Canonical Ubuntu 14.04 LTS
Philip Pettersson discovered that the Linux kernel’s ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-0758)
Affected Products and Versions
Severity is high unless otherwise noted.
- Cloud Foundry BOSH stemcells 3146.x versions prior to 3146.12 AND other versions prior to 3232.3 are vulnerable
Users of affected versions should apply the following mitigation:
- The Cloud Foundry project recommends that Cloud Foundry upgrade BOSH stemcell 3146.x versions to 3146.12 OR other versions to 3232.4