Cloud Foundry Logo
blog single gear
Blog
Security Advisory

USN-5331-1: tcpdump vulnerabilities

by: April 21, 2022

Severity

Low

Vendor

Canonical Ubuntu

Versions Affected

  • Canonical Ubuntu 16.04

Description

It was discovered that tcpdump incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2018-16301) It was discovered that tcpdump incorrectly handled certain captured data. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-8037)

CVEs contained in this USN include: CVE-2018-16301, CVE-2020-8037.

Affected Cloud Foundry Products and Versions

Severity is low unless otherwise noted.

  • CF Deployment
    • All versions with Xenial Stemcells prior to 621.224

Mitigation

Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:

  • CF Deployment
    • For all versions, upgrade Xenial Stemcells to 621.224 or greater

History

2022-04-21: Initial vulnerability report published.

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES

You Might Also Like

Multiple Node.js Vulnerabilities
Security Advisory

Multiple Node.js Vulnerabilities

by Cloud Foundry Foundation Security Team July 20, 2017
USN-3346-2: Bind regression
Security Advisory

USN-3346-2: Bind regression

by Cloud Foundry Foundation Security Team May 2, 2018
USN-6656-1: PostgreSQL vulnerability
Security Advisory

USN-6656-1: PostgreSQL vulnerability

by Cloud Foundry Foundation Security Team April 4, 2024
This website uses cookies to offer you a better browsing experience. Find out more about how we use cookies and how you can change your settings. Accept