A new release of bubblewrap is available:
Which fixes a local privilege escalation. Specifically relevant to Project
this applies only to CentOS7/RHEL7 systems which have
bubblewrap installed as privileged code.
Notably, we *do* install it by default as /usr/bin/bwrap in
CentOS Atomic Host Alpha, but not in the primary CentOS Atomic Host
release, where it exists solely as /usr/libexec/rpm-ostree/bwrap for
use by rpm-ostree's package layering, but is not installed as
privileged and hence is not a vulnerability vector.
Fedora, because it unconditionally enables `CLONE_NEWUSER`
access, is not vulnerable to this.
So, expect updates to land in:
- CentOS AH Alpha