CVE-2019-9893 in Ubuntu

CVE-2019-9893 (retired)

Priority

Description

libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument
comparisons using the arithmetic operators (LT, GT, LE, GE), which might
able to lead to bypassing seccomp filters and potential privilege
escalations.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9893
https://www.openwall.com/lists/oss-security/2019/03/15/1
http://www.paul-moore.com/blog/d/2019/03/libseccomp_v240.html
https://usn.ubuntu.com/usn/usn-4001-1
https://usn.ubuntu.com/usn/usn-4001-2

Package

Source: libseccomp (LP Ubuntu Debian)

Upstream:	released (2.4.0)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	released (2.4.1-0ubuntu0.14.04.2)
Ubuntu 16.04 LTS (Xenial Xerus):	released (2.4.1-0ubuntu0.16.04.2)
Ubuntu 18.04 LTS (Bionic Beaver):	released (2.4.1-0ubuntu0.18.04.2)
Ubuntu 18.10 (Cosmic Cuttlefish):	released (2.4.1-0ubuntu0.18.10.3)
Ubuntu 19.04 (Disco Dingo):	released (2.4.1-0ubuntu0.19.04.3)
Ubuntu 19.10 (Eoan):	released (2.4.1-0ubuntu0.19.10.3)

More Information

Updated: 2019-05-31 00:14:53 UTC (commit f50d68ea5ecbc1dd8c1423a3031c978e8ea1f141)