[SECURITY] [DLA 2320-1] golang-github-seccomp-libseccomp-golang security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2320-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/
August 10, 2020 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : golang-github-seccomp-libseccomp-golang
Version : 0.0~git20150813.0.1b506fc-2+deb9u1
CVE ID : CVE-2017-18367
Debian Bug : 927981
A process running under a restrictive seccomp filter that specified
multiple syscall arguments could bypass intended access restrictions by
specifying a single matching argument.
Additionally, runc has been rebuilt with the fixed package.
For Debian 9 stretch, this problem has been fixed in version
0.0~git20150813.0.1b506fc-2+deb9u1.
We recommend that you upgrade your golang-github-seccomp-libseccomp-golang
and runc packages, and recompile own Go code using
golang-github-seccomp-libseccomp-golang.
For the detailed security status of golang-github-seccomp-libseccomp-golang please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/golang-github-seccomp-libseccomp-golang
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl8yWLUACgkQiNJCh6LY
mLEmXxAAnBoGPtHAX1fM2zHnYh5GByVCrXktxBCXus7OFhR1aSbMgsCIlv1/NXrg
w1StkihnAsbuM65T6R4C2Foi5UoBwtSbK8YGSUj9mHPRvdF/Tq1f2JPVp4NV+hKF
aZt3QN3sIU2orNkhtwv9nZ995sMcVRscG2GQccak4xA5ERCA5L4ftBqiNeO6F10Q
foLUSJoMBJgJFlGgvUeY+3DDVYFAgPg9Hklrd0E+2PkYGQndQGIAXYK7GS7zMz+6
Rl7RppaQSwwY3L8kzGDsmuYcthFi7dYKEFX/jWx4sfoVv43TglbmHPr0vMLmxBLa
RAzOZeU+wUAHWbG+v5/hfIDPkVvEXuM016S1YHAVo06OZ/vPicOkWuxJovG3k7vP
HAB1S5QcU9189s2YHX27bRlwuRORPmdHQODq/H7UeQEvMBD3M/TqcYDl/xeRREvM
hMtSitTSt6XLi4puZ9gKzC0/d8sj4HD72w1aZsjeKul2Yvu7MlLdSRcsrD/7Yb3l
sbxH0uC4PQVLvx99VY17fp2jSGEQL5ClF5fYTaLAbKpAWVNExH5AQlqYAJS2rvI1
ZKeqz8UAJ/URAthUEVfrBiWb7qCPoWDEV8kvDurf+mSIHol8ute8BTP/fKe/Uxdx
q/4Fn0Fu1symZjsuXUTwTiFFG0rd9tH/mAOCa4Lwen5USzs/mTM=
=5aB7
-----END PGP SIGNATURE-----
Reply to: