Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 687612 (CVE-2019-12589)

Summary: <sys-apps/firejail-0.9.60-r1: unauthorized disclosure of information (CVE-2019-12589)
Product: Gentoo Security Reporter: D'juan McDonald (domhnall) <flopwiki>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: minor CC: expeditioneer, maintainer-needed
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B4 [noglsa cve]
Package list:
Runtime testing required: ---
Bug Depends on: 687108    
Bug Blocks: 678976    

Description D'juan McDonald (domhnall) 2019-06-08 01:44:02 UTC

In Firejail before 0.9.60, seccomp filters are writable inside the jail, leading to a lack of intended seccomp restrictions for a process that is joined to the jail after a filter has been modified by an attacker.

Upstream Reference:

Upstream Patch:

Gentoo Security Padawan
Comment 1 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2019-08-11 18:45:45 UTC
This "was fixed in 0.9.60," [1].


Maintainer, do you intend to bump the LTS release?
Comment 2 Dennis Lamm gentoo-dev 2019-08-12 04:53:59 UTC
Hi Aaron,

yes the ebuild of the firejail LTS version was bumped to

Best regards,
Comment 3 Thomas Deutschmann gentoo-dev Security 2020-03-15 21:46:28 UTC
Repository is clean, all done!