Releases · cloudfoundry/cflinuxfs2

01 Dec 15:16

cf-buildpacks-eng

1.20.0

e13635b

1.20.0

Notably, this release addresses USN-2821-1 "GnuTLS vulnerability" and USN-2820-1 "dpkg vulnerability", which address:

CVE-2015-0860 "read_line stack overflow"
CVE 2015-8313 "Poodle TLS1.0 issue"

Assets 3

19 Nov 22:41

cf-buildpacks-eng

1.19.0

f38cab4

1.19.0

Notably, this release addresses USN-2815-1, "libpng vulnerabilities", which is related to:

CVE-2012-3425 "The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image."
CVE-2015-7981 "read out of bound"
CVE-2015-8126 "Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image."

Assets 3

17 Nov 17:21

cf-buildpacks-eng

1.18.0

185fea5

1.18.0

Notably, this release addresses USN-2812-1, "libxml2 vulnerabilities", which is related to:

CVE-2015-1819 "The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack."
CVE-2015-7941 "out-of-bounds memory access"
CVE-2015-7942 "heap-buffer-overflow in xmlParseConditionalSections"
CVE-2015-8035 "DoS via crafted xz file"

as well as USN-2810-1, "Kerberos vulnerabilities", which is related to:

CVE-2002-2443 "schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103."
CVE-2014-5355 "MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '\0' character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c."
CVE-2015-2694 "The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c."
CVE-2015-2695 "lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call."
CVE-2015-2696 "lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call."
CVE-2015-2697 "The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\0' character in a long realm field within a TGS request."
CVE-2015-2698 "memory corruption caused due to original patch for CVE-2015-2696"