Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 543
Alerts This Week
Warning Icon 1 543

Urgent Security Alert: Ubuntu 4001-1 Libseccomp Critical Access Issue

ubuntu
Calendar Grey May 30, 2019
Dist Ubuntu Esm H88
Ubuntu Security Notice USN-4001-1 highlights a libseccomp flaw that allows unintended access to system calls.
libseccomp could allow unintended access to system calls.

Summary

libseccomp could allow unintended access to system calls.

Software Description:

- libseccomp: library for working with the Linux seccomp filter

Details:

Jann Horn discovered that libseccomp did not correctly generate 64-bit

syscall argument comparisons with arithmetic operators (LT, GT, LE, GE).

An attacker could use this to bypass intended access restrictions for

argument-filtered system calls.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
  libseccomp2                     2.4.1-0ubuntu0.19.04.3

Ubuntu 18.10:
  libseccomp2                     2.4.1-0ubuntu0.18.10.3

Ubuntu 18.04 LTS:
  libseccomp2                     2.4.1-0ubuntu0.18.04.2

Ubuntu 16.04 LTS:
  libseccomp2                     2.4.1-0ubuntu0.16.04.2

This update uses a new upstream release which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References

https://ubuntu.com/security/notices/USN-4001-1

CVE-2019-9893

Severity
critical
Lowest
Low
Medium
High
Critical

May 30, 2019

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.