The libseccomp Project
Affected Cloud Foundry Products and Versions
- All versions prior to v11.0.0
- Bosh Process Manager (BPM)
- All versions prior to v1.1.1
- All versions prior to v1.19.5
cf-deployment has dependencies on Garden-runC and BPM. Garden-runC and BPM have a dependency on libseccomp.
libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations.
Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:
- Upgrade All versions to v11.0.0 or greater
- Upgrade All versions to v1.1.1 or greater
- Upgrade All versions to v1.19.5 or greater
2019-08-12: Initial vulnerability report published.