USN-3505-1: Linux firmware vulnerabilities

Severity

High

Vendor

Canonical Ubuntu

Versions Affected

Canonical Ubuntu 14.04

Description

Mathy Vanhoef discovered that the firmware for several Intel WLAN devices incorrectly handled WPA2 in relation to Wake on WLAN. A remote attacker could use this issue with key reinstallation attacks to obtain sensitive information. (CVE-2017-13080, CVE-2017-13081)

Affected Cloud Foundry Products and Versions

Severity is high unless otherwise noted.

Cloud Foundry BOSH stemcells are vulnerable, including:
- 3421.x versions prior to 3421.34
- 3445.x versions prior to 3445.19
- 3468.x versions prior to 3468.13
- All other stemcells not listed.

Mitigation

OSS users are strongly encouraged to follow one of the mitigations below:

The Cloud Foundry project recommends upgrading the following BOSH stemcells:
- Upgrade 3421.x versions prior to 3421.34
- Upgrade 3445.x versions prior to 3445.19
- Upgrade 3468.x versions prior to 3468.13
- All other stemcells should be upgraded to the latest version available on bosh.io.

USN-3505-1: Linux firmware vulnerabilities

USN-3505-1: Linux firmware vulnerabilities

Severity

Vendor

Versions Affected

Description

Affected Cloud Foundry Products and Versions

Mitigation

References

You Might Also Like

CVE-2016-6651 Privilege Escalation in UAA

USN-5511-1: Git vulnerabilities

CVE-2020-5417: Cloud Controller may allow developers to claim sensitive routes

Sign up for the Cloud Foundry Newsletter today!

Sign up for the
Cloud Foundry Newsletter today!