Oval Definition:oval:org.opensuse.security:def:60914
Revision Date:2020-12-01Version:1
Title:Security update for libseccomp (Moderate)
Description:

This update for libseccomp fixes the following issues:

Update to new upstream release 2.4.1:

Fix a BPF generation bug where the optimizer mistakenly identified duplicate BPF code blocks.

Updated to 2.4.0 (bsc#1128828 CVE-2019-9893):

Update the syscall table for Linux v5.0-rc5 * Added support for the SCMP_ACT_KILL_PROCESS action * Added support for the SCMP_ACT_LOG action and SCMP_FLTATR_CTL_LOG attribute * Added explicit 32-bit (SCMP_AX_32(...)) and 64-bit (SCMP_AX_64(...)) argument comparison macros to help protect against unexpected sign extension * Added support for the parisc and parisc64 architectures * Added the ability to query and set the libseccomp API level via seccomp_api_get(3) and seccomp_api_set(3) * Return -EDOM on an endian mismatch when adding an architecture to a filter * Renumber the pseudo syscall number for subpage_prot() so it no longer conflicts with spu_run() * Fix PFC generation when a syscall is prioritized, but no rule exists * Numerous fixes to the seccomp-bpf filter generation code * Switch our internal hashing function to jhash/Lookup3 to MurmurHash3 * Numerous tests added to the included test suite, coverage now at ~92% * Update our Travis CI configuration to use Ubuntu 16.04 * Numerous documentation fixes and updates

Update to release 2.3.3:

Updated the syscall table for Linux v4.15-rc7

Update to release 2.3.2:

Achieved full compliance with the CII Best Practices program * Added Travis CI builds to the GitHub repository * Added code coverage reporting with the '--enable-code-coverage' configure flag and added Coveralls to the GitHub repository * Updated the syscall tables to match Linux v4.10-rc6+ * Support for building with Python v3.x * Allow rules with the -1 syscall if the SCMP\_FLTATR\_API\_TSKIP attribute is set to true * Several small documentation fixes

