Synopsis

Moderate: libseccomp security, bug fix, and enhancement update

Type/Severity

Security Advisory: Moderate

Topic

An update for libseccomp is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libseccomp library provides an interface to the Linux Kernel's syscall filtering mechanism, seccomp. The libseccomp API allows an application to specify which system calls or system call arguments the application is allowed to execute, all of which are then enforced by the Linux Kernel.

The following packages have been upgraded to a later upstream version: libseccomp (2.4.1). (BZ#1688938)

Security Fix(es):

• libseccomp: incorrect generation of syscall filters in libseccomp (CVE-2019-9893)
  

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat Enterprise Linux for x86_64 8 x86_64
• Red Hat Enterprise Linux for IBM z Systems 8 s390x
• Red Hat Enterprise Linux for Power, little endian 8 ppc64le
• Red Hat Enterprise Linux for ARM 64 8 aarch64
• Red Hat CodeReady Linux Builder for x86_64 8 x86_64
• Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
• Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
• Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x

Fixes

• BZ - 1688938 - Rebase libseccomp to version 2.4
• BZ - 1690897 - CVE-2019-9893 libseccomp: incorrect generation of syscall filters in libseccomp

CVEs

• CVE-2019-9893

References

• https://access.redhat.com/security/updates/classification/#moderate
• https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/

Red Hat Enterprise Linux for x86_64 8

SRPM
libseccomp-2.4.1-1.el8.src.rpm	SHA-256: b13540379d037beb85c9339141d54db73364437933fe3320afb79ce8cc7ff44d
x86_64
libseccomp-2.4.1-1.el8.i686.rpm	SHA-256: f0e907821b083a53c5f415c5e9d6b9b3f1ee6bf9d580755e514f08a8cc32c58e
libseccomp-2.4.1-1.el8.x86_64.rpm	SHA-256: 40db12177b9f8953256ebe8da2c9f6d67a6d6d4ad437b95fc1c112ecaaac3edc
libseccomp-debuginfo-2.4.1-1.el8.i686.rpm	SHA-256: f0f27f2dc6328be6056fcb0f5b5276b9f5484a42ff25425e940a2c5a55f60bdb
libseccomp-debuginfo-2.4.1-1.el8.x86_64.rpm	SHA-256: 175295998a5afdd8b81fa8fe97b73baf7342be4bd7f2bda811acce0b19d7519a
libseccomp-debugsource-2.4.1-1.el8.i686.rpm	SHA-256: d6926045805fd860f7fe80c7fd4c301222ec11915248c531e0ca5c94ebeebe5c
libseccomp-debugsource-2.4.1-1.el8.x86_64.rpm	SHA-256: 1ff2768b8677838739a41d0fa97b8a662bdc3b3b91851f5ce9963f741c26f697
libseccomp-devel-debuginfo-2.4.1-1.el8.i686.rpm	SHA-256: ee8205ee5c2838847462e9b845d2fc6347327b43739085cd29a5fe083e575f2c
libseccomp-devel-debuginfo-2.4.1-1.el8.x86_64.rpm	SHA-256: 80fe13153c02e9db84d5d50c8c9f8e0d953cd66f04c9f18d6610de8a55eec98e

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
libseccomp-2.4.1-1.el8.src.rpm	SHA-256: b13540379d037beb85c9339141d54db73364437933fe3320afb79ce8cc7ff44d
s390x
libseccomp-2.4.1-1.el8.s390x.rpm	SHA-256: 4dd35cd8eeb1b33dafb05a476df6eaaf26dcb5442e0f9c08d547bfd73f226d8f
libseccomp-debuginfo-2.4.1-1.el8.s390x.rpm	SHA-256: 31387ed80049a8f0419074f6b97d52c2307e72dda065282318e9ff830c6249bd
libseccomp-debugsource-2.4.1-1.el8.s390x.rpm	SHA-256: 68f402f195ced1ac97350fe57c48a619f54b6c5ea159ab8b7e4d87645223d86c
libseccomp-devel-debuginfo-2.4.1-1.el8.s390x.rpm	SHA-256: 209ab194c9d04059b38dbe240ada53b00e41aad0943f17b747f2166d5b09f20c

Red Hat Enterprise Linux for Power, little endian 8

SRPM
libseccomp-2.4.1-1.el8.src.rpm	SHA-256: b13540379d037beb85c9339141d54db73364437933fe3320afb79ce8cc7ff44d
ppc64le
libseccomp-2.4.1-1.el8.ppc64le.rpm	SHA-256: aaf521ad53b072439c8d06245a1264751de287e17d75947c885a641eddc2664f
libseccomp-debuginfo-2.4.1-1.el8.ppc64le.rpm	SHA-256: e0f4ccc8e511eef7723581aa7c6993ae5848928d51f50b9cc29f347a45c59c4d
libseccomp-debugsource-2.4.1-1.el8.ppc64le.rpm	SHA-256: 3b58edc829cc862a461a7fa5aede569a9faecd0c01713d863e0ff6dfb11e8616
libseccomp-devel-debuginfo-2.4.1-1.el8.ppc64le.rpm	SHA-256: 9cf453658e2cc4e846d4ad9900424b594a4d6d813684cb62bea6b58c69620e13

