CVE-2018-1269: Loggregator does not properly close some TCP connections
Severity
Medium
References
Affected VMware Products and Versions
Severity is medium unless otherwise noted.
- Pivotal Application Service
- 2.2.x versions prior to 2.2.1
- 2.1.x versions prior to 2.1.6
- 2.0.x versions prior to 2.0.17
- PCF Isolation Segment
- 2.2.x versions prior to 2.2.1
- 2.1.x versions prior to 2.1.5
- 2.0.x versions prior to 2.0.13
- Pivotal Application Service for Windows
- 2.2.x versions prior to 2.2.1
- 2.1.x versions prior to 2.1.6
- Pivotal Application Service for Windows 2012R2
- 2.2.x versions prior to 2.2.1
- 2.1.x versions prior to 2.1.5
- 2.0.x versions prior to 2.0.9
Mitigation
Users of affected versions should apply the following mitigation:
- The Cloud Foundry team recommends upgrading BOSH stemcells and/or other OSS components listed here if applicable.
- Releases that have fixed this issue include:
- Pivotal Application Service: 2.2.1, 2.1.6, 2.0.17
- Pivotal Isolation Segment: 2.2.1, 2.1.5, 2.0.13
- Pivotal Application Service for Windows: 2.2.1, 2.1.6
- Pivotal Application Service for Windows 2012R2: 2.2.1, 2.1.5, 2.0.9