1103 matches found
USN-5352-1: Libtasn1 vulnerability | Cloud Foundry
Severity Negligible Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description It was discovered that Libtasn1 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. CVEs contained in this USN include: CVE-2018-1000654. Affecte...
USN-5379-1: klibc vulnerabilities | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that klibc did not properly perform some mathematical operations, leading to an integer overflow. An attacker could possibly use this issue to cause a crash, resultin...
USN-5380-1: Bash vulnerability | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that Bash did not properly drop privileges when the binary had the setuid bit enabled. An attacker could possibly use this issue to escalate privileges. Update...
USN-5331-1: tcpdump vulnerabilities | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description It was discovered that tcpdump incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. CVE-2018-16301 It was discovered...
USN-5298-1: Linux kernel vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that the Packet network protocol implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of...
USN-5320-1: Expat vulnerabilities and regression | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description USN-5288-1 fixed several vulnerabilities in Expat. For CVE-2022-25236 it caused a regression and an additional patch was required. This update address this regression and several...
USN-5319-1: Linux kernel vulnerabilities | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano Giuffrida discovered that hardware mitigations added by Intel to their processors to address Spectre-BTI were insufficient. A local...
USN-5334-1: man-db vulnerability | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description It was discovered that man-db incorrectly handled permission changing operations in its daily cron job, and was therefore affected by a race condition. An attacker could possibly use this issue to escalate...
USN-5301-1: Cyrus SASL vulnerability | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that the Cyrus SASL SQL plugin incorrectly handled SQL input. A remote attacker could use this issue to execute arbitrary SQL commands. CVEs contained in this USN include: CVE-2022-24407...
USN-5326-1: FUSE vulnerabilities | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description It was discovered that FUSE is susceptible to a restriction bypass flaw on a system that has SELinux active. A local attacker with non-root privileges could mount a FUSE file system that is accessible to...
USN-5328-2: OpenSSL vulnerabilityUSN-5328-2: OpenSSL vulnerability | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description USN-5328-1 fixed a vulnerability in OpenSSL. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Tavis Ormandy discovered that OpenSSL...
USN-5341-1: GNU binutils vulnerabilities | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description It was discovered that GNU binutils incorrectly handled checks for memory allocation when parsing relocs in a corrupt file. An attacker could possibly use this issue to cause a denial of service...
USN-5288-1: Expat vulnerabilities | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. CVEs contained in this USN includ...
USN-5343-1: Linux kernel vulnerabilities | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 releaseagent feature. A local attacker could use this to gain...
USN-5338-1: Linux kernel vulnerabilities | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 releaseagent feature. A local attacker could use this to gain...
USN-5358-1: Linux kernel vulnerabilities | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that the network traffic control implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or...
CVE-2022-22965: UAA affected by Spring Framework RCE via Data Binding on JDK 9+ | Cloud Foundry
Severity Critical Vendor Cloud Foundry Foundation Description In Cloud Foundry UAA, a remote code execution vulnerability is present due to an issue in the Spring Framework identified by CVE-2022-22965. A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code...
CVE-2021-22100: Cloud Controller is vulnerable to denial of service due to misbehaving service brokers | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation Description Cloud Controller CAPI is vulnerable to a denial-of-service attack in which a developer can push a service broker that accidentally or maliciously causes CC instances to timeout and fail. An attacker can leverage this vulnerability to cau...
USN-5247-1: Vim vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that vim incorrectly handled parsing of filenames in its search functionality. If a user was tricked into opening a specially crafted file, an attacker could crash the application, leadi...
USN-5294-2: Linux kernel vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that the Packet network protocol implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service system crash or...
USN-5240-1: Linux kernel vulnerability | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description William Liu and Jamie Hill-Daniel discovered that the file system context functionality in the Linux kernel contained an integer underflow vulnerability, leading to an out-of-bounds write. A local attacker...
USN-5318-1: Linux kernel vulnerabilities | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Nick Gregory discovered that the Linux kernel incorrectly handled network offload functionality. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2022-256...
USN-5267-1: Linux kernel vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that the Bluetooth subsystem in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute...
USN-5267-2: Linux kernel regression | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description USN-5267-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression that caused the kernel to freeze when accessing CIFS shares in some situations. This update fixes...
USN-5268-1: Linux kernel vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Keyu Man discovered that the ICMP implementation in the Linux kernel did not properly handle received ICMP error packets. A remote attacker could use this to facilitate attacks on U...
USN-5270-1: MySQL vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.28 in Ubuntu 20.04 LTS and Ubuntu 21.10. Ubuntu...
