|
Message-Id: <8D5AEF62-B15D-423E-BCC7-D08C75E9E361@pivotal.io> Date: Tue, 17 May 2016 11:07:16 -0700 From: Molly Crowther <mcrowther@...otal.io> To: oss-security@...ts.openwall.com, bugtraq@...urityfocus.com Subject: CVE-2016-3091 Diego log encoding vulnerability Title: CVE-2016-3091 Diego log encoding vulnerability Severity: High Vendor: Cloud Foundry Foundation Versions Affected: Diego-release versions 0.1468.0 through 0.1470.0 Description: Due to how Diego handles breaking up large log streams on UTF-8 boundaries, it is possible to cause a denial of service on a Cloud Foundry installation with an app outputting malformed UTF-8 sequences. Affected Cloud Foundry Products and Versions: Diego-release versions 0.1468.0 through 0.1470.0 Mitigation: The Cloud Foundry project recommends that Cloud Foundry Deployments running Diego versions 0.1468.0 through 0.1470.0 upgrade to Diego version 0.1471.0. Credit: This issue was identified by a Pivotal team and reported responsibly to the Cloud Foundry Foundation.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.