Lucene search
Cloud FoundryCFOUNDRY:E3848525133601C3CFD253A9C49DA974HistoryMar 22, 2021 - 12:00 a.m.
USN-4760-1: libzstd vulnerabilities | Cloud Foundry
2021-03-2200:00:00
Cloud Foundry
www.cloudfoundry.org
13
0.001 Low
EPSS
Percentile
26.3%
Severity
Medium
Vendor
Canonical Ubuntu
Versions Affected
- Canonical Ubuntu 18.04
Description
It was discovered that libzstd incorrectly handled file permissions. A local attacker could possibly use this issue to access certain files, contrary to expectations.
CVEs contained in this USN include: CVE-2021-24031, CVE-2021-24032.
Affected Cloud Foundry Products and Versions
Severity is medium unless otherwise noted.
- cflinuxfs3
- All versions prior to 0.228.0
- CF Deployment
- All versions prior to 16.7.0
Mitigation
Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:
- cflinuxfs3
- Upgrade all versions to 0.228.0 or greater
- CF Deployment
- Upgrade all versions to 16.7.0 or greater
References
History
2021-03-22: Initial vulnerability report published.
| CPE | Name | Operator | Version |
|---|---|---|---|
| cflinuxfs3 | lt | 0.228.0 | |
| cf deployment | lt | 16.7.0 |
Related
mageia
mageia
Updated zstd packages fix a security vulnerability
2021-07-09 03:27:08
Updated zstd packages fix a security vulnerability
2021-07-09 03:27:08
osv
osv
CVE-2021-24032
2021-03-04 21:15:12
libzstd vulnerabilities
2021-03-08 18:21:54
libzstd vulnerabilities
2022-11-09 12:00:15
openvas
openvas
openSUSE: Security Advisory for zstd (openSUSE-SU-2021:0481-1)
2021-04-16 00:00:00
Huawei EulerOS: Security Advisory for zstd (EulerOS-SA-2021-2286)
2021-08-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:0948-1)
2021-06-09 00:00:00
alpinelinux
alpinelinux
CVE-2021-24032
2021-03-04 21:15:12
CVE-2021-24031
2021-03-04 21:15:12
nessus
nessus
Ubuntu 18.04 LTS / 20.04 LTS : libzstd vulnerabilities (USN-4760-1)
2021-03-23 00:00:00
Ubuntu 16.04 ESM : Zstandard vulnerabilities (USN-5720-1)
2022-11-09 00:00:00
EulerOS 2.0 SP9 : zstd (EulerOS-SA-2021-2260)
2021-08-09 00:00:00
suse
suse
Security update for zstd (moderate)
2021-03-28 00:00:00
ubuntu
ubuntu
libzstd vulnerabilities
2021-03-08 00:00:00
Zstandard vulnerabilities
2022-11-09 00:00:00
ubuntucve
ubuntucve
CVE-2021-24032
2021-02-20 00:00:00
CVE-2021-24031
2021-02-10 00:00:00
cve
cve
CVE-2021-24032
2021-03-04 21:15:12
CVE-2021-24031
2021-03-04 21:15:12
nvd
nvd
CVE-2021-24032
2021-03-04 21:15:12
CVE-2021-24031
2021-03-04 21:15:12
prion
prion
Design/Logic Flaw
2021-03-04 21:15:00
Design/Logic Flaw
2021-03-04 21:15:00
cvelist
cvelist
CVE-2021-24032
2021-03-04 20:15:21
CVE-2021-24031
2021-03-04 20:15:21
debiancve
debiancve
CVE-2021-24032
2021-03-04 21:15:12
CVE-2021-24031
2021-03-04 21:15:12
veracode
veracode
Insecure File Permission
2021-03-31 07:59:58
redhatcve
redhatcve
CVE-2021-24031
2021-03-03 21:40:06
CVE-2021-24032
2021-03-02 19:33:02
photon
photon
Moderate Photon OS Security Update - PHSA-2022-0235
2022-08-22 00:00:00
Moderate Photon OS Security Update - PHSA-2022-4.0-0235
2022-08-22 00:00:00
Important Photon OS Security Update - PHSA-2022-3.0-0431
2022-08-09 00:00:00
cbl_mariner
cbl_mariner
CVE-2021-24032 affecting package zstd 1.4.4-1
2021-09-09 15:02:56
CVE-2021-24032 affecting package ceph for versions less than 16.2.10-4
2024-06-12 22:23:00
redhat
redhat
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00