USN-2765-1 Linux Kernel (Vivid HWE) Vulnerability
Severity
High
Vendor
Canonical Ubuntu
Versions Affected
- Canonical Ubuntu 14.04 LTS
Description
It was discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their privileges, expose confidential information or cause a denial of service.
Affected VMware Products and Versions
Severity is high unless otherwise noted.
- BOSH: All versions of Cloud Foundry BOSH stemcells prior to v3094 are vulnerable to the aforementioned CVE.
- Products in the PCF Suite which reference BOSH stemcell v3093 or earlier are vulnerable to the aforementioned CVE:
- Ops Manager v1.5.6 or earlier
- Elastic Runtime v1.5.5 or earlier
- MySQL for Pivotal Cloud Foundry v1.6.2 or earlier
- Session State Caching Powered by Pivotal GemFire v1.0.2 or earlier
- RabbitMQ for Pivotal Cloud Foundry v1.4.4 or earlier
- Redis for Pivotal Cloud Foundry v1.4.8 or earlier
Mitigation
Users of affected versions should apply the following mitigation:
- The Cloud Foundry project recommends that Cloud Foundry Deployments using BOSH stemcell v3093 or earlier upgrade to v3094 or later, which contain the patched versions of the Linux kernel to resolve the aforementioned CVE.
- Pivotal recommends customers upgrade to the following releases in the PCF Suite:
- Ops Manager 1.5.7 or higher
- Elastic Runtime 1.5.6 or higher
- Ops Metrics 1.4.4 or higher
- MySQL for PCF 1.6.3 or higher
- Session State Caching Powered by Pivotal GemFire 1.1.0 or higher
- Redis for PCF 1.4.8 or higher
- RabbitMQ for PCF 1.4.5 or higher
Credit
Dmitry Vyukov