PublicDateAtUSN: 2019-04-24 21:29:00 UTC Candidate: CVE-2017-18367 PublicDate: 2019-04-24 21:29:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18367 https://github.com/seccomp/libseccomp-golang/issues/22 https://github.com/seccomp/libseccomp-golang/commit/06e7a29f36a34b8cf419aeb87b979ee508e58f9e https://ubuntu.com/security/notices/USN-4574-1 Description: libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR multiple arguments rather than ANDing them. A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument. Ubuntu-Description: It was discovered that libseccomp-golang did not properly generate BPFs. If a process were running under a restrictive seccomp filter that specified multiple syscall arguments, the application could potentially bypass the intended restrictions put in place by seccomp. Notes: Bugs: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927981 Priority: medium Discovered-by: Assigned-to: CVSS: nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N [7.5 HIGH] Patches_golang-github-seccomp-libseccomp-golang: upstream_golang-github-seccomp-libseccomp-golang: released (0.9.0-2) precise/esm_golang-github-seccomp-libseccomp-golang: DNE trusty_golang-github-seccomp-libseccomp-golang: DNE trusty/esm_golang-github-seccomp-libseccomp-golang: DNE xenial_golang-github-seccomp-libseccomp-golang: released (0.0~git20150813.0.1b506fc-2+deb9u1build0.16.04.1) bionic_golang-github-seccomp-libseccomp-golang: needed cosmic_golang-github-seccomp-libseccomp-golang: ignored (reached end-of-life) disco_golang-github-seccomp-libseccomp-golang: ignored (reached end-of-life) eoan_golang-github-seccomp-libseccomp-golang: not-affected (0.9.0-2) focal_golang-github-seccomp-libseccomp-golang: not-affected (0.9.0-2) groovy_golang-github-seccomp-libseccomp-golang: not-affected (0.9.0-2) hirsute_golang-github-seccomp-libseccomp-golang: not-affected (0.9.0-2) impish_golang-github-seccomp-libseccomp-golang: not-affected (0.9.0-2) jammy_golang-github-seccomp-libseccomp-golang: not-affected (0.9.0-2) devel_golang-github-seccomp-libseccomp-golang: not-affected (0.9.0-2)