Vulnerability CVE-2017-5206: Information
Description
Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, allows context-dependent attackers to bypass a seccomp-based sandbox protection mechanism via the --allow-debuggers argument.
Severity: CRITICAL (9.0) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
firejail | sisyphus | 0.9.44.4-alt1 | 0.9.72-alt1 | ALT-PU-2017-1009-1 | 175903 | Fixed |
firejail | p10 | 0.9.44.4-alt1 | 0.9.72-alt1 | ALT-PU-2017-1009-1 | 175903 | Fixed |
firejail | p9 | 0.9.44.4-alt1 | 0.9.64-alt1 | ALT-PU-2017-1009-1 | 175903 | Fixed |
firejail | p8 | 0.9.44.4-alt0.M80P.1 | 0.9.50-alt1.M80P.1 | ALT-PU-2017-1010-1 | 175904 | Fixed |
firejail | c10f1 | 0.9.44.4-alt1 | 0.9.72-alt1 | ALT-PU-2017-1009-1 | 175903 | Fixed |
firejail | c9f2 | 0.9.44.4-alt1 | 0.9.62.4-alt1 | ALT-PU-2017-1009-1 | 175903 | Fixed |
firejail | p11 | 0.9.44.4-alt1 | 0.9.72-alt1 | ALT-PU-2017-1009-1 | 175903 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
GLSA-201701-62 |
|
https://github.com/netblue30/firejail/commit/6b8dba29d73257311564ee7f27b9b14758cc693e |
|
https://firejail.wordpress.com/download-2/release-notes/ |
|
https://blog.lizzie.io/linux-containers-in-500-loc.html#fn.51 |
|
[oss-security] 20170107 Re: Firejail local root exploit |
|
97120 |
|