Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 17 May 2016 11:07:16 -0700
From: Molly Crowther <mcrowther@...otal.io>
To: oss-security@...ts.openwall.com,
 bugtraq@...urityfocus.com
Subject: CVE-2016-3091 Diego log encoding vulnerability

Title: CVE-2016-3091 Diego log encoding vulnerability

Severity: High

Vendor: Cloud Foundry Foundation

Versions Affected: Diego-release versions 0.1468.0 through 0.1470.0

Description: Due to how Diego handles breaking up large log streams on UTF-8 boundaries, it is possible to cause a denial of service on a Cloud Foundry installation with an app outputting malformed UTF-8 sequences.

Affected Cloud Foundry Products and Versions: Diego-release versions 0.1468.0 through 0.1470.0

Mitigation: The Cloud Foundry project recommends that Cloud Foundry Deployments running Diego versions 0.1468.0 through 0.1470.0 upgrade to Diego version 0.1471.0.

Credit: This issue was identified by a Pivotal team and reported responsibly to the Cloud Foundry Foundation.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