Lucene search
Cloud FoundryCFOUNDRY:FB20EAE0D7FF0ECE3E558E9F9034444EHistoryJun 22, 2017 - 12:00 a.m.
USN-3311-1: libnl vulnerability | Cloud Foundry
2017-06-2200:00:00
Cloud Foundry
www.cloudfoundry.org
27
0.002 Low
EPSS
Percentile
58.7%
Severity
Medium
Vendor
Canonical Ubuntu
Versions Affected
- Canonical Ubuntu 14.04
Description
It was discovered that libnl incorrectly handled memory when performing certain operations. A local attacker could possibly use this issue to cause libnl to crash, resulting in a denial of service, or execute arbitrary code.
Affected Cloud Foundry Products and Versions
Severity is medium unless otherwise noted.
- Cloud Foundry BOSH stemcells are vulnerable, including:
- 3263.x versions prior to 3263.28
- 3312.x versions prior to 3312.29
- 3363.x versions prior to 3363.26
- 3421.x versions prior to 3421.9
- All other stemcells not listed.
- All versions of Cloud Foundry cflinuxfs2 prior to 1.129.0
Mitigation
OSS users are strongly encouraged to follow one of the mitigations below:
- The Cloud Foundry project recommends upgrading the following BOSH stemcells:
- Upgrade 3263.x versions prior to 3263.28
- Upgrade 3312.x versions prior to 3312.29
- Upgrade 3363.x versions prior to 3363.26
- Upgrade 3421.x versions prior to 3421.9
- All other stemcells should be upgraded to the latest version available on bosh.io.
- The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.129.0 or later.
References
Related
openvas
openvas
Huawei EulerOS: Security Advisory for libnl (EulerOS-SA-2019-1853)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for libnl (EulerOS-SA-2019-2168)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for libnl (EulerOS-SA-2020-1258)
2020-03-13 00:00:00
prion
prion
Privilege escalation
2017-04-07 22:59:00
nessus
nessus
RHEL 7 : libnl (Unpatched Vulnerability)
2024-05-11 00:00:00
RHEL 5 : libnl (Unpatched Vulnerability)
2024-05-11 00:00:00
RHEL 5 : libnl (Unpatched Vulnerability)
2024-06-03 00:00:00
centos
centos
NetworkManager, libnl3, libnm, libnma, network, nm security update
2017-08-24 01:39:01
redhatcve
redhatcve
CVE-2017-0553
2019-11-07 04:24:33
ibm
ibm
Security Bulletin: A vulnerability in libnl3 affects PowerKVM
2018-06-18 01:39:10
cve
cve
CVE-2017-0553
2017-04-07 22:59:00
fedora
fedora
[SECURITY] Fedora 25 Update: libnl3-3.2.29-3.fc25
2017-04-22 09:24:54
[SECURITY] Fedora 24 Update: libnl3-3.2.28-5.fc24
2017-05-04 18:26:09
debian
debian
[SECURITY] [DLA 891-1] libnl security update
2017-04-10 18:03:09
[SECURITY] [DLA 892-1] libnl3 security update
2017-04-10 18:03:06
amazon
amazon
Medium: libnl3
2017-08-30 23:38:00
ubuntu
ubuntu
libnl vulnerability
2017-06-19 00:00:00
libnl vulnerability
2017-06-06 00:00:00
cvelist
cvelist
CVE-2017-0553
2017-04-07 22:00:00
redhat
redhat
oraclelinux
oraclelinux
NetworkManager and libnl3 security, bug fix and enhancement update
2017-08-07 00:00:00
debiancve
debiancve
CVE-2017-0553
2017-04-07 22:59:00
ubuntucve
ubuntucve
CVE-2017-0553
2017-04-07 00:00:00
archlinux
archlinux
[ASA-201706-35] libnl: privilege escalation
2017-06-28 00:00:00
osv
osv
libnl3 - security update
2017-04-10 00:00:00
libnl - security update
2017-04-10 00:00:00
nvd
nvd
CVE-2017-0553
2017-04-07 22:59:00
mageia
mageia
Updated libnl3 packages fix security vulnerability
2017-06-09 00:39:47
androidsecurity
androidsecurity
Android Security BulletinβApril 2017
2017-04-03 00:00:00