Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cloudfoundryCloud FoundryCFOUNDRY:55901F08D5BF62D06CD63C555882D1EF
HistoryAug 12, 2019 - 12:00 a.m.

CVE-2019-9893: Dependency on vulnerable version of libseccomp | Cloud Foundry

2019-08-1200:00:00
Cloud Foundry
www.cloudfoundry.org
20
JSON

Severity

Critical

Vendor

The libseccomp Project

Affected Cloud Foundry Products and Versions

  • cf-deployment
    • All versions prior to v11.0.0
  • Bosh Process Manager (BPM)
    • All versions prior to v1.1.1
  • Garden-runC
    • All versions prior to v1.19.5

Description

cf-deployment has dependencies on Garden-runC and BPM. Garden-runC and BPM have a dependency on libseccomp.

libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations.

Mitigation

Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:

  • cf-deployment
    • Upgrade All versions to v11.0.0 or greater
  • BPM
    • Upgrade All versions to v1.1.1 or greater
  • Garden-runC
    • Upgrade All versions to v1.19.5 or greater

History

2019-08-12: Initial vulnerability report published.

Related

nessus 18
openvas 12
suse 2
altlinux 1
oraclelinux 1
redhat 1
alpinelinux 1
ubuntucve 1
ubuntu 2
gentoo 1
redhatcve 1
veracode 1
osv 1
rosalinux 1
amazon 1
mageia 1
prion 1
debiancve 1
cloudfoundry 1
cve 1
photon 6
redos 1
nessus
nessus
EulerOS 2.0 SP5 : libseccomp (EulerOS-SA-2019-1794)
2019-08-23 00:00:00
Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : libseccomp vulnerability (USN-4001-1)
2019-05-31 00:00:00
Ubuntu 14.04 LTS : libseccomp vulnerability (USN-4001-2)
2019-05-31 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2019:2941-1)
2021-04-19 00:00:00
Huawei EulerOS: Security Advisory for libseccomp (EulerOS-SA-2019-1794)
2020-01-23 00:00:00
openSUSE: Security Advisory for libseccomp (openSUSE-SU-2019:2280-1)
2019-10-08 00:00:00
suse
suse
Security update for libseccomp (moderate)
2019-10-07 00:00:00
Security update for libseccomp (moderate)
2019-10-07 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package libseccomp version 2.4.0-alt1
2019-04-01 00:00:00
oraclelinux
oraclelinux
libseccomp security, bug fix, and enhancement update
2019-11-14 00:00:00
redhat
redhat
(RHSA-2019:3624) Moderate: libseccomp security, bug fix, and enhancement update
2019-11-05 18:08:14
alpinelinux
alpinelinux
CVE-2019-9893
2019-03-21 16:01:00
ubuntucve
ubuntucve
CVE-2019-9893
2019-03-21 00:00:00
ubuntu
ubuntu
libseccomp vulnerability
2019-05-30 00:00:00
libseccomp vulnerability
2019-05-30 00:00:00
gentoo
gentoo
libseccomp: Privilege escalation
2019-04-17 00:00:00
redhatcve
redhatcve
CVE-2019-9893
2019-03-22 07:50:08
veracode
veracode
Authorization Bypass
2019-11-06 00:21:06
osv
osv
CVE-2019-9893
2019-03-21 16:01:17
rosalinux
rosalinux
Advisory ROSA-SA-2021-1889
2021-07-02 17:16:31
amazon
amazon
Medium: libseccomp
2019-11-11 17:39:00
mageia
mageia
Updated libseccomp packages fix security vulnerability
2020-03-10 22:04:50
prion
prion
Code injection
2019-03-21 16:01:00
debiancve
debiancve
CVE-2019-9893
2019-03-21 16:01:00
cloudfoundry
cloudfoundry
USN-4001-1: libseccomp vulnerability | Cloud Foundry
2019-06-18 00:00:00
cve
cve
CVE-2019-9893
2019-03-21 16:01:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-1.0-0228
2019-04-25 00:00:00
Critical Photon OS Security Update - PHSA-2019-0228
2019-04-25 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-2.0-0149
2019-04-05 00:00:00
redos
redos
ROS-20240412-06
2024-04-12 00:00:00
JSON
Related for CFOUNDRY:55901F08D5BF62D06CD63C555882D1EF
nessus18openvas12suse2altlinux1oraclelinux1redhat1alpinelinux1ubuntucve1ubuntu2gentoo1redhatcve1veracode1osv1rosalinux1amazon1mageia1prion1debiancve1cloudfoundry1cve1photon6redos1