Release 1.153.0 · cloudfoundry/cflinuxfs4

Notably, this release addresses:

USN-7038-1 APR vulnerability:

CVE-2023-49582:
Lax permissions set by the Apache Portable Runtime library on Unix
platforms would allow local users read access to named shared memory
segments, potentially revealing sensitive application data.
This issue does not affect non-Unix platforms, or builds
with APR_USE_SHMEM_SHMGET=1 (apr.h)
Users are recommended to upgrade to APR version 1.7.5, which fixes this
issue.

USN-7037-1 OpenJPEG vulnerability:

CVE-2023-39327:
A flaw was found in OpenJPEG. Maliciously constructed pictures can cause
the program to enter a large loop and continuously print warning messages
on the terminal.

-ii  ca-certificates        20230311ubuntu0.22.04.1 all   Common CA certificates
+ii  ca-certificates        20240203~22.04.1        all   Common CA certificates
-ii  libapr1:amd64          1.7.0-8ubuntu0.22.04.1  amd64 Apache Portable Runtime Library
+ii  libapr1:amd64          1.7.0-8ubuntu0.22.04.2  amd64 Apache Portable Runtime Library
-ii  libopenjp2-7:amd64     2.4.0-6                 amd64 JPEG 2000 image compression/decompression library
-ii  libopenjp2-7-dev:amd64 2.4.0-6                 amd64 development files for OpenJPEG, a JPEG 2000 image library
+ii  libopenjp2-7:amd64     2.4.0-6ubuntu0.1        amd64 JPEG 2000 image compression/decompression library
+ii  libopenjp2-7-dev:amd64 2.4.0-6ubuntu0.1        amd64 development files for OpenJPEG, a JPEG 2000 image library```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

1.153.0