USN-4418-1: OpenEXR vulnerabilities

Severity

Medium

Vendor

Canonical Ubuntu

Versions Affected

Canonical Ubuntu 18.04

Description

It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code.

CVEs contained in this USN include: CVE-2020-15305, CVE-2020-15306.

Affected Cloud Foundry Products and Versions

Severity is medium unless otherwise noted.

cflinuxfs3
- All versions prior to 0.198.0
CF Deployment
- All versions prior to v13.7.0

Mitigation

Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:

cflinuxfs3
- Upgrade All versions to 0.198.0 or greater
CF Deployment
- Upgrade All versions to v13.7.0 or greater

References

USN Notice
CVE-2020-15305
CVE-2020-15306

History

2020-07-06: Initial vulnerability report published.

USN-4418-1: OpenEXR vulnerabilities

USN-4418-1: OpenEXR vulnerabilities

Severity

Vendor

Versions Affected

Description

Affected Cloud Foundry Products and Versions

Mitigation

References

History

You Might Also Like

USN-6535-1: curl vulnerabilities

USN-4402-1: curl vulnerabilities

CVE-2016-6658: Incomplete fix for Credential Vulnerability for Custom Buildpacks

Sign up for the Cloud Foundry Newsletter today!

Sign up for the
Cloud Foundry Newsletter today!