Public bug reported:
firejail 0.9.38 is affected by the following CVEs:
- CVE-2016-9016: sandbox escape
- CVE-2016-10118: overwrite /etc/resolv.conf
- CVE-2017-5180: local root exploit
Please apply the attached debdiff.
firejail 0.9.40 is also affected by those (and perhaps other) CVEs. It still
needs to be checked by which ones exactly.
I will file a separate bug for it.
** Affects: firejail (Ubuntu)
Importance: High
Status: Fix Released
** Affects: firejail (Ubuntu Xenial)
Importance: High
Assignee: Reiner Herrmann (deki)
Status: In Progress
** Affects: firejail (Ubuntu Zesty)
Importance: High
Status: Fix Released
** Patch added: "firejail.diff"
https://bugs.launchpad.net/bugs/1655136/+attachment/4802095/+files/firejail.diff
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-5180
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-9016
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-10118
** Description changed:
- firejail 0.9.38 is affected by CVE-2016-9016, CVE-2016-10118,
- CVE-2017-5180.
+ firejail 0.9.38 is affected by the following CVEs:
+ - CVE-2016-9016: sandbox escape
+ - CVE-2016-10118: overwrite /etc/resolv.conf
+ - CVE-2017-5180: local root exploit
Please apply the attached debdiff.
+
+ firejail 0.9.40 is also affected by those (and perhaps other) CVEs. It still
needs to be checked by which ones exactly.
+ I will file a separate bug for it.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1655136
Title:
Multiple CVEs in xenial
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firejail/+bug/1655136/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
