A new release of bubblewrap is available:


Which fixes a local privilege escalation.  Specifically relevant to Project 
this applies only to CentOS7/RHEL7 systems which have
bubblewrap installed as privileged code.

Notably, we *do* install it by default as /usr/bin/bwrap in
CentOS Atomic Host Alpha, but not in the primary CentOS Atomic Host
release, where it exists solely as /usr/libexec/rpm-ostree/bwrap for
use by rpm-ostree's package layering, but is not installed as
privileged and hence is not a vulnerability vector.

Fedora, because it unconditionally enables `CLONE_NEWUSER`
access, is not vulnerable to this.

So, expect updates to land in:
 - EPEL7
 - CentOS AH Alpha


Reply via email to