Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Debian 9: DLA-2320-1 Moderate: Golang Seccomp Access Restriction Bypass

debian lts
Calendar Grey August 11, 2020
Dist Debian Esm H88
Debian LTS Advisory DLA-2321-1 highlights vulnerabilities in certain software, prompting urgent updates.
A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument

Summary

Additionally, runc has been rebuilt with the fixed package.

For Debian 9 stretch, this problem has been fixed in version
0.0~git20150813.0.1b506fc-2+deb9u1.

We recommend that you upgrade your golang-github-seccomp-libseccomp-golang
and runc packages, and recompile own Go code using
golang-github-seccomp-libseccomp-golang.

For the detailed security status of golang-github-seccomp-libseccomp-golang please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/golang-github-seccomp-libseccomp-golang

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Severity
important
Lowest
Low
Medium
High
Critical

Package: golang-github-seccomp-libseccomp-golang
Version: 0.0~git20150813.0.1b506fc-2+deb9u1
CVE ID: CVE-2017-18367
Debian Bug: 927981

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here