Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 17 May 2016 11:07:16 -0700
From: Molly Crowther <mcrowther@...otal.io>
To: oss-security@...ts.openwall.com,
 bugtraq@...urityfocus.com
Subject: CVE-2016-3091 Diego log encoding vulnerability

Title: CVE-2016-3091 Diego log encoding vulnerability

Severity: High

Vendor: Cloud Foundry Foundation

Versions Affected: Diego-release versions 0.1468.0 through 0.1470.0

Description: Due to how Diego handles breaking up large log streams on UTF-8 boundaries, it is possible to cause a denial of service on a Cloud Foundry installation with an app outputting malformed UTF-8 sequences.

Affected Cloud Foundry Products and Versions: Diego-release versions 0.1468.0 through 0.1470.0

Mitigation: The Cloud Foundry project recommends that Cloud Foundry Deployments running Diego versions 0.1468.0 through 0.1470.0 upgrade to Diego version 0.1471.0.

Credit: This issue was identified by a Pivotal team and reported responsibly to the Cloud Foundry Foundation.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.