Lucene search
Cloud FoundryCFOUNDRY:29F51970A6B8E7F72EFC2B6288D78B89HistoryMar 26, 2019 - 12:00 a.m.
USN-3911-1: file vulnerabilities | Cloud Foundry
2019-03-2600:00:00
Cloud Foundry
www.cloudfoundry.org
36
0.007 Low
EPSS
Percentile
79.9%
Severity
Medium
Vendor
Canonical Ubuntu
Versions Affected
- Canonical Ubuntu 16.04
- Canonical Ubuntu 18.04
Description
It was discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.
CVEs contained in this USN include: CVE-2019-8904, CVE-2019-8905, CVE-2019-8906, CVE-2019-8907
Affected Cloud Foundry Products and Versions
Severity is medium unless otherwise noted.
- Cloud Foundry BOSH xenial-stemcells are vulnerable, including:
- 250.x versions prior to 250.23
- 170.x versions prior to 170.43
- 97.x versions prior to 97.71
- All other stemcells not listed.
- All versions of Cloud Foundry cflinuxfs3 prior to 0.72.0
Mitigation
Users of affected products are strongly encouraged to follow one of the mitigations below:
- The Cloud Foundry project recommends upgrading the following BOSH xenial-stemcells:
- Upgrade 250.x versions to 250.23
- Upgrade 170.x versions to 170.43
- Upgrade 97.x versions to 97.71
- All other stemcells should be upgraded to the latest version available on bosh.io.
- The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs3 version 0.72.0 or later.
References
Related
openvas
openvas
Fedora Update for file FEDORA-2019-15f5147b27
2019-05-07 00:00:00
Ubuntu: Security Advisory (USN-3911-1)
2019-03-19 00:00:00
Fedora Update for file FEDORA-2019-18036b898e
2019-11-10 00:00:00
nessus
nessus
Ubuntu 16.04 LTS / 18.04 LTS : file vulnerabilities (USN-3911-1)
2019-03-19 00:00:00
Photon OS 2.0: File PHSA-2020-2.0-0228
2020-04-22 00:00:00
Photon OS 3.0: File PHSA-2020-3.0-0080
2020-04-21 00:00:00
ubuntu
ubuntu
file vulnerabilities
2019-03-18 00:00:00
cloudfoundry
cloudfoundry
USN-3911-2: file regression | Cloud Foundry
2020-06-24 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: file-5.34-12.fc29
2019-03-01 02:41:25
[SECURITY] Fedora 29 Update: file-5.34-15.fc29
2019-11-10 01:07:35
[SECURITY] Fedora 28 Update: file-5.33-10.fc28
2019-03-12 21:44:56
archlinux
archlinux
[ASA-201903-5] file: multiple issues
2019-03-03 00:00:00
amazon
amazon
Medium: file
2019-03-21 22:08:00
suse
suse
Security update for file (moderate)
2019-04-12 00:00:00
Security update for file (moderate)
2019-03-18 00:00:00
slackware
slackware
[slackware-security] file
2019-02-23 21:37:08
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2020-2.0-0228
2020-04-10 00:00:00
Important Photon OS Security Update - PHSA-2020-0228
2020-04-10 00:00:00
Critical Photon OS Security Update - PHSA-2020-0080
2020-04-14 00:00:00
osv
osv
file - security update
2019-02-28 00:00:00
CVE-2019-8906
2019-02-18 17:29:01
CVE-2019-8907
2019-02-18 17:29:01
debian
debian
[SECURITY] [DLA 1698-1] file security update
2019-02-28 21:56:24
mageia
mageia
Updated file packages fix security vulnerabilities
2019-03-29 18:51:06
cve
cve
redhatcve
redhatcve
prion
prion
Design/Logic Flaw
2019-02-18 17:29:00
Stack overflow
2019-02-18 17:29:00
Out-of-bounds
2019-02-18 17:29:00
alpinelinux
alpinelinux
cvelist
cvelist
debiancve
debiancve
ubuntucve
ubuntucve
nvd
nvd
apple
apple
About the security content of watchOS 5.2
2019-03-27 00:00:00
About the security content of watchOS 5.2 - Apple Support
2019-08-07 04:48:16
About the security content of tvOS 12.2
2019-03-25 00:00:00