openSUSE Security Update : libseccomp (openSUSE-2019-2280)

critical Nessus Plugin ID 129708

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for libseccomp fixes the following issues :

Security issues fixed :

- CVE-2019-9893: An incorrect generation of syscall filters in libseccomp was fixed (bsc#1128828)

libseccomp was updated to new upstream release 2.4.1 :

- Fix a BPF generation bug where the optimizer mistakenly identified duplicate BPF code blocks.

libseccomp was updated to 2.4.0 (bsc#1128828 CVE-2019-9893) :

- Update the syscall table for Linux v5.0-rc5

- Added support for the SCMP_ACT_KILL_PROCESS action

- Added support for the SCMP_ACT_LOG action and SCMP_FLTATR_CTL_LOG attribute

- Added explicit 32-bit (SCMP_AX_32(...)) and 64-bit (SCMP_AX_64(...)) argument comparison macros to help protect against unexpected sign extension

- Added support for the parisc and parisc64 architectures

- Added the ability to query and set the libseccomp API level via seccomp_api_get(3) and seccomp_api_set(3)

- Return -EDOM on an endian mismatch when adding an architecture to a filter

- Renumber the pseudo syscall number for subpage_prot() so it no longer conflicts with spu_run()

- Fix PFC generation when a syscall is prioritized, but no rule exists

- Numerous fixes to the seccomp-bpf filter generation code

- Switch our internal hashing function to jhash/Lookup3 to MurmurHash3

- Numerous tests added to the included test suite, coverage now at ~92%

- Update our Travis CI configuration to use Ubuntu 16.04

- Numerous documentation fixes and updates

libseccomp was updated to release 2.3.3 :

- Updated the syscall table for Linux v4.15-rc7

This update was imported from the SUSE:SLE-15:Update update project.

Solution

Update the affected libseccomp packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1082318

https://bugzilla.opensuse.org/show_bug.cgi?id=1128828

https://bugzilla.opensuse.org/show_bug.cgi?id=1142614

Plugin Details

Severity: Critical

ID: 129708

File Name: openSUSE-2019-2280.nasl

Version: 1.4

Type: local

Agent: unix

Published: 10/8/2019

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:libseccomp-debugsource, p-cpe:/a:novell:opensuse:libseccomp-devel, p-cpe:/a:novell:opensuse:libseccomp-tools, p-cpe:/a:novell:opensuse:libseccomp-tools-debuginfo, p-cpe:/a:novell:opensuse:libseccomp2, p-cpe:/a:novell:opensuse:libseccomp2-32bit, p-cpe:/a:novell:opensuse:libseccomp2-32bit-debuginfo, p-cpe:/a:novell:opensuse:libseccomp2-debuginfo, cpe:/o:novell:opensuse:15.0

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 10/7/2019

Vulnerability Publication Date: 3/21/2019

Reference Information

CVE: CVE-2019-9893