Very detailed exploit and writeup at URL. There's a patch available: https://github.com/netblue30/firejail/commit/27cde3d7d1e4e16d4190932347c7151dc2a84c50 Workarounds exist: Workarounds / Mitigations ========================= System administrators can mitigate this vulnerability via the Firejail configuration file in /etc/firejail/firejail.config. Either one of these options will prevent the attack from succeeding: - "force-nonewprivs yes" - "join no"
0.9.70 has the fix.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cc196a524bd19f0f9e5960c0fb4744347f0fd3af commit cc196a524bd19f0f9e5960c0fb4744347f0fd3af Author: Hank Leininger <hlein@korelogic.com> AuthorDate: 2022-06-09 22:01:22 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2022-06-15 05:47:49 +0000 sys-apps/firejail: bump to 0.9.70 for security fixes; cleanup Fix for CVE-2022-31214. Drop old version & un-tended-to live ebuild. Signed-off-by: Hank Leininger <hlein@korelogic.com> Bug: https://bugs.gentoo.org/850748 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Closes: https://github.com/gentoo/gentoo/pull/25840 Signed-off-by: Joonas Niilola <juippis@gentoo.org> sys-apps/firejail/Manifest | 1 + .../firejail/files/firejail-0.9.70-envlimits.patch | 12 +++ .../files/firejail-0.9.70-firecfg.config.patch | 82 ++++++++++++++++++ ...rejail-0.9.68.ebuild => firejail-0.9.70.ebuild} | 6 +- sys-apps/firejail/firejail-9999.ebuild | 99 ---------------------- sys-apps/firejail/metadata.xml | 1 - 6 files changed, 98 insertions(+), 103 deletions(-)
Thanks! Please stabilize when ready.
Please cleanup, thanks!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c4841bfc1121b88d8603a594046429ca4eaa6978 commit c4841bfc1121b88d8603a594046429ca4eaa6978 Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2022-07-15 12:10:04 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2022-07-15 12:10:30 +0000 sys-apps/firejail: drop 0.9.68-r1 Bug: https://bugs.gentoo.org/850748 Signed-off-by: Joonas Niilola <juippis@gentoo.org> sys-apps/firejail/Manifest | 1 - .../firejail/files/firejail-0.9.68-envlimits.patch | 12 --- .../files/firejail-0.9.68-firecfg.config.patch | 81 -------------- sys-apps/firejail/firejail-0.9.68-r1.ebuild | 118 --------------------- 4 files changed, 212 deletions(-)
Can this security bug be closed please? The fix has been in the tree for almost 6 months and the vulnerable version removed almost 5 months. If a GLSA is needed, please let me know if I can help.
I suspect we didn't change the whiteboard because we were waiting on firejail-lts removal. That's removed now.
GLSA request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=aae7358daf0c30f6977e45b822b7fa582382adbf commit aae7358daf0c30f6977e45b822b7fa582382adbf Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-05-03 10:04:37 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-03 10:05:29 +0000 [ GLSA 202305-19 ] Firejail: Local Privilege Escalation Bug: https://bugs.gentoo.org/850748 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202305-19.xml | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+)