USN-2977-1 Linux kernel (Vivid HWE) vulnerabilities

Severity

High

Vendor

Canonical Ubuntu

Versions Affected

Canonical Ubuntu 14.04 LTS

Description

Philip Pettersson discovered that the Linux kernel’s ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-0758)

Affected Products and Versions

Severity is high unless otherwise noted.

Cloud Foundry BOSH stemcells 3146.x versions prior to 3146.12 AND other versions prior to 3232.3 are vulnerable

Mitigation

Users of affected versions should apply the following mitigation:

The Cloud Foundry project recommends that Cloud Foundry upgrade BOSH stemcell 3146.x versions to 3146.12 OR other versions to 3232.4

Credit

Philip Pettersson

References

http://www.ubuntu.com/usn/usn-2977-1/
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-0758.html

USN-2977-1 Linux kernel (Vivid HWE) vulnerabilities

Severity

Vendor

Versions Affected

Description

Affected Products and Versions

Mitigation

Credit

References

You Might Also Like

USN-6055-2: Ruby regression

USN-3444-2: Linux kernel (Xenial HWE) vulnerabilities

USN-2820-1 dpkg vulnerability

Sign up for the Cloud Foundry Newsletter today!

Sign up for the
Cloud Foundry Newsletter today!