Cloud Foundry

USN-4436-1: librsvg vulnerabilities

Cloud Foundry Foundation Security Team — Thu, 27 Aug 2020 19:40:41 +0000

USN-4436-1: librsvg vulnerabilities Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that librsvg incorrectly handled parsing certain SVG files. A remote attacker could possibly use this issue to cause librsvg to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-11464) It was discovered […]

The post USN-4436-1: librsvg vulnerabilities appeared first on Cloud Foundry.

USN-4428-1: Python vulnerabilities

Cloud Foundry Foundation Security Team — Thu, 27 Aug 2020 19:40:38 +0000

USN-4428-1: Python vulnerabilities Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that Python documentation had a misleading information. A security issue could be possibly caused by wrong assumptions of this information. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM, Ubuntu 16.04 […]

The post USN-4428-1: Python vulnerabilities appeared first on Cloud Foundry.

USN-4436-2: librsvg regression

Cloud Foundry Foundation Security Team — Thu, 27 Aug 2020 19:40:23 +0000

USN-4436-2: librsvg regression Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description USN-4436-1 fixed a vulnerability in librsvg. The upstream fix caused a regression when parsing certain SVG files. This update backs out the fix pending further investigation. Original advisory details: It was discovered that librsvg incorrectly handled parsing certain SVG files. A […]

The post USN-4436-2: librsvg regression appeared first on Cloud Foundry.

USN-4431-1: FFmpeg vulnerabilities

Cloud Foundry Foundation Security Team — Thu, 27 Aug 2020 19:40:10 +0000

USN-4431-1: FFmpeg vulnerabilities Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that FFmpeg incorrectly verified empty audio packets or HEVC data. An attacker could possibly use this issue to cause a denial of service via a crafted file. This issue only affected Ubuntu 16.04 LTS, as it was already […]

The post USN-4431-1: FFmpeg vulnerabilities appeared first on Cloud Foundry.

CVE-2019-15225/15226: Envoy 1.11.1 vulnerability fixes

Cloud Foundry Foundation Security Team — Mon, 11 Nov 2019 18:18:46 +0000

Severity High Vendor Cloud Foundry Foundation Description Cloud Foundry Diego, versions prior to 2.39.0, consumes a vulnerable version of Envoy which is vulnerable to a denial-of-service attack. A remote unauthenticated malicious user may craft requests with a large number of headers to consume excess CPU or may send a request with a very long URI […]

The post CVE-2019-15225/15226: Envoy 1.11.1 vulnerability fixes appeared first on Cloud Foundry.

CVE-2019-3801: Java Projects using HTTP to fetch dependencies

Cloud Foundry Foundation Security Team — Mon, 22 Apr 2019 18:54:01 +0000

CVE-2019-3801: Java Projects using HTTP to fetch dependencies Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions CredHub 2.1 versions prior to 2.1.3 1.9 versions prior to 1.9.10 UAA Release (OSS) All versions prior to v64.0 Description Cloudfoundry java products are using an insecure protocol to fetch dependencies when building. Mitigation Users […]

The post CVE-2019-3801: Java Projects using HTTP to fetch dependencies appeared first on Cloud Foundry.