USN-2943-1 PCRE vulnerabilities


USN-2943-1 PCRE vulnerabilities

Severity

Low/Medium

Vendor

Canonical Ubuntu

Versions Affected

  • Ubuntu 14.04 LTS

Description

It was discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code.

Affected Products and Versions

Severity is low/medium unless otherwise noted.

  • All versions of Cloud Foundry rootfs prior to 1.49.0
  • Cloud Foundry BOSH stemcells 3146.x versions prior to 3146.11 AND other versions prior to 3215.4 are vulnerable
  • BOSH versions prior to 261 (post updated 2017-04-20)

Mitigation

Users of affected versions should apply the following mitigation:

  • The Cloud Foundry project recommends that Cloud Foundry deployments run with rootfs version 1.49.0 and higher
  • The Cloud Foundry project recommends that Cloud Foundry upgrade BOSH stemcell 3146.x versions to 3146.11 OR other versions to 3232.2
  • Upgrade BOSH to v261 or later (post updated 2017-04-20)

Credit

N/A

References