Advisories » MGASA-2020-0136

Updated libseccomp packages fix security vulnerability

Publication date: 10 Mar 2020
Modification date: 10 Mar 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-9893

Description

Updated libseccomp packages fix security vulnerability:

Jann Horn discovered that libseccomp did not correctly generate 64-bit
syscall argument comparisons with arithmetic operators (LT, GT, LE, GE).
An attacker could use this to bypass intended access restrictions for
argument-filtered system calls (CVE-2019-9893).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=24523
• https://usn.ubuntu.com/4001-1/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9893

SRPMS

7/core

• libseccomp-2.4.2-1.mga7