1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4742-1] firejail security update

    From Salvatore Bonaccorso@21:1/5 to All on Thu Aug 6 22:20:01 2020
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4742-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso August 06, 2020 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : firejail
    CVE ID : CVE-2020-17367 CVE-2020-17368

    Tim Starling discovered two vulnerabilities in firejail, a sandbox
    program to restrict the running environment of untrusted applications.

    CVE-2020-17367

    It was reported that firejail does not respect the end-of-options
    separator ("--"), allowing an attacker with control over the command
    line options of the sandboxed application, to write data to a
    specified file.

    CVE-2020-17368

    It was reported that firejail when redirecting output via --output
    or --output-stderr, concatenates all command line arguments into a
    single string that is passed to a shell. An attacker who has control
    over the command line arguments of the sandboxed application could
    take advantage of this flaw to run run arbitrary other commands.

    For the stable distribution (buster), these problems have been fixed in
    version 0.9.58.2-2+deb10u1.

    We recommend that you upgrade your firejail packages.

    For the detailed security status of firejail please refer to its
    security tracker page at:
    https://security-tracker.debian.org/tracker/firejail

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl8sY19fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RXmw/9E7CearpH0WJG6WvG/3sEeqihfwE5WNveNKj9JV3/FnqAR30zXLW0AkUa fhMXVpc0Ppec8MUW/NI5J3420jgigc+aV26IlgOZkBoPITRLi8soJsNGqfORwR7S XpN6vhFK6iDUP6UpIkAzgUY3uLxx8nCMQ8F4eeJUBpg5Q6/8B6PPQ8J7H2/I+lP3 W4hzug366Au9HRtT9gfM5Wgy9nZ9xqWYoSwEQDxmcb93XA2jHEOTxzRkCRb9oGet bhJDzE5zia2UW3IQ4o+tBNnjK/KDkGMqUIDPK6QqbsqCETdo9TrWU/CFDs4l8D5z QjEDsfcgwjZQyLiETS5mmR3e3q/tINVP/8yBd0t+amKUw7fQ0jWiTmMNrfMbhXh0 F4kiu9kulou6jMLo7Becy8WpmOWa6CHbBO/9BOiKAWwvSQBN+cJ8OuPyWLPMuMzG Bt8ZieMlIJdciSvEZYmnPy8p+gPMcfS7BGJWFLIoRmNTsRU/fh1pFgxpwuLNPtw5 DHlzq1rW/i2RW5MfKxxpHysHMCyTTi0jiMhdTSgADYyceYdajSrBY7xG3LRhuBPC 4hvcaNFuapmZfAmyyOCDtQ17YoJlE7C1b/IhnjockRuMFdKFY6pCS2gkgtaMTopD 45DbxE1tCe7KuMDISiwthjtNhJplLnaWo1RVAM0L9vnwHkz8bhw=
    =Vfaq
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)