USN-4001-1: libseccomp vulnerability

Publication date

30 May 2019

Overview

libseccomp could allow unintended access to system calls.


Packages

  • libseccomp - library for working with the Linux seccomp filter

Details

Jann Horn discovered that libseccomp did not correctly generate 64-bit
syscall argument comparisons with arithmetic operators (LT, GT, LE, GE).
An attacker could use this to bypass intended access restrictions for
argument-filtered system calls.

Jann Horn discovered that libseccomp did not correctly generate 64-bit
syscall argument comparisons with arithmetic operators (LT, GT, LE, GE).
An attacker could use this to bypass intended access restrictions for
argument-filtered system calls.

Update instructions

This update uses a new upstream release which includes additional bug fixes. In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
19.04 disco libseccomp2 –  2.4.1-0ubuntu0.19.04.3
18.10 cosmic libseccomp2 –  2.4.1-0ubuntu0.18.10.3
18.04 bionic libseccomp2 –  2.4.1-0ubuntu0.18.04.2
16.04 xenial libseccomp2 –  2.4.1-0ubuntu0.16.04.2

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.


Have additional questions?

Talk to a member of the team ›