- ignore make check error for ppc64/ppc64le, bypass bsc#1142614
Family:unixClass:patch
Status:Reference(s):1010399
1010405
1010406
1010408
1010409
1010421
1010423
1010424
1010425
1010426
1025108
1043008
1047281
1060354
1060355
1060360
1060361
1060362
1060364
1071767
1071777
1074235
1082318
1086001
1088004
1088009
1092611
1100167
1109160
1109663
1112066
1112695
1113668
1113669
1118367
1118368
1120374
1122012
1127027
1128828
1130840
1132826
1137990
1141670
1141798
1141853
1142058
1142614
1143215
1149429
1149955
1152497
1153108
1153238
1154448
1154456
1154458
1154460
1154461
1154464
1154738
1155945
1156317
1156321
1156331
1157770
1157888
1158003
1158004
1158005
1158006
1158007
1161799
1162423
1163933
1170446
1171740
1172031
1172225
1173274
1173594
1174091
1174701
936786
959933
976955
983922
CVE-2015-3239
CVE-2015-9542
CVE-2016-2830
CVE-2016-5289
CVE-2016-5292
CVE-2016-9063
CVE-2016-9067
CVE-2016-9068
CVE-2016-9069
CVE-2016-9071
CVE-2016-9073
CVE-2016-9075
CVE-2016-9076
CVE-2016-9077
CVE-2017-14491
CVE-2017-14492
CVE-2017-14493
CVE-2017-14494
CVE-2017-14495
CVE-2017-14496
CVE-2017-17456
CVE-2017-17457
CVE-2017-7789
CVE-2018-1000802
CVE-2018-1060
CVE-2018-1061
CVE-2018-12207
CVE-2018-13139
CVE-2018-14647
CVE-2018-19131
CVE-2018-19132
CVE-2018-20852
CVE-2018-20856
CVE-2018-5150
CVE-2018-5151
CVE-2018-5152
CVE-2018-5153
CVE-2018-5154
CVE-2018-5155
CVE-2018-5157
CVE-2018-5158
CVE-2018-5159
CVE-2018-5160
CVE-2018-5163
CVE-2018-5164
CVE-2018-5165
CVE-2018-5166
CVE-2018-5167
CVE-2018-5168
CVE-2018-5169
CVE-2018-5172
CVE-2018-5173
CVE-2018-5174
CVE-2018-5175
CVE-2018-5176
CVE-2018-5177
CVE-2018-5178
CVE-2018-5179
CVE-2018-5180
CVE-2018-5181
CVE-2018-5182
CVE-2018-5183
CVE-2018-5741
CVE-2019-10220
CVE-2019-11135
CVE-2019-11757
CVE-2019-11758
CVE-2019-11759
CVE-2019-11760
CVE-2019-11761
CVE-2019-11762
CVE-2019-11763
CVE-2019-11764
CVE-2019-13272
CVE-2019-15239
CVE-2019-15903
CVE-2019-16056
CVE-2019-16935
CVE-2019-18420
CVE-2019-18421
CVE-2019-18422
CVE-2019-18423
CVE-2019-18424
CVE-2019-18425
CVE-2019-19577
CVE-2019-19578
CVE-2019-19579
CVE-2019-19580
CVE-2019-19581
CVE-2019-19582
CVE-2019-19583
CVE-2019-20807
CVE-2019-20907
CVE-2019-2614
CVE-2019-2627
CVE-2019-2737
CVE-2019-2739
CVE-2019-2740
CVE-2019-2805
CVE-2019-9893
CVE-2019-9947
CVE-2020-14422
CVE-2020-6796
CVE-2020-6797
CVE-2020-6798
CVE-2020-6799
CVE-2020-6800
CVE-2020-8616
CVE-2020-8617
CVE-2020-8695
CVE-2020-8698
SUSE-SU-2017:2618-1
SUSE-SU-2018:2065-1
SUSE-SU-2018:3771-1
SUSE-SU-2019:2941-1
SUSE-SU-2019:3297-1
SUSE-SU-2020:0384-1
SUSE-SU-2020:1117-1
SUSE-SU-2020:1550-1
SUSE-SU-2020:1914-1
SUSE-SU-2020:2699-1
SUSE-SU-2020:3279-1
Platform(s):openSUSE Leap 15.1
openSUSE Leap 15.1 NonFree
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Product(s):
Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • libqb-1.0.3+20190326.a521604-lp151.2.3 is installed
  • OR libqb-devel-1.0.3+20190326.a521604-lp151.2.3 is installed
  • OR libqb-devel-32bit-1.0.3+20190326.a521604-lp151.2.3 is installed
  • OR libqb-tests-1.0.3+20190326.a521604-lp151.2.3 is installed
  • OR libqb-tools-1.0.3+20190326.a521604-lp151.2.3 is installed
  • OR libqb20-1.0.3+20190326.a521604-lp151.2.3 is installed
  • OR libqb20-32bit-1.0.3+20190326.a521604-lp151.2.3 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 NonFree is installed
  • AND opera-68.0.3618.104-lp151.2.18 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND dnsmasq-2.78-18.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • gvim-7.4.326-17.6 is installed
  • OR vim-7.4.326-17.6 is installed
  • OR vim-data-7.4.326-17.6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • kgraft-patch-4_4_180-94_97-default-6-2 is installed
  • OR kgraft-patch-SLE12-SP3_Update_26-6-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • xen-4.9.4_06-3.59 is installed
  • OR xen-doc-html-4.9.4_06-3.59 is installed
  • OR xen-libs-4.9.4_06-3.59 is installed
  • OR xen-libs-32bit-4.9.4_06-3.59 is installed
  • OR xen-tools-4.9.4_06-3.59 is installed
  • OR xen-tools-domU-4.9.4_06-3.59 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • libpython2_7-1_0-2.7.13-28.16 is installed
  • OR libpython2_7-1_0-32bit-2.7.13-28.16 is installed
  • OR python-2.7.13-28.16 is installed
  • OR python-32bit-2.7.13-28.16 is installed
  • OR python-base-2.7.13-28.16 is installed
  • OR python-base-32bit-2.7.13-28.16 is installed
  • OR python-curses-2.7.13-28.16 is installed
  • OR python-demo-2.7.13-28.16 is installed
  • OR python-doc-2.7.13-28.16 is installed
  • OR python-doc-pdf-2.7.13-28.16 is installed
  • OR python-gdbm-2.7.13-28.16 is installed
  • OR python-idle-2.7.13-28.16 is installed
  • OR python-tk-2.7.13-28.16 is installed
  • OR python-xml-2.7.13-28.16 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • cups-filters-1.0.58-19.2 is installed
  • OR cups-filters-cups-browsed-1.0.58-19.2 is installed
  • OR cups-filters-foomatic-rip-1.0.58-19.2 is installed
  • OR cups-filters-ghostscript-1.0.58-19.2 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • libseccomp-2.4.1-11.3 is installed
  • OR libseccomp2-2.4.1-11.3 is installed
  • OR libseccomp2-32bit-2.4.1-11.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 9 is installed
  • AND mailman-2.1.17-3.23 is installed
    • BACK