All Vulnerability Reports

CVE-2018-1277: Garden does not correctly enforce Docker image disc quotas


Severity

High

References

Affected VMware Products and Versions

Severity is high unless otherwise noted.

  • Pivotal Application Service
    • 2.1.x versions prior to 2.1.4
    • 2.0.x versions prior to 2.0.13
    • 1.12.x versions prior to 1.12.22
  • PCF Isolation Segment
    • 2.1.x versions prior to 2.1.3
    • 2.0.x versions prior to 2.0.9
    • 1.12.x versions prior to 1.12.18
  • Concourse for PCF
    • Deployments using Garden runC prior to version v1.13.1

Mitigation

Users of affected versions should apply the following mitigation:

  • The Cloud Foundry team recommends upgrading BOSH stemcells and/or other OSS components listed here if applicable.
  • Releases that have fixed this issue include:
    • Pivotal Application Service: 2.1.4, 2.0.13, 1.12.22
    • PCF Isolation Segment: 2.1.3, 2.0.9, 1.12.18
    • Garden runC: v1.13.1