Critical
The libseccomp Project
cf-deployment has dependencies on Garden-runC and BPM. Garden-runC and BPM have a dependency on libseccomp.
libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations.
Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:
2019-08-12: Initial vulnerability report published.