All Vulnerability Reports

CVE-2017-14388: GrootFS doesn’t validate DiffIDs


Severity

High

References
Affected Pivotal Products and Versions

Severity is high unless otherwise noted.

  • PCF Elastic Runtime:
    • 1.12.x versions prior to 1.12.7
  • PCF Isolation Segment:
    • 1.12.x versions prior to 1.12.7
Mitigation

Users of affected versions should apply the following mitigation:

  • The Cloud Foundry team recommends upgrading BOSH stemcells and/or other OSS components listed here if applicable.
  • Releases that have fixed this issue include:
    • PCF Elastic Runtime: 1.12.7
    • PCF Isolation Segment: 1.12.7