1111 matches found
USN-5137-1: Linux kernel vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Several security issues were fixed in the Linux kernel. CVEs contained in this USN include: CVE-2021-3428, CVE-2021-34556, CVE-2021-35477, CVE-2021-3739, CVE-2021-3743, CVE-2021-3753, CVE-2021-3759,...
USN-5136-1: Linux kernel vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Several security issues were fixed in the Linux kernel. CVEs contained in this USN include: CVE-2021-38199, CVE-2021-3743, CVE-2021-3753, CVE-2021-3759, CVE-2019-19449,...
USN-5144-1: OpenEXR vulnerability | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description OpenEXR could be made to crash or execute arbitrary code if it received a specially crafted EXR file. Affected Cloud Foundry Products and Versions Severity is unknown unless otherwise noted. cflinuxfs3 A...
USN-5145-1: PostgreSQL vulnerabilities | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description PostgreSQL could allow unintended access to network services. Affected Cloud Foundry Products and Versions Severity is unknown unless otherwise noted. cflinuxfs3 All versions prior to 0.266.0 CF Deployme...
USN-5163-1: Linux kernel vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Ilja Van Sprundel discovered that the SCTP implementation in the Linux kernel did not properly perform size validations on incoming packets in some situations. An attacker could possibly use this to expos...
USN-5189-1: GLib vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that GLib incorrectly handled certain environment variables. An attacker could possibly use this issue to escalate privileges. CVEs contained in this USN include:...
USN-5210-2: Linux kernel regression | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description USN-5210-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression that caused failures to boot in environments with AMD Secure Encrypted Virtualization SEV enabled...
USN-5210-1: Linux kernel vulnerabilities | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes tha...
Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45105 ) impact on Cloud Foundry Products | Cloud Foundry
Severity Critical Vendor Cloud Foundry Foundation Description A critical vulnerability in Apache Log4j identified by CVE-2021-44228 has been publicly disclosed . Log4j versions prior to 2.15.0 are subject to a remote code execution vulnerability via the ldap JNDI parser and may allow for remote...
USN-5123-1: MySQL vulnerabilities | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Several security issues were fixed in MySQL. Affected Cloud Foundry Products and Versions Severity is unknown unless otherwise noted. cflinuxfs3 All versions prior to 0.8.0 CF Deployment All versions pri...
USN-5116-1: Linux kernel vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Several security issues were fixed in the Linux kernel. CVEs contained in this USN include: CVE-2021-38198, CVE-2021-38205, CVE-2021-3732, CVE-2021-40490, CVE-2020-3702. Affected Cloud Foundry Products an...
USN-5114-1: Linux kernel vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Several security issues were fixed in the Linux kernel. CVEs contained in this USN include: CVE-2021-38198, CVE-2021-40490, CVE-2020-3702. Affected Cloud Foundry Products and Versio...
USN-5094-1: Linux kernel vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Several security issues were fixed in the Linux kernel. CVEs contained in this USN include: CVE-2021-22543, CVE-2021-3679, CVE-2021-37576, CVE-2021-38204, CVE-2021-38205,...
USN-5102-1: Mercurial vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Several security issues were fixed in Mercurial. CVEs contained in this USN include: CVE-2018-17983, CVE-2019-3902. Affected Cloud Foundry Products and Versions Severity is medium unless otherwise noted...
USN-5089-1: ca-certificates update | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description A certificate about to expire was removed from ca-certificates. Affected Cloud Foundry Products and Versions Severity is unknown unless otherwise noted. Bionic Stemcells 1.x versions prior to 1.33 All...
USN-5086-1: Linux kernel vulnerability | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description IBM s390x systems could be made to crash or run programs as an administrator. Affected Cloud Foundry Products and Versions Severity is unknown unless otherwise noted. Bionic...
USN-5093-1: Vim vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Several security issues were fixed in Vim. CVEs contained in this USN include: CVE-2021-3770, CVE-2021-3778, CVE-2021-3796. Affected Cloud Foundry Products and Versions Severity is...
USN-5124-1: GNU binutils vulnerabilities | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Several security issues were fixed in GNU binutils. CVEs contained in this USN include: CVE-2020-16592, CVE-2021-3487. Affected Cloud Foundry Products and Versions Severity is low unless otherwise noted...
USN-5051-3: OpenSSL vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description USN-5051-1 fixed a vulnerability in OpenSSL. This update provides the corresponding update for the openssl1.0 package in Ubuntu 18.04 LTS. Original advisory details: Ingo Schwarze discovered that OpenSSL...
USN-5080-1: Libgcrypt vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Libgcrypt could be made to expose sensitive information. CVEs contained in this USN include: CVE-2021-33560, CVE-2021-40528. Affected Cloud Foundry Products and Versions Severity is medium unless otherwis...
USN-5079-3: curl vulnerabilities | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description USN-5079-1 introduced a regression in curl. Affected Cloud Foundry Products and Versions Severity is unknown unless otherwise noted. Bionic Stemcells 1.x versions prior to 1.31 All other stemcells not...
USN-5076-1: Git vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Git incorrectly handled certain repository paths. CVEs contained in this USN include: CVE-2021-40330. Affected Cloud Foundry Products and Versions Severity is medium unless otherwis...
USN-5079-1: curl vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Several security issues were fixed in curl. CVEs contained in this USN include: CVE-2021-22946, CVE-2021-22947, CVE-2021-22945. Affected Cloud Foundry Products and Versions Severity is medium unless...
