RHCOS 3 : OpenShift Container Platform 3.11 atomic-openshift (RHSA-2020:2479)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2479 advisory. - libseccomp-golang: mishandling of multiple argument rules leading to a bypass of intended access restrictions CVE-2017-18367 -...

SUSE: Security Advisory (SUSE-SU-2022:2165-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

NewStart CGSL CORE 5.05 / MAIN 5.05 : docker-ce Multiple Vulnerabilities (NS-SA-2021-0138)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has docker-ce packages installed that are affected by multiple vulnerabilities: - Lack of content verification in Docker-CE Also known as Moby versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2,...

Improper Input Validation in libseccomp-golang

libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR multiple arguments rather than ANDing them. A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument...

GHSA-58V3-J75H-XR49 Improper Input Validation in libseccomp-golang

libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR multiple arguments rather than ANDing them. A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument...

GO-2020-0007 Improper input validation in github.com/seccomp/libseccomp-golang

Filters containing rules with multiple syscall arguments are improperly constructed, such that all arguments are required to match rather than any of the arguments AND is used rather than OR. These filters can be bypassed by only specifying a subset of the arguments due to this behavior...

Ubuntu 16.04 LTS : libseccomp-golang vulnerability (USN-4574-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4574-1 advisory. It was discovered that libseccomp-golang did not properly generate BPFs. If a process were running under a restrictive seccomp filter that specified multiple...

DLA-2320-1 golang-github-seccomp-libseccomp-golang - security update

Bulletin has no description...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 3.11 atomic-openshift security update

An update for atomic-openshift is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

RHEL 7 / 8 : OpenShift Container Platform 4.1 openshift (RHSA-2019:4087)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:4087 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.1 libseccomp-golang security update

An update for openshift-enterprise-cli-container, openshift-enterprise-hyperkube-container, openshift-enterprise-hypershift-container, openshift-enterprise-node-container, and ose-cli-artifacts-container is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has...

libseccomp-golang: mishandling of multiple argument rules leading to a bypass of intended access restrictions

libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR multiple arguments rather than ANDing them. A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.1 openshift security update

An update for openshift is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2017-18367

libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR multiple arguments rather than ANDing them. A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument...

Design/Logic Flaw

libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR multiple arguments rather than ANDing them. A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument...

CVE-2017-18367

libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR multiple arguments rather than ANDing them. A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument...

CVE-2017-18367

libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR multiple arguments rather than ANDing them. A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument...

CVE-2017-18367

CVE-2017-18367 affects libseccomp-golang 0.9.0 and earlier. The root cause is that the BPFs generated by libseccomp-golang OR multiple syscall-argument checks instead of ANDing them, enabling a process under a restrictive seccomp filter that specifies multiple arguments to bypass the intended acc...