|
|
Subscribe / Log in / New account

Debian alert DLA-3061-1 (firejail)



From:
              Sylvain Beucler <beuc@beuc.net>


To:
              debian-lts-announce@lists.debian.org


Subject:
              [SECURITY] [DLA 3061-1] firejail security update


Date:
              Wed, 29 Jun 2022 22:19:32 +0200


Message-ID:
              <20220629201932.GA28734@mail.beuc.net>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3061-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Sylvain Beucler
June 29, 2022                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : firejail
Version        : 0.9.58.2-2+deb9u1
CVE ID         : CVE-2022-31214
Debian Bug     : 1012510

Matthias Gerstner discovered that the --join option of Firejail, a
sandbox to restrict an application environment, was susceptible to
local privilege escalation to root.

For Debian 9 stretch, this problem has been fixed in version
0.9.58.2-2+deb9u1.

We recommend that you upgrade your firejail packages.

For the detailed security status of firejail please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/firejail

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmK8sx4ACgkQDTl9HeUl
XjDpkQ//bs8RA/e+kwQdvk3FafPY4k0OR1w8grQ6ZFCJplkz9/MIHW/uZ0NQJC8p
aJa/fucOu2g0SaT8hmVZglc6NEu8+w1crzYatfmwNKxR/vpcGWCtEHBgCFcXUfwe
oFBy9wxOxfskNi5FLnGEI4H+/I2vcz+0rWcDYIZkkoX4fSsVmAO4Hi+n6fTOA4Ff
w8b0qZLKV6HqTIaDbkIpynU9vRJFwOvEElMSPeTPy9Yar0erRH5k/xfO+cUAf0LC
MiWugYflKfaDSvlA8Xtp4AdNblTrM5QCchpHtQn5PcKdkLw3gpkI1wTb0yDldCF6
WxVXv/at1eCJEVZyT4iZAKIK0Up0ALy86DcHNpHVz/OjxaeGx/zApR2JFDmmuMrN
gY4iqhIDD8dy8yKwuhsOTiRAZ9DHnTARvRZxtP4xUQ6mzziLv4t2QaZpsLsPflmR
U6/oyUTfMrlwmkqHdrOOpkj3BIKGMJBboICmaWj2UjX0IXC+rPfnrDC0TWyCDZ6g
NjWaTEvYQv92pMAx+O/YZBWHBrNlvwsvka0cPshqKS6T1WXu56HS0RiCmatL10qx
uEAXhwomz0fDtUmzac/5TdxPC5L/DQje1rqXG7eGhtkki23W4kbRozXAwpep0vBg
6s4ey5NlKe5ytlPGbWh5vC8GpBPV+ECg37upQgpudLURSx9Wucc=
=INlG
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds