libseccomp 2.4.0 - Incorrect Compilation of Arithmetic Comparisons

libseccomp 2.4.0 - Incorrect Compilation of Arithmetic Comparisons When libseccomp compiles filters for 64-bit systems, it needs to split 64-bit comparisons into 32-bit comparisons because classic BPF can't operate on 64-bit values directly. libseccomp offers both bitwise comparisons NE, EQ,...

libseccomp < 2.4.0 - Incorrect Compilation of Arithmetic Comparisons Exploit

When libseccomp compiles filters for 64-bit systems, it needs to split 64-bit comparisons into 32-bit comparisons because classic BPF can't operate on 64-bit values directly. libseccomp offers both bitwise comparisons NE, EQ, MASKEDEQ and arithmetic comparisons LT, LE, GE, GT. Bitwise comparisons...

libseccomp Incorrect Compilation Of Arithmetic Comparisons

libseccomp: incorrect compilation of arithmetic comparisons When libseccomp compiles filters for 64-bit systems, it needs to split 64-bit comparisons into 32-bit comparisons because classic BPF can't operate on 64-bit values directly. libseccomp offers both bitwise comparisons NE, EQ, MASKEDEQ an...

Android Kernel 4.8 - ptrace seccomp Filter Bypass

Android Kernel 4.8 - ptrace seccomp Filter Bypass / The seccomp.2 manpage http://man7.org/linux/man-pages/man2/seccomp.2.html documents: Before kernel 4.8, the seccomp check will not be run again after the tracer is notified. This means that, on older ker‐ nels, seccomp-based sandboxes must not...

Android Kernel < 4.8 - ptrace seccomp Filter Bypass Exploit

/ The seccomp.2 manpage http://man7.org/linux/man-pages/man2/seccomp.2.html documents: Before kernel 4.8, the seccomp check will not be run again after the tracer is notified. This means that, on older ker‐ nels, seccomp-based sandboxes must not allow use of ptrace2—even of other sandboxed...

Android Kernel &lt; 4.8 - ptrace seccomp Filter Bypass

/ The seccomp.2 manpage http://man7.org/linux/man-pages/man2/seccomp.2.html documents: Before kernel 4.8, the seccomp check will not be run again after the tracer is notified. This means that, on older ker‐ nels, seccomp-based sandboxes must not allow use of ptrace2—even of other sandboxed...

runc security update

1.0.0-19.rc5.git4bb1fe4.0.3.el7 - Apply patch for CVE-2019-5736 Wiekus Beukes 1.0.0-19.rc5.git4bb1fe4.0.2.el7 - update Go version to 1.10.8, fix version string Laszlo Laca Peter 1.0.0-19.rc5.git4bb1fe4.0.1.el7 - Tuning .spec file 2:1.0.0-19.rc5.git4bb1fe4 - release v1.0.0rc5...

SUSE SLED15 / SLES15 Security Update : containerd, docker / go (SUSE-SU-2018:4297-1)

This update for containerd, docker and go fixes the following issues : containerd and docker : Add backport for building containerd bsc1102522, bsc1113313 Upgrade to containerd v1.1.2, which is required for Docker v18.06.1-ce. bsc1102522 Enable seccomp support on SLE12 fate325877 Update to...

openSUSE: Security Advisory for containerd (openSUSE-SU-2018:4306-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : containerd / docker and go (openSUSE-2018-1626)

This update for containerd, docker and go fixes the following issues : containerd and docker : - Add backport for building containerd bsc1102522, bsc1113313 - Upgrade to containerd v1.1.2, which is required for Docker v18.06.1-ce. bsc1102522 - Enable seccomp support fate325877 - Update to...

Security update for containerd, docker and go (important)

This update for containerd, docker and go fixes the following issues: containerd and docker: - Add backport for building containerd bsc1102522, bsc1113313 - Upgrade to containerd v1.1.2, which is required for Docker v18.06.1-ce. bsc1102522 - Enable seccomp support fate325877 - Update to container...

SUSE-SU-2018:4297-1 Security update for containerd, docker and go

This update for containerd, docker and go fixes the following issues: containerd and docker: - Add backport for building containerd bsc1102522, bsc1113313 - Upgrade to containerd v1.1.2, which is required for Docker v18.06.1-ce. bsc1102522 - Enable seccomp support on SLE12 fate325877 - Update to...

SUSE SLES12 Security Update : qemu (SUSE-SU-2018:4237-1)

This update for qemu fixes the following issues : Security issues fixed : CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use...

SUSE-SU-2018:4237-1 Security update for qemu

This update for qemu fixes the following issues: Security issues fixed: - CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use...

SUSE SLES12 Security Update : qemu (SUSE-SU-2018:3973-1)

This update for qemu fixes the following issues : Security issues fixed : CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use...

SUSE-SU-2018:3975-1 Security update for kvm

This update for kvm fixes the following issues: Security issues fixed: - CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use...

SUSE-SU-2018:3912-1 Security update for qemu

This update for qemu fixes the following issues: Security issues fixed: - CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use...

qemu security update

15:3.0.0-1.el7 - net: ignore packet size greater than INTMAX Jason Wang Orabug: 28763782 CVE-2018-17963 - pcnet: fix possible buffer overflow Jason Wang Orabug: 28763774 CVE-2018-17962 - rtl8139: fix possible out of bound access Jason Wang Orabug: 28763765 CVE-2018-17958 - ne2000: fix possible ou...

qemu security update

12:2.9.0-17.el7 - i386: Remove generic SMT thread check Babu Moger Orabug: 28676425 - pc: Fix typo on PCCOMPAT212 Eduardo Habkost Orabug: 28676425 - i386: Enable TOPOEXT feature on AMD EPYC CPU Babu Moger Orabug: 28676425 - net: ignore packet size greater than INTMAX Jason Wang Orabug: 28762625...

Google gVisor File Renaming Vulnerability

gVisor is Google's open source new sandbox container runtime environment . A file renaming vulnerability exists in Google gVisor. The vulnerability stems from Google gVisor's seccomp sandbox allowing access to the renameat system call. An attacker could exploit this vulnerability to rename files ...