A system hardening measure could be bypassed.
Software Description:
- golang-github-seccomp-libseccomp-golang: a Go-based interface to the libseccomp library
Details:
It was discovered that libseccomp-golang did not properly generate BPFs. If
a process were running under a restrictive seccomp filter that specified
multiple syscall arguments, the application could potentially bypass the
intended restrictions put in place by seccomp.
The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: golang-github-seccomp-libseccomp-golang-dev 0.0~git20150813.0.1b506fc-2+deb9u1build0.16.04.1 After a standard system update anything that depends on libseccomp-golang needs to be rebuilt to make all the necessary changes.
https://ubuntu.com/security/notices/USN-4574-1
CVE-2017-18367
Get the latest Linux and open source security news straight to your inbox.