Summary: | <sys-apps/firejail-0.9.70 sys-apps/firejail-lts: local privilege escalation via --join | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | hlein, o.popov, proxy-maint |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.openwall.com/lists/oss-security/2022/06/08/10 | ||
See Also: | https://github.com/gentoo/gentoo/pull/25840 | ||
Whiteboard: | B1 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 858158 | ||
Bug Blocks: |
Description
John Helmert III
2022-06-09 14:24:10 UTC
0.9.70 has the fix. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cc196a524bd19f0f9e5960c0fb4744347f0fd3af commit cc196a524bd19f0f9e5960c0fb4744347f0fd3af Author: Hank Leininger <hlein@korelogic.com> AuthorDate: 2022-06-09 22:01:22 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2022-06-15 05:47:49 +0000 sys-apps/firejail: bump to 0.9.70 for security fixes; cleanup Fix for CVE-2022-31214. Drop old version & un-tended-to live ebuild. Signed-off-by: Hank Leininger <hlein@korelogic.com> Bug: https://bugs.gentoo.org/850748 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Closes: https://github.com/gentoo/gentoo/pull/25840 Signed-off-by: Joonas Niilola <juippis@gentoo.org> sys-apps/firejail/Manifest | 1 + .../firejail/files/firejail-0.9.70-envlimits.patch | 12 +++ .../files/firejail-0.9.70-firecfg.config.patch | 82 ++++++++++++++++++ ...rejail-0.9.68.ebuild => firejail-0.9.70.ebuild} | 6 +- sys-apps/firejail/firejail-9999.ebuild | 99 ---------------------- sys-apps/firejail/metadata.xml | 1 - 6 files changed, 98 insertions(+), 103 deletions(-) Thanks! Please stabilize when ready. Please cleanup, thanks! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c4841bfc1121b88d8603a594046429ca4eaa6978 commit c4841bfc1121b88d8603a594046429ca4eaa6978 Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2022-07-15 12:10:04 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2022-07-15 12:10:30 +0000 sys-apps/firejail: drop 0.9.68-r1 Bug: https://bugs.gentoo.org/850748 Signed-off-by: Joonas Niilola <juippis@gentoo.org> sys-apps/firejail/Manifest | 1 - .../firejail/files/firejail-0.9.68-envlimits.patch | 12 --- .../files/firejail-0.9.68-firecfg.config.patch | 81 -------------- sys-apps/firejail/firejail-0.9.68-r1.ebuild | 118 --------------------- 4 files changed, 212 deletions(-) Can this security bug be closed please? The fix has been in the tree for almost 6 months and the vulnerable version removed almost 5 months. If a GLSA is needed, please let me know if I can help. I suspect we didn't change the whiteboard because we were waiting on firejail-lts removal. That's removed now. GLSA request filed The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=aae7358daf0c30f6977e45b822b7fa582382adbf commit aae7358daf0c30f6977e45b822b7fa582382adbf Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-05-03 10:04:37 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-03 10:05:29 +0000 [ GLSA 202305-19 ] Firejail: Local Privilege Escalation Bug: https://bugs.gentoo.org/850748 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202305-19.xml | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) |