Lucene search
Cloud FoundryCFOUNDRY:9508E80FC3841EA0C8796974EB59D970HistoryMar 21, 2019 - 12:00 a.m.
USN-3899-1: OpenSSL vulnerability | Cloud Foundry
2019-03-2100:00:00
Cloud Foundry
www.cloudfoundry.org
84
0.01 Low
EPSS
Percentile
83.9%
Severity
Medium
Vendor
Canonical Ubuntu
Versions Affected
- Canonical Ubuntu 16.04
- Canonical Ubuntu 18.04
Description
Juraj Somorovsky, Robert Merget, and Nimrod Aviram discovered that certain applications incorrectly used OpenSSL and could be exposed to a padding oracle attack. A remote attacker could possibly use this issue to decrypt data.
CVEs contained in this USN include: CVE-2019-1559
Affected Cloud Foundry Products and Versions
Severity is medium unless otherwise noted.
- Cloud Foundry BOSH xenial-stemcells are vulnerable, including:
- 250.x versions prior to 250.21
- 170.x versions prior to 170.39
- 97.x versions prior to 97.66
- All other stemcells not listed.
- All versions of Cloud Foundry cflinuxfs3 prior to 0.65.0
Mitigation
Users of affected products are strongly encouraged to follow one of the mitigations below:
- The Cloud Foundry project recommends upgrading the following BOSH xenial-stemcells:
- Upgrade 250.x versions to 250.21
- Upgrade 170.x versions to 170.39
- Upgrade 97.x versions to 97.66
- All other stemcells should be upgraded to the latest version available on bosh.io.
- The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs3 version 0.65.0 or later.
References
Related
freebsd
freebsd
OpenSSL -- Padding oracle vulnerability
2019-02-19 00:00:00
Node.js -- multiple vulnerabilities
2019-02-28 00:00:00
suse
suse
Security update for openssl (moderate)
2019-04-08 00:00:00
Security update for openssl-1_0_0 (moderate)
2019-05-22 00:00:00
Security update for openssl-1_0_0 (moderate)
2019-04-02 00:00:00
ibm
ibm
nessus
nessus
FreeBSD : OpenSSL -- Padding oracle vulnerability (7700061f-34f7-11e9-b95c-b499baebfeaf)
2019-02-21 00:00:00
Debian DLA-1701-1 : openssl security update
2019-03-04 00:00:00
SUSE SLED15 / SLES15 Security Update : openssl-1_0_0 (SUSE-SU-2019:0600-1)
2019-03-13 00:00:00
ubuntu
ubuntu
OpenSSL vulnerability
2019-02-27 00:00:00
OpenSSL vulnerabilities
2020-07-09 00:00:00
openvas
openvas
openSUSE: Security Advisory for openssl (openSUSE-SU-2019:1175-1)
2019-04-09 00:00:00
OpenSSL: 0-byte record padding oracle (CVE-2019-1559) - Linux
2019-02-27 00:00:00
openSUSE: Security Advisory for openssl-1_0_0 (openSUSE-SU-2019:1105-1)
2019-04-03 00:00:00
paloalto
paloalto
OpenSSL vulnerability CVE-2019-1559 has been resolved in PAN-OS
2019-12-04 17:00:00
redhat
redhat
(RHSA-2019:2471) Moderate: openssl security update
2019-08-13 14:07:51
(RHSA-2019:2304) Moderate: openssl security and bug fix update
2019-08-06 08:23:32
veracode
veracode
Padding Oracle Attack
2019-03-01 01:32:23
redhatcve
redhatcve
CVE-2019-1559
2019-10-08 17:49:09
osv
osv
openssl1.0 - security update
2019-02-28 00:00:00
openssl - security update
2019-03-01 00:00:00
CVE-2019-1559
2019-02-27 23:29:00
centos
centos
openssl security update
2019-08-16 21:53:45
openssl security update
2019-08-30 03:49:42
cve
cve
CVE-2019-1559
2019-02-27 23:29:00
ubuntucve
ubuntucve
CVE-2019-1559
2019-02-26 00:00:00
f5
f5
K18549143 : OpenSSL vulnerability CVE-2019-1559
2019-03-19 00:00:00
archlinux
archlinux
[ASA-201903-6] lib32-openssl-1.0: information disclosure
2019-03-03 00:00:00
[ASA-201903-2] openssl-1.0: information disclosure
2019-03-02 00:00:00
alpinelinux
alpinelinux
CVE-2019-1559
2019-02-27 23:29:00
debian
debian
[SECURITY] [DSA 4400-1] openssl1.0 security update
2019-02-28 22:13:35
[SECURITY] [DLA 1701-1] openssl security update
2019-03-01 22:55:06
debiancve
debiancve
CVE-2019-1559
2019-02-27 23:29:00
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl10 version 1.0.2r-alt1
2019-03-20 00:00:00
aix
aix
There is a vulnerability in OpenSSL used by AIX.
2019-04-16 10:48:55
prion
prion
Design/Logic Flaw
2019-02-27 23:29:00
symantec
symantec
OpenSSL CVE-2019-1559 Information Disclosure Vulnerability
2019-02-26 00:00:00
cvelist
cvelist
CVE-2019-1559 0-byte record padding oracle
2019-02-26 00:00:00
nvd
nvd
CVE-2019-1559
2019-02-27 23:29:00
qualysblog
qualysblog
Zombie POODLE and GOLDENDOODLE Vulnerabilities
2019-04-22 08:40:40
slackware
slackware
[slackware-security] openssl (slackware 14.2)
2019-02-27 04:12:59
openssl
openssl
Vulnerability in OpenSSL CVE-2019-1559
2019-02-26 00:00:00
mageia
mageia
Updated openssl packages fix security vulnerability
2019-03-07 19:34:45
amazon
amazon
Medium: openssl
2019-04-04 19:13:00
Medium: openssl
2019-04-04 21:45:00
Medium: openssl
2019-11-11 17:41:00
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2019-03-14 00:00:00
nodejsblog
nodejsblog
February 2019 Security Releases
2019-02-28 00:00:00
oraclelinux
oraclelinux
openssl security update
2019-08-14 00:00:00
openssl security and bug fix update
2019-08-13 00:00:00
openssl security update
2019-08-19 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: compat-openssl10-1.0.2o-7.fc29
2019-09-26 01:41:32