Cloud Foundry Blog

Your one-stop shop for the latest Cloud Foundry tutorials, platform updates & more.


Sort By: Latest | Popular | Oldest

USN-3172-1: Bind vulnerabilities

USN-3172-1: Bind vulnerabilities Severity Medium Vendor Ubuntu Versions Affected Ubuntu 14.04 LTS Description It was discovered that Bind incorrectly handled certain malformed responses to an ANY query. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. (CVE-2016-9131) It was discovered that Bind incorrectly handled certain … Continue reading “USN-3172-1: Bind vulnerabilities”

USN-3161-2: Linux kernel (Xenial HWE) vulnerabilities

USN-3161-2: Linux kernel (Xenial HWE) vulnerabilities Severity Medium Vendor Ubuntu Versions Affected Ubuntu 14.04 LTS Description Tilman Schmidt and Sasha Levin discovered a use-after-free condition in the TTY implementation in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2015-8964) It was discovered that the Video For Linux Two … Continue reading “USN-3161-2: Linux kernel (Xenial HWE) vulnerabilities”

USN-3169-2: Linux kernel (Xenial HWE) vulnerabilities

USN-3169-2: Linux kernel (Xenial HWE) vulnerabilities Severity Medium Vendor Ubuntu Versions Affected Ubuntu 14.04 LTS Description Dmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment (CS) in certain error cases. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2016-9756) Andrey Konovalov discovered … Continue reading “USN-3169-2: Linux kernel (Xenial HWE) vulnerabilities”

CVE-2016-6660: Cloud Controller logs application environment variables

CVE-2016-6660: Cloud Controller logs application environment variables Severity Low Vendor Cloud Foundry Foundation Versions Affected Cloud Foundry Release versions prior to 250 CAPI versions prior to 1.12.0 Description The Cloud Foundry Cloud Controller /v2/apps endpoint logs environment variables in plaintext when pushing a manifest containing environment variables or when setting environment variables using cf set-env. … Continue reading “CVE-2016-6660: Cloud Controller logs application environment variables”

USN-3024-1: tomcat6, tomcat7 vulnerabilities

USN-3024-1: tomcat6, tomcat7 vulnerabilities Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description It was discovered that Tomcat incorrectly handled pathnames used by web applications in a getResource, getResourceAsStream, or getResourcePaths call. A remote attacker could use this issue to possibly list a parent directory . This issue only affected Ubuntu 12.04 … Continue reading “USN-3024-1: tomcat6, tomcat7 vulnerabilities”

CVE-2016-9882: Cloud Foundry Logs Service Credentials

CVE-2016-9882: Cloud Foundry Logs Service Credentials Severity Medium Vendor Cloud Foundry Foundation Versions Affected cf-release versions prior to v250 CAPI-release versions prior to v1.12.0 Description Cloud Foundry logs the credentials returned from service brokers in Cloud Controller system component logs. These logs are written to disk and often sent to a log aggregator via syslog. … Continue reading “CVE-2016-9882: Cloud Foundry Logs Service Credentials”

CVE-2016-3958/CVE-2016-3959: Golang vulnerabilities

CVE-2016-3958/CVE-2016-3959: Golang vulnerabilities Severity Medium Vendor Golang Versions Affected Golang versions prior to 1.5.4 and 1.6.x versions before 1.6.1 Description Untrusted search path vulnerability in Go before 1.5.4 and 1.6.x before 1.6.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, related to use of the … Continue reading “CVE-2016-3958/CVE-2016-3959: Golang vulnerabilities”

USN-3146-2: Linux kernel (Xenial HWE) vulnerabilities

USN-3146-2: Linux kernel (Xenial HWE) vulnerabilities Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description It was discovered that the __get_user_asm_ex implementation in the Linux kernel for x86/x86_64 contained extended asm statements that were incompatible with the exception table. A local attacker could use this to gain administrative privileges. (CVE-2016-9644) Andreas Gruenbacher … Continue reading “USN-3146-2: Linux kernel (Xenial HWE) vulnerabilities”

USN-3128-2: Linux kernel (Xenial HWE) vulnerability

USN-3128-2: Linux kernel (Xenial HWE) vulnerability Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service (system crash). … Continue reading “USN-3128-2: Linux kernel (Xenial HWE) vulnerability”