[USN-4574-1] libseccomp-golang vulnerability

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[USN-4574-1] libseccomp-golang vulnerability

Mike Salvatore
==========================================================================
Ubuntu Security Notice USN-4574-1
October 07, 2020

golang-github-seccomp-libseccomp-golang vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

A system hardening measure could be bypassed.

Software Description:
- golang-github-seccomp-libseccomp-golang: a Go-based interface to the libseccomp library

Details:

It was discovered that libseccomp-golang did not properly generate BPFs. If
a process were running under a restrictive seccomp filter that specified
multiple syscall arguments, the application could potentially bypass the
intended restrictions put in place by seccomp.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  golang-github-seccomp-libseccomp-golang-dev  0.0~git20150813.0.1b506fc-2+deb9u1build0.16.04.1

After a standard system update anything that depends on libseccomp-golang needs
to be rebuilt to make all the necessary changes.

References:
  https://usn.ubuntu.com/4574-1
  CVE-2017-18367

Package Information:
  https://launchpad.net/ubuntu/+source/golang-github-seccomp-libseccomp-golang/0.0~git20150813.0.1b506fc-2+deb9u1build0.16.04.1


--
ubuntu-security-announce mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

signature.asc (849 bytes) Download Attachment