Cloud Foundry Logo
blog single gear
Blog
Security Advisory

USN-3746-1: APT vulnerability

by: September 11, 2018

USN-3746-1: APT vulnerability

Severity

High

Vendor

Canonical Ubuntu

Versions Affected

  • Canonical Ubuntu 18.04

Description

It was discovered that APT incorrectly handled the mirror method (mirror://). If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages in environments configured to use mirror:// entries.

Affected Cloud Foundry Products and Versions

Severity is high unless otherwise noted.

  • All versions of Cloud Foundry cflinuxfs3 prior to 0.13.0

Mitigation

OSS users are strongly encouraged to follow one of the mitigations below:

  • The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs3 version 0.13.0 or later.

References

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES

You Might Also Like

USN-3755-1: GD vulnerabilities
Security Advisory

USN-3755-1: GD vulnerabilities

by Cloud Foundry Foundation Security Team September 11, 2018
USN-4109-1: OpenJPEG vulnerabilities
Security Advisory

USN-4109-1: OpenJPEG vulnerabilities

by Cloud Foundry Foundation Security Team August 29, 2019
CVE-2018-11083: BOSH accepts refresh token as access token
Security Advisory

CVE-2018-11083: BOSH accepts refresh token as access token

by Cloud Foundry Foundation Security Team October 3, 2018
This website uses cookies to offer you a better browsing experience. Find out more about how we use cookies and how you can change your settings. Accept