What Are You Looking For?

Sign Up
MGASA-2020-0328 - Updated firejail packages fix security vulnerability

Publication date: 18 Aug 2020
URL: https://advisories.mageia.org/MGASA-2020-0328.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2020-17367,
     CVE-2020-17368

It was reported that firejail does not respect the end-of-options separator
("--"), allowing an attacker with control over the command line options of the
sandboxed application, to write data to a specified file (CVE-2020-17367).

It was reported that firejail when redirecting output via --output or
--output-stderr, concatenates all command line arguments into a single string
that is passed to a shell. An attacker who has control over the command line
arguments of the sandboxed application could take advantage of this flaw to run
arbitrary commands (CVE-2020-17368).

References:
- https://bugs.mageia.org/show_bug.cgi?id=27059
- https://www.debian.org/security/2020/dsa-4742
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368

SRPMS:
- 7/core/firejail-0.9.56-2.2.mga7

Mageia 2020-0328: firejail security update

It was reported that firejail does not respect the end-of-options separator ("--"), allowing an attacker with control over the command line options of the sandboxed application, to...

Summary

It was reported that firejail does not respect the end-of-options separator ("--"), allowing an attacker with control over the command line options of the sandboxed application, to write data to a specified file (CVE-2020-17367).
It was reported that firejail when redirecting output via --output or --output-stderr, concatenates all command line arguments into a single string that is passed to a shell. An attacker who has control over the command line arguments of the sandboxed application could take advantage of this flaw to run arbitrary commands (CVE-2020-17368).

References

- https://bugs.mageia.org/show_bug.cgi?id=27059

- https://www.debian.org/security/2020/dsa-4742

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368

Resolution

MGASA-2020-0328 - Updated firejail packages fix security vulnerability

SRPMS

- 7/core/firejail-0.9.56-2.2.mga7

Severity
Publication date: 18 Aug 2020
URL: https://advisories.mageia.org/MGASA-2020-0328.html
Type: security
CVE: CVE-2020-17367, CVE-2020-17368

Related News

India Bans Open Source Messaging Apps for Security Reasons. FOSS Community Says Good Luck

May 12, 2023

New Patches Aim To Tackle Linux x86_64 PIE Support

May 10, 2023

Chinese Hackers Using KEYPLUG Backdoor to Attack Windows & Linux Systems

Apr 2, 2023

Critical RCE Vulnerability Discovered in ClamAV Open Source Antivirus Software

Feb 20, 2023

News

Advisories

HOWTOs

Features

Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap
CISA Issues Urgent Warning Over Active Exploitation of Looney Tunables glibc Bug

About Us

Powered By

Footer Logo