Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Ubuntu 16.04 LTS USN-4574-1: Critical libseccomp-golang Bypass Risk

ubuntu
Calendar Grey October 7, 2020
Dist Ubuntu Esm H88
The Ubuntu Security Notice USN-4574-2 addresses a critical vulnerability in libseccomp-golang, which jeopardizes the integrity of system hardening protocols.
A system hardening measure could be bypassed.

Summary

A system hardening measure could be bypassed.

Software Description:

- golang-github-seccomp-libseccomp-golang: a Go-based interface to the libseccomp library

Details:

It was discovered that libseccomp-golang did not properly generate BPFs. If

a process were running under a restrictive seccomp filter that specified

multiple syscall arguments, the application could potentially bypass the

intended restrictions put in place by seccomp.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  golang-github-seccomp-libseccomp-golang-dev  0.0~git20150813.0.1b506fc-2+deb9u1build0.16.04.1

After a standard system update anything that depends on libseccomp-golang needs
to be rebuilt to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4574-1

CVE-2017-18367

Severity
critical
Lowest
Low
Medium
High
Critical

October 07, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here