Re: USN-3151-2: Linux kernel (Xenial HWE) vulnerability

Molly Crowther

Hi Marco,

Thanks for the feedback - I do usually include the Ubuntu link in the
postings but overlooked it this time (and just added it on the site). I
agree it's annoying to have to copy-paste out the link. :)


On Thu, Dec 8, 2016 at 11:35 PM, Voelz, Marco <marco.voelz(a)> wrote:

Dear Molly,

thanks for pushing these security notifications to the cloudfoundry site
and this mailing list!

One small suggestion: Could you please include a link to the original
source of the vulnerability posting, in this case to the Ubuntu USN?
Otherwise, everybody just has to copy out the USN-id, open the Ubuntu USN
page, paste it to find the original notice.

Thanks and warm regards


*From: *Molly Crowther <mcrowther(a)>
*Reply-To: *"Discussions about Cloud Foundry projects and the system
overall." <cf-dev(a)>
*Date: *Thursday, 8 December 2016 at 00:26
*To: *"Discussions about Cloud Foundry projects and the system overall." <
*Subject: *[cf-dev] USN-3151-2: Linux kernel (Xenial HWE) vulnerability

The following notice has been posted to

It details the information for the new versions of the BOSH stemcell that
mitigate a high-severity kernel CVE.

Users are strongly encouraged to upgrade BOSH stemcells in all deployments
to one of the following versions:

· Upgrade all earlier versions to 3151.5

· Upgrade 3233.x versions to 3233.6 or later

· Upgrade 3263.x versions to 3263.12 or later

· Upgrade 3312.x versions to to 3312.7 or later


Molly Crowther

Cloud Foundry Foundation Security Team

Join { to automatically receive all group messages.