[Buildroot] [PATCH] package/libseccomp: security bump to version 2.4.0
Peter Korsgaard
peter at korsgaard.com
Sun Mar 24 08:01:24 UTC 2019
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> From the advisory:
> Jann Horn identified a problem in current versions of
> libseccomp where the library did not correctly generate 64-bit syscall
> argument comparisons using the arithmetic operators (LT, GT, LE, GE).
> Jann has done a search using codesearch.debian.net and it would appear
> that only systemd and Tor are using libseccomp in such a way as to
> trigger the bad code. In the case of systemd this appears to affect
> the socket address family and scheduling class filters. In the case
> of Tor it appears that the bad filters could impact the memory
> addresses passed to mprotect(2).
> The libseccomp v2.4.0 release fixes this problem, and should be a
> direct drop-in replacement for previous v2.x releases.
> https://www.openwall.com/lists/oss-security/2019/03/15/1
> v2.4.0 adds a new scmp_api_level utility, so update 0001-remove-static.patch
> to match.
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list