USN-2837-1 bind9 vulnerability
Severity
Medium
Vendor
bind9
Versions Affected
- Ubuntu 14.04
Description
It was discovered that Bind incorrectly handled responses with malformed class attributes. A remote attacker could use this issue to cause Bind to crash, resulting in a denial of service.
The Cloud Foundry project released a new Cloud Foundry rootfs, cflinuxfs2 v.1.23.0, that has the patches.
Pivotal is releasing an updated version of Pivotal Cloud Foundry Suite which references this patched CF rootfs.
Affected VMware Products and Versions
Severity is medium unless otherwise noted.
- All versions of Cloud Foundry cflinuxfs2 prior to v.1.23.0.
- Pivotal Cloud Foundry Elastic Runtime versions prior to 1.6.9.
Mitigation
Users of affected versions should apply the following mitigation:
- The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 v.1.23.0 or later versions.
- Pivotal recommends that customers upgrade to 1.6.9 or later versions of Pivotal Cloud Foundry Elastic Runtime.
Credit
N/A