
USN-5334-1: man-db vulnerability | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description It was discovered that man-db incorrectly handled permission changing operations in its daily cron job, and was therefore affected by a race condition. An attacker could possibly use this issue to escalate...
USN-5331-1: tcpdump vulnerabilities | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description It was discovered that tcpdump incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. CVE-2018-16301 It was discovered...
USN-5328-2: OpenSSL vulnerabilityUSN-5328-2: OpenSSL vulnerability | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description USN-5328-1 fixed a vulnerability in OpenSSL. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Tavis Ormandy discovered that OpenSSL...
USN-5320-1: Expat vulnerabilities and regression | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description USN-5288-1 fixed several vulnerabilities in Expat. For CVE-2022-25236 it caused a regression and an additional patch was required. This update address this regression and several...
USN-5298-1: Linux kernel vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that the Packet network protocol implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of...
USN-5301-1: Cyrus SASL vulnerability | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that the Cyrus SASL SQL plugin incorrectly handled SQL input. A remote attacker could use this issue to execute arbitrary SQL commands. CVEs contained in this USN include: CVE-2022-24407...
USN-5343-1: Linux kernel vulnerabilities | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 releaseagent feature. A local attacker could use this to gain...
USN-5341-1: GNU binutils vulnerabilities | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description It was discovered that GNU binutils incorrectly handled checks for memory allocation when parsing relocs in a corrupt file. An attacker could possibly use this issue to cause a denial of service...
USN-5326-1: FUSE vulnerabilities | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description It was discovered that FUSE is susceptible to a restriction bypass flaw on a system that has SELinux active. A local attacker with non-root privileges could mount a FUSE file system that is accessible to...
USN-5358-1: Linux kernel vulnerabilities | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that the network traffic control implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or...
USN-5338-1: Linux kernel vulnerabilities | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 releaseagent feature. A local attacker could use this to gain...
CVE-2022-22965: UAA affected by Spring Framework RCE via Data Binding on JDK 9+ | Cloud Foundry
Severity Critical Vendor Cloud Foundry Foundation Description In Cloud Foundry UAA, a remote code execution vulnerability is present due to an issue in the Spring Framework identified by CVE-2022-22965. A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code...
CVE-2021-22100: Cloud Controller is vulnerable to denial of service due to misbehaving service brokers | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation Description Cloud Controller CAPI is vulnerable to a denial-of-service attack in which a developer can push a service broker that accidentally or maliciously causes CC instances to timeout and fail. An attacker can leverage this vulnerability to cau...
USN-5247-1: Vim vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that vim incorrectly handled parsing of filenames in its search functionality. If a user was tricked into opening a specially crafted file, an attacker could crash the application, leadi...
USN-5318-1: Linux kernel vulnerabilities | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Nick Gregory discovered that the Linux kernel incorrectly handled network offload functionality. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2022-256...
USN-5240-1: Linux kernel vulnerability | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description William Liu and Jamie Hill-Daniel discovered that the file system context functionality in the Linux kernel contained an integer underflow vulnerability, leading to an out-of-bounds write. A local attacker...
USN-5294-2: Linux kernel vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that the Packet network protocol implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service system crash or...
USN-5254-1: shadow vulnerabilities | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that shadow incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or expose sensitive information. This issue only affected...
USN-5270-1: MySQL vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.28 in Ubuntu 20.04 LTS and Ubuntu 21.10. Ubuntu...
USN-5267-1: Linux kernel vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that the Bluetooth subsystem in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute...
USN-5268-1: Linux kernel vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Keyu Man discovered that the ICMP implementation in the Linux kernel did not properly handle received ICMP error packets. A remote attacker could use this to facilitate attacks on U...
USN-5267-2: Linux kernel regression | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description USN-5267-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression that caused the kernel to freeze when accessing CIFS shares in some situations. This update fixes...
USN-5280-1: Speex vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that Speex incorrectly handled certain WAV files. An attacker could possibly use this issue to cause a denial of service. CVEs contained in this USN include: CVE-2020-23903. Affected Clo...
USN-5260-2: Samba vulnerability | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Orange Tsai discovered that the Samba vfsfruit module incorrectly handled certain memory operations. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or...
USN-5235-1: Ruby vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that Ruby incorrectly handled certain HTML files. An attacker could possibly use this issue to cause a crash. This issue only affected Ubuntu 20.04 LTS, Ubuntu 21.04, and Ubuntu 21.10...
USN-5199-1: Python vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex with a quadratic worst-case time complexity. Specially crafted traffic from a malicious HTTP server could...
USN-5209-1: Linux kernel vulnerabilities | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data...
USN-5144-1: OpenEXR vulnerability | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description OpenEXR could be made to crash or execute arbitrary code if it received a specially crafted EXR file. Affected Cloud Foundry Products and Versions Severity is unknown unless otherwise noted. cflinuxfs3 A...
USN-5137-1: Linux kernel vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Several security issues were fixed in the Linux kernel. CVEs contained in this USN include: CVE-2021-3428, CVE-2021-34556, CVE-2021-35477, CVE-2021-3739, CVE-2021-3743, CVE-2021-3753, CVE-2021-3759,...
USN-5150-1: OpenEXR vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description OpenEXR could be made to crash if it opened a specially crafted file. CVEs contained in this USN include: CVE-2021-3941. Affected Cloud Foundry Products and Versions Severity is medium unless otherwise...
USN-5147-1: Vim vulnerabilities | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Several security issues were fixed in Vim. CVEs contained in this USN include: CVE-2017-17087, CVE-2019-20807. Affected Cloud Foundry Products and Versions Severity is low unless...
USN-5168-1: NSS vulnerability | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Tavis Ormandy discovered that NSS incorrectly handled verifying DSA/RSA-PSS signatures. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute...
USN-5189-1: GLib vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that GLib incorrectly handled certain environment variables. An attacker could possibly use this issue to escalate privileges. CVEs contained in this USN include:...
USN-5179-1: BusyBox vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that BusyBox incorrectly handled certain malformed gzip archives. If a user or automated system were tricked into processing a specially crafted gzip archive, a remote attacker could use...
USN-5126-1: Bind vulnerability | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Bind could be made to consume resources if it received specially crafted network traffic. Affected Cloud Foundry Products and Versions Severity is unknown unless otherwise noted. Bionic Stemcells 1.x...
USN-5145-1: PostgreSQL vulnerabilities | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description PostgreSQL could allow unintended access to network services. Affected Cloud Foundry Products and Versions Severity is unknown unless otherwise noted. cflinuxfs3 All versions prior to 0.266.0 CF Deployme...
USN-5158-1: ImageMagick vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that ImageMagick incorrectly handled certain values when processing visual effects based image files. By tricking a user into opening a specially crafted image file, an attacker could...