Cloud Foundry Blog

Your one-stop shop for the latest Cloud Foundry tutorials, platform updates & more.


Sort By: Latest | Popular | Oldest

USN-3185-1: libXpm vulnerability

USN-3185-1: libXpm vulnerability Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could use this issue to cause libXpm to crash, resulting in a denial … Continue reading “USN-3185-1: libXpm vulnerability”

Multiple PHP vulnerabilities

Multiple PHP vulnerabilities Severity Medium Vendor PHP Versions Affected Cloud Foundry PHP buildpack versions prior to 4.3.29 Note: The PHP buildpack is patched from upstream PHP source Description It was discovered that PHP incorrectly handled certain arguments to the locale_get_display_name function. A remote attacker could use this issue to cause PHP to crash, resulting in … Continue reading “Multiple PHP vulnerabilities”

USN-3212-1: LibTIFF vulnerabilities

USN-3212-1: LibTIFF vulnerabilities Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary … Continue reading “USN-3212-1: LibTIFF vulnerabilities”

USN-3205-1: tcpdump vulnerabilities

USN-3205-1: tcpdump vulnerabilities Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description It was discovered that tcpdump incorrectly handled certain packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated … Continue reading “USN-3205-1: tcpdump vulnerabilities”

USN-3183-1: GnuTLS Vulnerabilities

USN-3183-1: GnuTLS Vulnerabilities Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description Stefan Buehler discovered that GnuTLS incorrectly verified the serial length of OCSP responses. A remote attacker could possibly use this issue to bypass certain certificate validation measures. This issue only applied to Ubuntu 16.04 LTS. (CVE-2016-7444) Shi Lei discovered that … Continue reading “USN-3183-1: GnuTLS Vulnerabilities”

USN-3193-1: Nettle vulnerability

USN-3193-1: Nettle vulnerability Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description It was discovered that Nettle incorrectly mitigated certain timing side-channel attacks. A remote attacker could possibly use this flaw to recover private keys. Affected Cloud Foundry Products and Versions Severity is medium unless otherwise noted. Cloud Foundry BOSH stemcells are … Continue reading “USN-3193-1: Nettle vulnerability”

USN-3142-2: ImageMagick regression

USN-3142-2: ImageMagick regression Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description USN-3142-1 fixed vulnerabilities in ImageMagick. The security fixes introduced a regression with text labels and a regression with the textcoder. This update fixes the problem. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or … Continue reading “USN-3142-2: ImageMagick regression”

USN-3189-2: Linux kernel (Xenial HWE) vulnerabilities

USN-3189-2: Linux kernel (Xenial HWE) vulnerabilities Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description USN-3189-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Mikulas Patocka discovered that the asynchronous … Continue reading “USN-3189-2: Linux kernel (Xenial HWE) vulnerabilities”

CVE-2017-5638: Apache Struts Remote Code Execution

CVE-2017-5638: Apache Struts Remote Code Execution Severity Advisory/Critical Vendor Apache Versions Affected Apache Struts 2: 2.3.x versions prior to 2.3.32 2.5.x versions prior to 2.5.10.1 Description The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 [1] mishandles file upload, which allows remote attackers to execute arbitrary commands via a … Continue reading “CVE-2017-5638: Apache Struts Remote Code Execution”

USN-3220-2: Linux kernel (Xenial HWE) vulnerability

USN-3220-2: Linux kernel (Xenial HWE) vulnerability Severity High Vendor Canonical Ubuntu Versions Affected Ubuntu 14.04 LTS Description Alexander Popov discovered that the N_HDLC line discipline implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. Mitigation OSS … Continue reading “USN-3220-2: Linux kernel (Xenial HWE) vulnerability”