A PHP Error was encountered

Severity: Warning

Message: fopen(/var/lib/php/sessions/ci_sessioncmtrqaf8b72vr9aqosg3ocig62cuaibe): failed to open stream: No space left on device

Filename: drivers/Session_files_driver.php

Line Number: 176

Backtrace:

File: /var/www/html/application/core/MY_Controller.php
Line: 8
Function: __construct

File: /var/www/html/application/controllers/Frontend.php
Line: 10
Function: __construct

File: /var/www/html/index.php
Line: 315
Function: require_once

A PHP Error was encountered

Severity: Warning

Message: session_start(): Failed to read session data: user (path: /var/lib/php/sessions)

Filename: Session/Session.php

Line Number: 143

Backtrace:

File: /var/www/html/application/core/MY_Controller.php
Line: 8
Function: __construct

File: /var/www/html/application/controllers/Frontend.php
Line: 10
Function: __construct

File: /var/www/html/index.php
Line: 315
Function: require_once

Advisory for Cloud Foundry Security Update


Advisory for Cloud Foundry Security Update

  • NIC-CERT/2022-08/365
  • Date: 2022-08-31
  • CVE ID: Multiple
  • Severity: Medium

Description:

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.30 in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Ubuntu 18.04 LTS has been updated to MySQL 5.7.39. It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, or possibly execute arbitrary code. Carlo Marcelo Arenas Belón discovered that an issue related to CVE-2022-24765 still affected Git. An attacker could possibly use this issue to run arbitrary commands as administrator. Alex Chernyakhovsky discovered that OpenSSL incorrectly handled AES OCB mode when using the AES-NI assembly optimized implementation on 32-bit x86 platforms. A remote attacker could possibly use this issue to obtain sensitive information. Demi Marie Obenour discovered that GnuPG incorrectly handled injection in the status message. A remote attacker could possibly use this issue to forge signatures.

Affected Products and CVEs:

CVE

Affected Products

Mitigation

CVE-2022-21509

CVE-2022-21515

CVE-2022-21517

CVE-2022-21522

CVE-2022-21525

CVE-2022-21526

CVE-2022-21527

CVE-2022-21528

CVE-2022-21529

CVE-2022-21530

CVE-2022-21531

CVE-2022-21534

CVE-2022-21537

CVE-2022-21538

CVE-2022-21539

CVE-2022-21547

CVE-2022-21553

CVE-2022-21569

cflinuxfs3

All versions prior to 0.8.0

CF Deployment

All versions prior to 1.9.0

Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:

cflinuxfs3

Upgrade all versions to 0.8.0 or greater

CF Deployment

Upgrade all versions to 1.9.0 or greater

CVE-2022-27404

CVE-2022-27405

CVE-2022-27406

CVE-2022-31782

Bionic Stemcells

1.x versions prior to 1.92

All other stemcells not listed.

cflinuxfs3

All versions prior to 0.312.0

CF Deployment

All versions prior to 21.7.0, or later versions with Bionic Stemcells prior to 1.92

Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:

Bionic Stemcells

Upgrade 1.x versions to 1.92 or greater

All other stemcells should be upgraded to the latest version available on bosh.io.

cflinuxfs3

Upgrade all versions to 0.312.0 or greater

CF Deployment

Upgrade all versions to 21.7.0 or greater and upgrade Bionic Stemcells to 1.92 or greater

CVE-2022-29187

cflinuxfs3

All versions prior to 0.310.0

CF Deployment

All versions prior to 21.7.0

Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:

cflinuxfs3

Upgrade all versions to 0.310.0 or greater

CF Deployment

Upgrade all versions to 21.7.0 or greater

CVE-2022-2097

Bionic Stemcells

1.x versions prior to 1.91

All other stemcells not listed.

cflinuxfs3

All versions prior to 0.309.0

CF Deployment

All versions prior to 21.7.0, or later versions with Bionic Stemcells prior to 1.91

Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:

Bionic Stemcells

Upgrade 1.x versions to 1.91 or greater

All other stemcells should be upgraded to the latest version available on bosh.io.

cflinuxfs3

Upgrade all versions to 0.309.0 or greater

CF Deployment

Upgrade all versions to 21.7.0 or greater and upgrade Bionic Stemcells to 1.91 or greater

CVE-2022-34903

Bionic Stemcells

1.x versions prior to 1.91

All other stemcells not listed.

cflinuxfs3

All versions prior to 0.309.0

CF Deployment

All versions prior to 21.7.0, or later versions with Bionic Stemcells prior to 1.91

Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:

Bionic Stemcells

Upgrade 1.x versions to 1.91 or greater

All other stemcells should be upgraded to the latest version available on bosh.io.

cflinuxfs3

Upgrade all versions to 0.309.0 or greater

CF Deployment

Upgrade all versions to 21.7.0 or greater and upgrade Bionic Stemcells to 1.91 or greater

References:
https://www.cloudfoundry.org/foundryblog/security-advisory/