Severity

Medium

Vendor

SQLite

Versions Affected

• Ubuntu 14.04

Description

It was discovered that SQLite incorrectly handled skip-scan optimization. An attacker could use this issue to cause applications using SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code.

The Cloud Foundry project released a BOSH stemcell version 3031 and a cflinuxfs2 rootfs stack that have the patched version of OpenSSH.

Affected Products and Versions

Severity is medium unless otherwise noted.

• All versions of Cloud Foundry BOSH stemcells prior to 3031 have versions of OpenSSH vulnerable to USN-2698-1
• All versions of Cloud Foundry cflinuxfs2 prior to 1.3.0 have versions of OpenSSH vulnerable to USN-2698-1

Mitigation

Users of affected versions should apply the following mitigation:

• The Cloud Foundry project recommends that Cloud Foundry deployments run with BOSH stemcells 3031 or later versions, and cflinuxfs2 version 1.3.0 or later versions.

Credit

Michal Zalewski

References

• http://www.ubuntu.com/usn/usn-2698-1
• https://bosh.io/stemcells
• https://github.com/cloudfoundry/cf-release