USN-2765-1 Linux Kernel (Vivid HWE) Vulnerability

Severity

High

Vendor

Canonical Ubuntu

Versions Affected

Canonical Ubuntu 14.04 LTS

Description

It was discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their privileges, expose confidential information or cause a denial of service.

Affected Products and Versions

Severity is high unless otherwise noted.

BOSH: All versions of Cloud Foundry BOSH stemcells prior to v3094 are vulnerable to the aforementioned CVE.

Mitigation

Users of affected versions should apply the following mitigation:

The Cloud Foundry project recommends that Cloud Foundry Deployments using BOSH stemcell v3093 or earlier upgrade to v3094 or later, which contain the patched versions of the Linux kernel to resolve the aforementioned CVE.

Credit

Dmitry Vyukov

References

http://www.ubuntu.com/usn/usn-2765-1/
https://bosh.io/stemcells
https://github.com/cloudfoundry/cf-release

USN-2765-1 Linux Kernel (Vivid HWE) Vulnerability

Severity

Vendor

Versions Affected

Description

Affected Products and Versions

Mitigation

Credit

References

You Might Also Like

USN-3935-1: BusyBox vulnerabilities

CVE-2015-1855 Ruby OpenSSL Hostname Verification

USN-3151-2: Linux kernel (Xenial HWE) vulnerability

Sign up for the Cloud Foundry Newsletter today!

Sign up for the
Cloud Foundry Newsletter today!