CVE-2021-22101: Cloud Controller is vulnerable to unauthenticated denial of service | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Description Cloud Controller versions prior to 1.118.0 are vulnerable to unauthenticated denial of ServiceDoS vulnerability. An attacker can leverage this vulnerability to cause denial of service by using REST HTTP requests with labelselectors on...
USN-5071-2: Linux kernel (HWE) vulnerabilities | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Several security issues were fixed in the Linux kernel. USN-5071-1 fixed vulnerabilities in the Linux kernel for Ubuntu 20.04 LTS. This update provides the corresponding updates for the Linux Hardware...
USN-5091-1: Linux kernel vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Several security issues were fixed in the Linux kernel. Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk discovered that the BPF verifier in the Linux kernel missed possible mispredicted...
USN-5068-1: GD library vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that GD Graphics Library incorrectly handled certain GD and GD2 files. An attacker could possibly use this issue to cause a crash or expose...
USN-5064-1: GNU cpio vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Maverick Chung and Qiaoyi Fang discovered that cpio incorrectly handled certain pattern files. A remote attacker could use this issue to cause cpio to crash, resulting in a denial of service, or possibly...
USN-5051-1: OpenSSL vulnerabilities | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description John Ouyang discovered that OpenSSL incorrectly handled decrypting SM2 data. A remote attacker could use this issue to cause applications using OpenSSL to crash, resulting in a denial of service, or possibl...
USN-3809-2: OpenSSH regression | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description USN-3809-1 fixed vulnerabilities in OpenSSH. The update for CVE-2018-15473 was incomplete and could introduce a regression in certain environments. This update fixes the problem. We apologize for the...
USN-5021-1: curl vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Harry Sintonen and Tomas Hoger discovered that curl incorrectly handled TELNET connections when the -t option was used on the command line. Uninitialized data possibly containing sensitive information cou...
USN-5020-1: Ruby vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. CVE-2021-31799 It was discovered that Ruby incorrectly handled certain...
USN-5045-1: Linux kernel vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Norbert Slusarek discovered that the CAN broadcast manger bcm protocol implementation in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to expose...
USN-5017-1: Linux kernel vulnerabilities | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service syste...
USN-5013-1: systemd vulnerabilities | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that systemd incorrectly handled certain mount paths. A local attacker could possibly use this issue to cause systemd to crash, resulting in a denial of service. CVE-2021-33910 Mitchell...
USN-5005-1: DjVuLibre vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that DjVuLibre incorrectly handled certain djvu files. An attacker could possibly use this issue to execute arbitrary code or cause a crash. CVEs contained in this USN include:...
CVE-2021-22099: Server Side Request Forgery in Cloud Controller | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation Description Cloud Foundry Cloud Controller component is vulnerable to a Server-Side Request Forgery SSRF vulnerability. A malicious user can use this vulnerability to send HTTP GET requests to any internal component in the CF environment, and also t...
CVE-2021-22098: Open redirect vulnerability in UAA server | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation Description UAA server versions prior to 75.4.0 are vulnerable to an open redirect vulnerability. A malicious user can exploit the open redirect vulnerability by social engineering leading to take over of victims’ accounts in certain cases along wit...
CVE-2021-22001: Sensitive info leakage in UAA during Identity Provider deletion | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation Description In UAA versions prior to 75.3.0, sensitive information like relaying secret of the provider was revealed in response when deletion request of an identity provider IdP of type “oauth 1.0” was sent to UAA server. An attacker can gain acces...
USN-4996-1: OpenEXR vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or...
USN-4990-1: Nettle vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that Nettle incorrectly handled RSA decryption. A remote attacker could possibly use this issue to cause Nettle to crash, resulting in a denial of service. CVE-2021-3580 It was discovere...
USN-4988-1: ImageMagick vulnerabilities | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could...
USN-4991-1: libxml2 vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Yunho Kim discovered that libxml2 incorrectly handled certain error conditions. A remote attacker could exploit this with a crafted XML file to cause a denial...
USN-5000-1: Linux kernel vulnerabilities | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute...
USN-4957-1: DjVuLibre vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that DjVuLibre incorrectly handled certain memory operations. If a user or automated system were tricked into processing a specially crafted DjVu file, a remote attacker could cause...
USN-4945-1: Linux kernel vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that the Nouveau GPU driver in the Linux kernel did not properly handle error conditions in some situations. A local attacker could use this to cause a denial of service system crash...
USN-4938-1: Unbound vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that Unbound contained multiple security issues. A remote attacker could possibly use these issues to cause a denial of service, inject arbitrary commands, execute arbitrary code, and...
Security Advisory Update: Transitioning from Xenial to Bionic Stemcells | Cloud Foundry
The Cloud Foundry Foundation Security Working Group would like to provide a brief update with regard to security advisories. As you may know, Ubuntu Xenial 16.04 has transitioned from free long-term support LTS status to paid extended security maintenance ESM. Accordingly, the Cloud Foundry...
USN-4628-3: Intel Microcode vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description USN-4628-1 provided updated Intel Processor Microcode for various processor types. This update provides the corresponding updates for some additional processor types. Original advisory details: Moritz Lip...
USN-4968-1: LZ4 vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that LZ4 incorrectly handled certain memory operations. If a user or automated system were tricked into uncompressing a specially- crafted LZ4 file, a remote attacker could use this issu...