USN-2943-1 PCRE vulnerabilities
Severity
Low/Medium
Vendor
Canonical Ubuntu
Versions Affected
- Ubuntu 14.04 LTS
Description
It was discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code.
Affected Products and Versions
Severity is low/medium unless otherwise noted.
- All versions of Cloud Foundry rootfs prior to 1.49.0
- Cloud Foundry BOSH stemcells 3146.x versions prior to 3146.11 AND other versions prior to 3215.4 are vulnerable
- BOSH versions prior to 261 (post updated 2017-04-20)
Mitigation
Users of affected versions should apply the following mitigation:
- The Cloud Foundry project recommends that Cloud Foundry deployments run with rootfs version 1.49.0 and higher
- The Cloud Foundry project recommends that Cloud Foundry upgrade BOSH stemcell 3146.x versions to 3146.11 OR other versions to 3232.2
- Upgrade BOSH to v261 or later (post updated 2017-04-20)
Credit
N/A
