Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2019-9893

libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations.

Related bugs and status

CVE-2019-9893 (Candidate) is related to these bugs:

Bug #1849785: FTBFS on i386/ppc64/s390x (Eoan+Focal)

		In	Importance	Status
1849785	FTBFS on i386/ppc64/s390x (Eoan+Focal)	libseccomp (Ubuntu)	Medium	Fix Released
1849785	FTBFS on i386/ppc64/s390x (Eoan+Focal)	libseccomp (Ubuntu Eoan)	Medium	Won't Fix
1849785	FTBFS on i386/ppc64/s390x (Eoan+Focal)	libseccomp	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

GENTOO: GLSA-201904-18
MISC: https://github.com/sec...
MISC: https://seclists.org/o...
UBUNTU: USN-4001-1
UBUNTU: USN-4001-2
SUSE: openSUSE-SU-2019:2280
SUSE: openSUSE-SU-2019:2283
REDHAT: RHSA-2019:3624