oss-sec mailing list archives
Re: Re: Firejail local root exploit
From: Thomas Deutschmann <whissi () gentoo org>
Date: Tue, 31 Jan 2017 19:21:58 +0100
On 2017-01-29 14:14, Ion Ionescu wrote:
The first fix for CVE-2017-5180 in Firejail version 0.9.44.4 and 0.9.38.8 (LTS) was incomplete. Changing .Xauthority to .bashrc in the exploit code, the problem is still there - credit Sebastian Krahmer. New releases are out: 0.9.44.8 and 0.9.38.10 (LTS). Please assign a new CVE.
Associated commits which already appeared in v0.9.44.6: https://github.com/netblue30/firejail/commit/38d418505e9ee2d326557e5639e8da49c298858f https://github.com/netblue30/firejail/commit/b8a4ff9775318ca5e679183884a6a63f3da8f863 Backport for v0.9.38.10: https://github.com/netblue30/firejail/commit/903fd8a0789ca3cc3c21d84cd0282481515592ef -- Regards, Thomas Deutschmann / Gentoo Security Team C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Re: Re: Firejail local root exploit, (continued)
- Re: Re: Firejail local root exploit Brad Spengler (Jan 08)
- Re: Re: Firejail local root exploit Martin Carpenter (Jan 08)
- Re: Re: Firejail local root exploit Lizzie Dixon (Jan 06)
- Re: Firejail local root exploit cve-assign (Jan 07)
- Re: Re: Firejail local root exploit Martin Carpenter (Jan 07)
- Re: Firejail local root exploit cve-assign (Jan 07)
- Re: Firejail local root exploit cve-assign (Jan 06)
- Re: Re: Firejail local root exploit Thomas Deutschmann (Jan 31)