USN-3748-1: base-files vulnerability
Severity
Low
Vendor
Canonical Ubuntu
Versions Affected
- Canonical Ubuntu 18.04
Description
Sander Bos discovered that the MOTD update script incorrectly handled temporary files. A local attacker could use this issue to cause a denial of service, or possibly escalate privileges if kernel symlink restrictions were disabled.
Affected Cloud Foundry Products and Versions
Severity is low unless otherwise noted.
- All versions of Cloud Foundry cflinuxfs3 prior to 0.13.0
Mitigation
OSS users are strongly encouraged to follow one of the mitigations below:
- The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs3 version 0.13.0 or later.