Support Content Notification - Support Portal

USN-6780-1: idna vulnerability

Product/Component

Operations Manager

2 more products

Notification Id

24730

Last Updated

22 August 2024

Initial Publication Date

22 August 2024

Status

CLOSED

Severity

MEDIUM

CVSS Base Score

WorkAround

Affected CVE

CVE-2024-3651

Severity

medium

Vendor

VMware Tanzu

Versions Affected

Canonical Ubuntu 16.04
Operations Manager Image 2.10

Description

Guido Vranken discovered that idna did not properly manage certain inputs, which could lead to significant resource consumption. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6780-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: pypy-idna - 2.0-3ubuntu0.1~esm1 python-idna - 2.0-3ubuntu0.1~esm1 python3-idna - 2.0-3ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro.

Fixed VMware Products and Versions

Platform Automation Toolkit

4.0.13 or greater
4.1.13 or greater
4.2.8 or greater

Tanzu Greenplum for Kubernetes

1.2.0 or greater

Operation Manager

3.0.30+LTS-T or greater

Operations Manager Image

3.0.30+LTS-T or greater

References

https://ubuntu.com/security/notices/USN-6780-1

ttps://www.cloudfoundry.org/blog/usn-6780-1

https://cve.mitre.org/cgi-bin/cvename.cgi?name=usn-6780-1

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24730

History

2024-05-21: Initial vulnerability report published.