Cloud Foundry Logo
blog single gear
Security Advisory

USN-2977-1 Linux kernel (Vivid HWE) vulnerabilities

USN-2977-1 Linux kernel (Vivid HWE) vulnerabilities

Severity

High

Vendor

Canonical Ubuntu

Versions Affected

Canonical Ubuntu 14.04 LTS

Description

Philip Pettersson discovered that the Linux kernel’s ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-0758)

Affected Products and Versions

Severity is high unless otherwise noted.

  • Cloud Foundry BOSH stemcells 3146.x versions prior to 3146.12 AND other versions prior to 3232.3 are vulnerable

Mitigation

Users of affected versions should apply the following mitigation:

  • The Cloud Foundry project recommends that Cloud Foundry upgrade BOSH stemcell 3146.x versions to 3146.12 OR other versions to 3232.4

Credit

Philip Pettersson

References

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES