Severity
Medium
Vendor
Vivid
Versions Affected
- Ubuntu 14.04
Description
Marcelo Ricardo Leitner discovered a race condition in the Linux kernel’s SCTP address configuration lists when using Address Configuration Change (ASCONF) options on a socket. An unprivileged local user could exploit this flaw to cause a denial of service (system crash).
The Cloud Foundry project released a BOSH stemcell version 3048 that has the patched version of OpenSSH.
Affected Products and Versions
Severity is medium unless otherwise noted.
- All versions of Cloud Foundry BOSH stemcells prior to 3048 have versions of the kernel vulnerable to USN-2718-1
Mitigation
Users of affected versions should apply the following mitigation:
- The Cloud Foundry project recommends that Cloud Foundry deployments run with BOSH stemcells 3048 or later versions.
Credit
Marcelo Ricardo Leitner
