Summary: | <sys-apps/firejail{-0.9.44.8,-lts-0.9.38.10}: Local root exploit (CVE-2017-5940) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Francis Booth <boothf> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | aidecoe |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://firejail.wordpress.com/download-2/release-notes/ | ||
Whiteboard: | B1 [glsa cve] | ||
Package list: |
=sys-apps/firejail-lts-0.9.38.10
=sys-apps/firejail-0.9.44.8
|
Runtime testing required: | --- |
Description
Francis Booth
2017-01-27 09:04:50 UTC
sys-apps/firejail-lts-0.9.38.10 sys-apps/firejail-0.9.44.8 - pushed into repository. @ Arches, please test and mark stable: =sys-apps/firejail-lts-0.9.38.10 amd64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. Upstream has now confirmed that the previous fix was incomplete (an attacker just needed to rename a file...) and confirmed issue for both versions. @ Arches, please test and mark stable: =sys-apps/firejail-0.9.44.8 sys-apps/firejail-lts-0.9.38.8 - removed amd64 stable. Maintainer(s), please cleanup. New GLSA request filed. @ Maintainer(s): Please cleanup and drop <sys-apps/firejail-0.9.44.8! sys-apps/firejail-0.9.44.4 has been removed. CVE-2017-5940 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5940): firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-5180. This issue was resolved and addressed in GLSA 201702-03 at https://security.gentoo.org/glsa/201702-03 by GLSA coordinator Thomas Deutschmann (whissi). |