Canonical Ubuntu, Libtasn1
Ubuntu 14.04 LTS
Pascal Cuoq and Miod Vallat discovered that Libtasn1 incorrectly handled certain malformed DER certificates. A remote attacker could possibly use this issue to cause applications using Libtasn1 to hang, resulting in a denial of service. (CVE-2016-4008)
Affected Products and Versions
Severity is medium unless otherwise noted.
- All versions of Cloud Foundry rootfs prior to 1.53.0
- Cloud Foundry BOSH stemcells 3146.x versions prior to 3146.11 AND other versions prior to 3232.2 are vulnerable.
Users of affected versions should apply the following mitigation:
- The Cloud Foundry project recommends that Cloud Foundry deployments run with rootfs version 1.53.0 and higher
- The Cloud Foundry project recommends that Cloud Foundry upgrade BOSH stemcell 3146.x versions to 3146.11 OR other versions to 3232.2
Pascal Cuoq and Miod Vallat