USN-5280-1: Speex vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that Speex incorrectly handled certain WAV files. An attacker could possibly use this issue to cause a denial of service. CVEs contained in this USN include: CVE-2020-23903. Affected Clo...
USN-5260-2: Samba vulnerability | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Orange Tsai discovered that the Samba vfsfruit module incorrectly handled certain memory operations. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or...
USN-5254-1: shadow vulnerabilities | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that shadow incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or expose sensitive information. This issue only affected...
USN-5235-1: Ruby vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that Ruby incorrectly handled certain HTML files. An attacker could possibly use this issue to cause a crash. This issue only affected Ubuntu 20.04 LTS, Ubuntu 21.04, and Ubuntu 21.10...
USN-5209-1: Linux kernel vulnerabilities | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data...
USN-5199-1: Python vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex with a quadratic worst-case time complexity. Specially crafted traffic from a malicious HTTP server could...
USN-5126-1: Bind vulnerability | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Bind could be made to consume resources if it received specially crafted network traffic. Affected Cloud Foundry Products and Versions Severity is unknown unless otherwise noted. Bionic Stemcells 1.x...
USN-5163-1: Linux kernel vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Ilja Van Sprundel discovered that the SCTP implementation in the Linux kernel did not properly perform size validations on incoming packets in some situations. An attacker could possibly use this to expos...
USN-5144-1: OpenEXR vulnerability | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description OpenEXR could be made to crash or execute arbitrary code if it received a specially crafted EXR file. Affected Cloud Foundry Products and Versions Severity is unknown unless otherwise noted. cflinuxfs3 A...
USN-5158-1: ImageMagick vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that ImageMagick incorrectly handled certain values when processing visual effects based image files. By tricking a user into opening a specially crafted image file, an attacker could...
USN-5179-1: BusyBox vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that BusyBox incorrectly handled certain malformed gzip archives. If a user or automated system were tricked into processing a specially crafted gzip archive, a remote attacker could use...
USN-5168-1: NSS vulnerability | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Tavis Ormandy discovered that NSS incorrectly handled verifying DSA/RSA-PSS signatures. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute...
USN-5137-1: Linux kernel vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Several security issues were fixed in the Linux kernel. CVEs contained in this USN include: CVE-2021-3428, CVE-2021-34556, CVE-2021-35477, CVE-2021-3739, CVE-2021-3743, CVE-2021-3753, CVE-2021-3759,...
USN-5174-2: Samba regression | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description USN-5174-1 fixed vulnerabilities in Samba. Some of the changes introduced a regression in Kerberos authentication in certain environments. Please see the following upstream bug for more information:...
USN-5164-1: Linux kernel vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that the Option USB High Speed Mobile device driver in the Linux kernel did not properly handle error conditions. A physically proximate attacker could use this to...
USN-5150-1: OpenEXR vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description OpenEXR could be made to crash if it opened a specially crafted file. CVEs contained in this USN include: CVE-2021-3941. Affected Cloud Foundry Products and Versions Severity is medium unless otherwise...
USN-5174-1: Samba vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Stefan Metzmacher discovered that Samba incorrectly handled SMB1 client connections. A remote attacker could possibly use this issue to downgrade connections to plaintext authentication. CVE-2016-2124...
USN-5136-1: Linux kernel vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Several security issues were fixed in the Linux kernel. CVEs contained in this USN include: CVE-2021-38199, CVE-2021-3743, CVE-2021-3753, CVE-2021-3759, CVE-2019-19449,...
USN-5147-1: Vim vulnerabilities | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Several security issues were fixed in Vim. CVEs contained in this USN include: CVE-2017-17087, CVE-2019-20807. Affected Cloud Foundry Products and Versions Severity is low unless...
USN-5145-1: PostgreSQL vulnerabilities | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description PostgreSQL could allow unintended access to network services. Affected Cloud Foundry Products and Versions Severity is unknown unless otherwise noted. cflinuxfs3 All versions prior to 0.266.0 CF Deployme...
USN-5189-1: GLib vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that GLib incorrectly handled certain environment variables. An attacker could possibly use this issue to escalate privileges. CVEs contained in this USN include:...
USN-5210-1: Linux kernel vulnerabilities | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes tha...
USN-5210-2: Linux kernel regression | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description USN-5210-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression that caused failures to boot in environments with AMD Secure Encrypted Virtualization SEV enabled...
USN-5133-1: ICU vulnerability | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description ICU could be made to crash if it received specially crafted input. CVEs contained in this USN include: CVE-2020-21913. Affected Cloud Foundry Products and Versions Severity is low unle...