Oval Definition:oval:org.opensuse.security:def:82933
Revision Date:2019-11-12Version:1
Title:Security update for libseccomp (Moderate)
Description:

This update for libseccomp fixes the following issues:

Update to new upstream release 2.4.1:

Fix a BPF generation bug where the optimizer mistakenly identified duplicate BPF code blocks.

Updated to 2.4.0 (bsc#1128828 CVE-2019-9893):

Update the syscall table for Linux v5.0-rc5 * Added support for the SCMP_ACT_KILL_PROCESS action * Added support for the SCMP_ACT_LOG action and SCMP_FLTATR_CTL_LOG attribute * Added explicit 32-bit (SCMP_AX_32(...)) and 64-bit (SCMP_AX_64(...)) argument comparison macros to help protect against unexpected sign extension * Added support for the parisc and parisc64 architectures * Added the ability to query and set the libseccomp API level via seccomp_api_get(3) and seccomp_api_set(3) * Return -EDOM on an endian mismatch when adding an architecture to a filter * Renumber the pseudo syscall number for subpage_prot() so it no longer conflicts with spu_run() * Fix PFC generation when a syscall is prioritized, but no rule exists * Numerous fixes to the seccomp-bpf filter generation code * Switch our internal hashing function to jhash/Lookup3 to MurmurHash3 * Numerous tests added to the included test suite, coverage now at ~92% * Update our Travis CI configuration to use Ubuntu 16.04 * Numerous documentation fixes and updates

Update to release 2.3.3:

Updated the syscall table for Linux v4.15-rc7

Update to release 2.3.2:

Achieved full compliance with the CII Best Practices program * Added Travis CI builds to the GitHub repository * Added code coverage reporting with the '--enable-code-coverage' configure flag and added Coveralls to the GitHub repository * Updated the syscall tables to match Linux v4.10-rc6+ * Support for building with Python v3.x * Allow rules with the -1 syscall if the SCMP\_FLTATR\_API\_TSKIP attribute is set to true * Several small documentation fixes

- ignore make check error for ppc64/ppc64le, bypass bsc#1142614
Family:unixClass:patch
Status:Reference(s):1082318
1128828
1142614
CVE-2019-9893
Platform(s):SUSE Linux Enterprise Server 12 SP2-ESPOS
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • libseccomp2-2.4.1-11.3.2 is installed
  • OR libseccomp2-32bit-2.4.1-11.3.2 is installed
  • BACK