[Buildroot] [PATCH] package/libseccomp: security bump to version 2.4.0

Peter Korsgaard peter at korsgaard.com
Sun Mar 24 08:01:24 UTC 2019


>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > From the advisory:
 > Jann Horn  identified a problem in current versions of
 > libseccomp where the library did not correctly generate 64-bit syscall
 > argument comparisons using the arithmetic operators (LT, GT, LE, GE).
 > Jann has done a search using codesearch.debian.net and it would appear
 > that only systemd and Tor are using libseccomp in such a way as to
 > trigger the bad code.  In the case of systemd this appears to affect
 > the socket address family and scheduling class filters.  In the case
 > of Tor it appears that the bad filters could impact the memory
 > addresses passed to mprotect(2).

 > The libseccomp v2.4.0 release fixes this problem, and should be a
 > direct drop-in replacement for previous v2.x releases.

 > https://www.openwall.com/lists/oss-security/2019/03/15/1

 > v2.4.0 adds a new scmp_api_level utility, so update 0001-remove-static.patch
 > to match.

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Committed, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list