[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 17 May 2016 11:07:16 -0700
From: Molly Crowther <mcrowther@...otal.io>
To: oss-security@...ts.openwall.com,
bugtraq@...urityfocus.com
Subject: CVE-2016-3091 Diego log encoding vulnerability
Title: CVE-2016-3091 Diego log encoding vulnerability
Severity: High
Vendor: Cloud Foundry Foundation
Versions Affected: Diego-release versions 0.1468.0 through 0.1470.0
Description: Due to how Diego handles breaking up large log streams on UTF-8 boundaries, it is possible to cause a denial of service on a Cloud Foundry installation with an app outputting malformed UTF-8 sequences.
Affected Cloud Foundry Products and Versions: Diego-release versions 0.1468.0 through 0.1470.0
Mitigation: The Cloud Foundry project recommends that Cloud Foundry Deployments running Diego versions 0.1468.0 through 0.1470.0 upgrade to Diego version 0.1471.0.
Credit: This issue was identified by a Pivotal team and reported responsibly to the Cloud Foundry Foundation.
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
