** Description changed: firejail 0.9.38 is affected by the following CVEs: - CVE-2016-9016: sandbox escape - CVE-2016-10118: overwrite /etc/resolv.conf - CVE-2017-5180: local root exploit Please apply the attached debdiff. - firejail 0.9.40 is also affected by those (and perhaps other) CVEs. It still needs to be checked by which ones exactly. - I will file a separate bug for it. + firejail 0.9.40 is also affected by those (and perhaps other) CVEs. + But fixing that looks like a bit more effort (patches don't apply cleanly), and there were several related upstream commits that attempted to fix them.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1655136 Title: Multiple CVEs in xenial To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firejail/+bug/1655136/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
