USN-2977-1 Linux kernel (Vivid HWE) vulnerabilities


Severity

High

Vendor

Canonical Ubuntu

Versions Affected
  • Canonical Ubuntu 14.04 LTS
Description

Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-0758)

Affected Pivotal Products and Versions

Severity is high unless otherwise noted.

  • Cloud Foundry BOSH stemcells 3146.x versions prior to 3146.12 AND other versions prior to 3232.3 are vulnerable
  • Pivotal Cloud Foundry Ops Manager versions prior to 1.6.13 AND 1.7.x versions prior to 1.7.3.
  • Pivotal Cloud Foundry Elastic Runtime versions prior to 1.6.24 AND 1.7.x versions prior to 1.7.2
  • MySQL for Pivotal Cloud Foundry versions prior to 1.6.11, versions 1.7.x prior to 1.7.8 AND 1.8.x prior to 1.8.0-edge.6
  • RabbitMQ for Pivotal Cloud Foundry versions prior to 1.5.10
  • Redis for Pivotal Cloud Foundry versions prior to 1.4.24 AND 1.5.x versions prior to 1.5.13
  • RiakCS for Pivotal Cloud Foundry versions prior to 1.5.12
  • Pivotal Cloud Foundry Single Sign-on versions prior to 1.0.12
Mitigation

Users of affected versions should apply the following mitigation:

  • The Cloud Foundry project recommends that Cloud Foundry upgrade BOSH stemcell 3146.x versions to 3146.12 OR other versions to 3232.4
  • Pivotal Cloud Foundry Ops Manager versions prior to 1.6.13 should be upgraded to that release or higher AND 1.7.x versions should be upgraded to 1.7.3 or higher
  • Pivotal Cloud Foundry Elastic Runtime versions prior to 1.6.24 should be upgraded to that release or higher AND 1.7.x versions should be upgraded to 1.7.2 or higher
  • MySQL for Pivotal Cloud Foundry versions prior to 1.6.11 should be upgraded to that release or higher, versions 1.7.x should be upgraded to 1.7.8 or higher AND 1.8.x prior to 1.8.0-edge.6 should be upgraded to that or higher
  • RabbitMQ for Pivotal Cloud Foundry versions prior to 1.5.10 should be upgraded to that release or higher
  • Redis for Pivotal Cloud Foundry versions prior to 1.4.24 should be upgraded to that release or higher AND 1.5.x versions prior to 1.5.13 should be upgraded to that release or higher
  • RiakCS for Pivotal Cloud Foundry versions prior to 1.5.12 should be upgraded to that release or higher
  • Pivotal Cloud Foundry Single Sign-on versions prior to 1.0.12 should be upgraded to that release or higher

Special Note for 1.7.x Ops Manager Deployments

The 1.7.x release line of Ops Manager includes a new feature that allows tile stemcells to “float”, which will allow Operators to update their Ops Manager deployment once rather than installing all new Services product releases. If you upgrade one Service tile in Ops Manager 1.7.x with the newly released stemcell, all tiles will automatically upgrade. For more information about the floating stemcell feature, refer to this document.

Credit

Philip Pettersson

References