Lucene search
Cloud FoundryCFOUNDRY:69ABD678D2A3A5E6383EDFB3B6F9B824HistoryJan 20, 2022 - 12:00 a.m.
USN-5189-1: GLib vulnerability | Cloud Foundry
2022-01-2000:00:00
Cloud Foundry
www.cloudfoundry.org
12
0.001 Low
EPSS
Percentile
31.6%
Severity
Medium
Vendor
Canonical Ubuntu
Versions Affected
- Canonical Ubuntu 16.04
- Canonical Ubuntu 18.04
Description
It was discovered that GLib incorrectly handled certain environment variables. An attacker could possibly use this issue to escalate privileges.
CVEs contained in this USN include: CVE-2021-3800.
Affected Cloud Foundry Products and Versions
Severity is medium unless otherwise noted.
- Bionic Stemcells
- 1.x versions prior to 1.51
- All other stemcells not listed.
- cflinuxfs3
- All versions prior to 0.270.0
- CF Deployment
- All versions prior to 17.1.0
Mitigation
Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:
- Bionic Stemcells
- Upgrade 1.x versions to 1.51 or greater
- All other stemcells should be upgraded to the latest version available on bosh.io.
- cflinuxfs3
- Upgrade all versions to 0.270.0 or greater
- CF Deployment
- Upgrade all versions to 17.1.0 or greater
References
History
2022-01-20: Initial vulnerability report published.
| CPE | Name | Operator | Version |
|---|---|---|---|
| bionic stemcells | lt | 1.51 | |
| cflinuxfs3 | lt | 0.270.0 | |
| cf deployment | lt | 17.1.0 |
Related
nessus
nessus
EulerOS Virtualization 3.0.6.0 : glib2 (EulerOS-SA-2023-2220)
2023-06-12 00:00:00
EulerOS Virtualization 3.0.2.0 : glib2 (EulerOS-SA-2023-1701)
2023-05-07 00:00:00
EulerOS 2.0 SP5 : glib2 (EulerOS-SA-2023-1503)
2023-03-09 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-5189-1)
2021-12-14 00:00:00
Huawei EulerOS: Security Advisory for glib2 (EulerOS-SA-2023-2410)
2023-07-25 00:00:00
Huawei EulerOS: Security Advisory for glib2 (EulerOS-SA-2023-2220)
2023-06-12 00:00:00
veracode
veracode
Privilege Escalation
2021-11-17 22:36:12
cbl_mariner
cbl_mariner
CVE-2021-3800 affecting package glib 2.58.0-9
2022-12-27 17:55:47
ubuntu
ubuntu
GLib vulnerability
2021-12-13 00:00:00
osv
osv
CVE-2021-3800
2022-08-23 16:15:09
glib2.0 - security update
2022-09-15 00:00:00
A security issue was fixed in GLib
2021-12-13 19:48:07
redhatcve
redhatcve
CVE-2021-3800
2021-10-05 18:00:54
cloudlinux
cloudlinux
Fix of CVE: CVE-2021-3800
2022-01-13 14:29:56
amazon
amazon
Medium: glib2
2023-05-25 17:41:00
Important: glib2
2023-04-27 16:19:00
debiancve
debiancve
CVE-2021-3800
2022-08-23 16:15:09
gitlab
gitlab
Files or Directories Accessible to External Parties
2022-08-23 00:00:00
cve
cve
CVE-2021-3800
2022-08-23 16:15:09
nvd
nvd
CVE-2021-3800
2022-08-23 16:15:09
broadcom
broadcom
ubuntucve
ubuntucve
CVE-2021-3800
2021-11-02 00:00:00
debian
debian
[SECURITY] [DLA 3110-1] glib2.0 security update
2022-09-15 12:57:02
prion
prion
Design/Logic Flaw
2022-08-23 16:15:00
cvelist
cvelist
CVE-2021-3800
2022-08-23 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2022-0300
2022-12-16 00:00:00
Important Photon OS Security Update - PHSA-2022-4.0-0300
2022-12-16 00:00:00
Important Photon OS Security Update - PHSA-2022-3.0-0449
2022-09-09 00:00:00
rocky
rocky
glib2 security and bug fix update
2021-11-09 09:16:02
redhat
redhat
(RHSA-2021:4385) Moderate: glib2 security and bug fix update
2021-11-09 09:16:02
(RHSA-2022:0434) Moderate: Release of OpenShift Serverless 1.20.0
2022-02-03 17:07:25
(RHSA-2021:4032) Low: Openshift Logging 5.2.3 bug fix and security update
2021-11-17 03:27:52
oraclelinux
oraclelinux
glib2 security and bug fix update
2021-11-16 00:00:00
almalinux
almalinux
Moderate: glib2 security and bug fix update
2021-11-09 09:16:02
fedora
fedora
[SECURITY] Fedora 35 Update: qt5-qtwebengine-5.15.8-2.fc35
2022-01-30 01:44:13