Red Hat Enterprise Linux for ARM 64 8

SRPM
libseccomp-2.4.1-1.el8.src.rpm	SHA-256: b13540379d037beb85c9339141d54db73364437933fe3320afb79ce8cc7ff44d
aarch64
libseccomp-2.4.1-1.el8.aarch64.rpm	SHA-256: 1593c2fbab45bc6400173d92bd751c86500ebb64dbe87c1c02938244dc0d6410
libseccomp-debuginfo-2.4.1-1.el8.aarch64.rpm	SHA-256: 0ff62dbed1b95d90589ac9d4131de433a06c2526f19cef999c8c5bb96cf270c3
libseccomp-debugsource-2.4.1-1.el8.aarch64.rpm	SHA-256: 54f292fcefb10db4ca660ea77044760c60c2bf4995c6a96987abf4c0dbf347b0
libseccomp-devel-debuginfo-2.4.1-1.el8.aarch64.rpm	SHA-256: 8810338f33c12b77cf72a5794378175a294c2cd8f4244840f8248c0822fb4afb

Red Hat CodeReady Linux Builder for x86_64 8

SRPM
x86_64
libseccomp-debuginfo-2.4.1-1.el8.i686.rpm	SHA-256: f0f27f2dc6328be6056fcb0f5b5276b9f5484a42ff25425e940a2c5a55f60bdb
libseccomp-debuginfo-2.4.1-1.el8.x86_64.rpm	SHA-256: 175295998a5afdd8b81fa8fe97b73baf7342be4bd7f2bda811acce0b19d7519a
libseccomp-debugsource-2.4.1-1.el8.i686.rpm	SHA-256: d6926045805fd860f7fe80c7fd4c301222ec11915248c531e0ca5c94ebeebe5c
libseccomp-debugsource-2.4.1-1.el8.x86_64.rpm	SHA-256: 1ff2768b8677838739a41d0fa97b8a662bdc3b3b91851f5ce9963f741c26f697
libseccomp-devel-2.4.1-1.el8.i686.rpm	SHA-256: 25508186907d6ef3f091ede65748dedb946b5ab36c86de67cbf8d8eb814ce7f1
libseccomp-devel-2.4.1-1.el8.x86_64.rpm	SHA-256: 7a72f99ee0ab667b09899f8fbe89b554eede39898a46eeac83211bf7eabde820
libseccomp-devel-debuginfo-2.4.1-1.el8.i686.rpm	SHA-256: ee8205ee5c2838847462e9b845d2fc6347327b43739085cd29a5fe083e575f2c
libseccomp-devel-debuginfo-2.4.1-1.el8.x86_64.rpm	SHA-256: 80fe13153c02e9db84d5d50c8c9f8e0d953cd66f04c9f18d6610de8a55eec98e

Red Hat CodeReady Linux Builder for Power, little endian 8

SRPM
ppc64le
libseccomp-debuginfo-2.4.1-1.el8.ppc64le.rpm	SHA-256: e0f4ccc8e511eef7723581aa7c6993ae5848928d51f50b9cc29f347a45c59c4d
libseccomp-debugsource-2.4.1-1.el8.ppc64le.rpm	SHA-256: 3b58edc829cc862a461a7fa5aede569a9faecd0c01713d863e0ff6dfb11e8616
libseccomp-devel-2.4.1-1.el8.ppc64le.rpm	SHA-256: d855b77abfd1b77eedbb967214de419e3e9c47219156ce513815320a43fd150d
libseccomp-devel-debuginfo-2.4.1-1.el8.ppc64le.rpm	SHA-256: 9cf453658e2cc4e846d4ad9900424b594a4d6d813684cb62bea6b58c69620e13

Red Hat CodeReady Linux Builder for ARM 64 8

SRPM
aarch64
libseccomp-debuginfo-2.4.1-1.el8.aarch64.rpm	SHA-256: 0ff62dbed1b95d90589ac9d4131de433a06c2526f19cef999c8c5bb96cf270c3
libseccomp-debugsource-2.4.1-1.el8.aarch64.rpm	SHA-256: 54f292fcefb10db4ca660ea77044760c60c2bf4995c6a96987abf4c0dbf347b0
libseccomp-devel-2.4.1-1.el8.aarch64.rpm	SHA-256: df37390ebbfb05afa2c1472e9df7fcdd3e9623100e19e97b8b2f2ab6d0e215f7
libseccomp-devel-debuginfo-2.4.1-1.el8.aarch64.rpm	SHA-256: 8810338f33c12b77cf72a5794378175a294c2cd8f4244840f8248c0822fb4afb

Red Hat CodeReady Linux Builder for IBM z Systems 8

SRPM
s390x
libseccomp-debuginfo-2.4.1-1.el8.s390x.rpm	SHA-256: 31387ed80049a8f0419074f6b97d52c2307e72dda065282318e9ff830c6249bd
libseccomp-debugsource-2.4.1-1.el8.s390x.rpm	SHA-256: 68f402f195ced1ac97350fe57c48a619f54b6c5ea159ab8b7e4d87645223d86c
libseccomp-devel-2.4.1-1.el8.s390x.rpm	SHA-256: cc73f44fad70fc9a755255e648b4c5ed2b33d4d12fec6aec4721fe1857529151
libseccomp-devel-debuginfo-2.4.1-1.el8.s390x.rpm	SHA-256: 209ab194c9d04059b38dbe240ada53b00e41aad0943f17b747f2166d5b09f20c