Alerts This Week
Warning Icon 1 684
Alerts This Week
Warning Icon 1 684

openSUSE: 2019:2283-1 Moderate: libseccomp Syscall Filter Fix

opensuse
Calendar Grey October 7, 2019
Dist Opensuse Esm H88
A new release for openSUSE addressing a significant vulnerability in libseccomp, also incorporating crucial bug corrections.
An update that solves one vulnerability and has two fixes is now available.

Description

This update for libseccomp fixes the following issues:

Security issues fixed:

- CVE-2019-9893: An incorrect generation of syscall filters in libseccomp

was fixed (bsc#1128828)

libseccomp was updated to new upstream release 2.4.1:

- Fix a BPF generation bug where the optimizer mistakenly identified

duplicate BPF code blocks.

libseccomp was updated to 2.4.0 (bsc#1128828 CVE-2019-9893):

- Update the syscall table for Linux v5.0-rc5

- Added support for the SCMP_ACT_KILL_PROCESS action

- Added support for the SCMP_ACT_LOG action and SCMP_FLTATR_CTL_LOG

attribute

- Added explicit 32-bit (SCMP_AX_32(...)) and 64-bit (SCMP_AX_64(...))

argument comparison macros to help protect against unexpected sign

extension

- Added support for the parisc and parisc64 architectures

- Added the ability to query and set the libseccomp API level via

seccomp_api_get(3) and seccomp_api_set(3)

- Return -EDOM on an endian mismatch when...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory moderate security issue bug fix openSUSE libseccomp syscall filter

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2019-2283=1

Package List

- openSUSE Leap 15.1 (i586 x86_64):

libseccomp-debugsource-2.4.1-lp151.3.3.1

libseccomp-devel-2.4.1-lp151.3.3.1

libseccomp-tools-2.4.1-lp151.3.3.1

libseccomp-tools-debuginfo-2.4.1-lp151.3.3.1

libseccomp2-2.4.1-lp151.3.3.1

libseccomp2-debuginfo-2.4.1-lp151.3.3.1

- openSUSE Leap 15.1 (x86_64):

libseccomp2-32bit-2.4.1-lp151.3.3.1

libseccomp2-32bit-debuginfo-2.4.1-lp151.3.3.1

References

https://www.suse.com/security/cve/CVE-2019-9893.html

https://bugzilla.suse.com/1082318

https://bugzilla.suse.com/1128828

https://bugzilla.suse.com/1142614

--

Announcement ID: openSUSE-SU-2019:2283-1
Rating: moderate
Affected Products: openSUSE Leap 15.1 le.

Topics%20covered

Topics Covered

security advisory moderate security issue bug fix openSUSE libseccomp syscall filter

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here