Firejail before 0.9.60 allows truncation (resizing to length 0) of the firejail binary on the host by running exploit code inside a firejail sandbox and having the sandbox terminated. To succeed, certain conditions need to be fulfilled: The jail (with the exploit code inside) needs to be started as root, and it also needs to be terminated as root from the host (either by stopping it ungracefully (e.g., SIGKILL), or by using the --shutdown control command). This is similar to CVE-2019-5736.
Gentoo Security Padawan
This "was fixed in 0.9.60, 0.9.56.2-LTS" .
Maintainer, do you intend to bump the LTS release?
yes the ebuild of the firejail LTS version was bumped to 0.9.56.2.
(In reply to Dennis Lamm from comment #2)
> Hi Aron,
> yes the ebuild of the firejail LTS version was bumped to 0.9.56.2.
> Best regards,
Ah, now I see there is a separate package for LTS.
Please call for stable when ready so we can proceed to remove the vulnerable ebuilds.
*** Bug 693774 has been marked as a duplicate of this bug. ***
*** Bug 693776 has been marked as a duplicate of this bug. ***
Maintainer(s), please cleanup.
Security, please vote.
The bug has been referenced in the following commit(s):
Author: Thomas Deutschmann <firstname.lastname@example.org>
AuthorDate: 2020-03-15 21:42:47 +0000
Commit: Thomas Deutschmann <email@example.com>
CommitDate: 2020-03-15 21:43:39 +0000
sys-apps/firejail-lts: amd64 stable
Package-Manager: Portage-2.3.94, Repoman-2.3.21
Signed-off-by: Thomas Deutschmann <firstname.lastname@example.org>
sys-apps/firejail-lts/firejail-lts-0.9.56.2-r1.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Repository is clean, all done!