Lucene search
Cloud FoundryCFOUNDRY:894C76C0EB39D03A818F5E3BFAA0E55AHistoryJul 10, 2018 - 12:00 a.m.
USN-3689-1: Libgcrypt vulnerability | Cloud Foundry
2018-07-1000:00:00
Cloud Foundry
www.cloudfoundry.org
294
0.001 Low
EPSS
Percentile
33.2%
Severity
Medium
Vendor
Canonical Ubuntu
Versions Affected
- Canonical Ubuntu 14.04
Description
Affected Cloud Foundry Products and Versions
Severity is medium unless otherwise noted.
- Cloud Foundry BOSH stemcells are vulnerable, including:
- 3586.x versions prior to 3586.25
- 3541.x versions prior to 3541.35
- 3468.x versions prior to 3468.53
- 3445.x versions prior to 3445.53
- 3421.x versions prior to 3421.68
- 3363.x versions prior to 3363.67
- All other stemcells not listed.
- All versions of Cloud Foundry cflinuxfs2 prior to 1.220.0
Mitigation
OSS users are strongly encouraged to follow one of the mitigations below:
- The Cloud Foundry project recommends upgrading the following BOSH stemcells:
- Upgrade 3586.x versions to 3586.25
- Upgrade 3541.x versions to 3541.35
- Upgrade 3468.x versions to 3468.53
- Upgrade 3445.x versions to 3445.53
- Upgrade 3421.x versions to 3421.68
- Upgrade 3363.x versions to 3363.67
- All other stemcells should be upgraded to the latest version available on bosh.io.
- The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.220.0 or later.
References
Related
archlinux
archlinux
[ASA-201806-10] libgcrypt: private key recovery
2018-06-16 00:00:00
ubuntucve
ubuntucve
CVE-2018-0495
2018-06-13 00:00:00
slackware
slackware
[slackware-security] libgcrypt
2018-06-13 22:09:13
cvelist
cvelist
CVE-2018-0495
2018-06-13 23:00:00
nessus
nessus
Photon OS 1.0: Libgcrypt PHSA-2018-1.0-0182
2019-02-07 00:00:00
FreeBSD : libgcrypt -- side-channel attack vulnerability (9b5162de-6f39-11e8-818e-e8e0b747a45a)
2018-06-14 00:00:00
Fedora 28 : libgcrypt (2018-1ea5beb4cf)
2019-01-03 00:00:00
freebsd
freebsd
libgcrypt -- side-channel attack vulnerability
2018-06-13 00:00:00
debian
debian
[SECURITY] [DSA 4231-1] libgcrypt20 security update
2018-06-17 18:53:17
[SECURITY] [DSA 4231-1] libgcrypt20 security update
2018-06-17 18:53:17
[SECURITY] [DLA 1405-1] libgcrypt20 security update
2018-06-29 08:04:20
alpinelinux
alpinelinux
CVE-2018-0495
2018-06-13 23:29:00
redhatcve
redhatcve
CVE-2018-0495
2018-06-14 08:19:05
CVE-2018-12437
2018-06-15 18:20:03
ubuntu
ubuntu
Libgcrypt vulnerability
2018-06-19 00:00:00
Libgcrypt vulnerability
2018-06-19 00:00:00
OpenSSL vulnerabilities
2018-06-26 00:00:00
fedora
fedora
[SECURITY] Fedora 27 Update: libgcrypt-1.8.3-1.fc27
2018-06-17 19:45:43
[SECURITY] Fedora 28 Update: libgcrypt-1.8.3-1.fc28
2018-06-18 16:20:42
[SECURITY] Fedora 27 Update: botan2-2.7.0-1.fc27
2018-07-11 19:32:47
osv
osv
libgcrypt20 - security update
2018-06-29 00:00:00
CVE-2018-0495
2018-06-13 23:29:00
libgcrypt20 - security update
2018-06-17 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-3689-2)
2022-08-26 00:00:00
Mageia: Security Advisory (MGASA-2018-0301)
2022-01-28 00:00:00
Debian: Security Advisory (DSA-4231-1)
2018-06-16 00:00:00
veracode
veracode
Side-channel Attack
2019-06-03 00:25:00
debiancve
debiancve
CVE-2018-0495
2018-06-13 23:29:00
nvd
nvd
CVE-2018-0495
2018-06-13 23:29:00
prion
prion
Memory corruption
2018-06-13 23:29:00
f5
f5
K20001553 : Libgcrypt vulnerability CVE-2018-0495
2018-09-28 00:00:00
suse
suse
Security update for libgcrypt (moderate)
2018-07-28 16:00:35
Security update for libgcrypt (moderate)
2018-08-03 21:07:44
Security update for mozilla-nspr and mozilla-nss (moderate)
2018-12-28 21:12:25
cve
cve
CVE-2018-0495
2018-06-13 23:29:00
mageia
mageia
Updated nss packages fix security vulnerability
2019-01-16 01:15:34
Updated libcrypt packages fix a security vulnerability
2018-07-02 01:17:47
Updated libgcrypt packages fix security vulnerability
2018-07-01 20:17:14
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2018-1.0-0182
2018-09-05 00:00:00
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2018-2.0-0091
2018-09-06 00:00:00
Critical Photon OS Security Update - PHSA-2018-0091
2018-09-06 00:00:00
redhat
redhat
(RHSA-2020:1461) Important: nss-softokn security update
2020-04-14 14:33:58
(RHSA-2020:1267) Important: nss-softokn security update
2020-04-01 07:33:21
(RHSA-2020:1345) Important: nss-softokn security update
2020-04-07 08:30:50
ibm
ibm
Security Bulletin: Potential side-channel cryptographic vulnerabilities in IBM DataPower Gateway
2021-06-08 21:52:38
Security Bulletin: IBM MQ Appliance affected by NSS and libgcrypt vulnerabilities (CVE-2018-12404 and CVE-2018-0495)
2020-01-23 15:02:50
Security Bulletin: Vulnerabilities in OpenSSL affect PowerKVM
2018-12-17 15:00:02
oraclelinux
oraclelinux
openssl security update
2018-11-06 00:00:00
openssl security, bug fix, and enhancement update
2018-11-05 00:00:00
amazon
amazon
Medium: nss
2019-09-30 22:57:00
Medium: openssl
2018-12-05 23:20:00
Important: nss, nss-softokn, nss-util, nspr
2020-03-16 21:29:00
centos
centos
nspr, nss security update
2019-08-30 03:43:23
openssl security update
2018-11-15 18:50:49
cloudfoundry
cloudfoundry
USN-3692-1: OpenSSL vulnerabilities | Cloud Foundry
2018-07-10 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1870
2021-07-02 17:14:28
oracle
oracle
Oracle Critical Patch Update Advisory - April 2019
2019-04-16 00:00:00
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00