Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-4742-1:0DC22
HistoryAug 06, 2020 - 8:16 p.m.

[SECURITY] [DSA 4742-1] firejail security update

2020-08-0620:16:40
lists.debian.org
13

0.014 Low

EPSS

Percentile

86.3%

JSON

Debian Security Advisory DSA-4742-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
August 06, 2020 https://www.debian.org/security/faq

Package : firejail
CVE ID : CVE-2020-17367 CVE-2020-17368

Tim Starling discovered two vulnerabilities in firejail, a sandbox
program to restrict the running environment of untrusted applications.

CVE-2020-17367

It was reported that firejail does not respect the end-of-options
separator ("--"), allowing an attacker with control over the command
line options of the sandboxed application, to write data to a
specified file.

CVE-2020-17368

It was reported that firejail when redirecting output via --output
or --output-stderr, concatenates all command line arguments into a
single string that is passed to a shell. An attacker who has control
over the command line arguments of the sandboxed application could
take advantage of this flaw to run run arbitrary other commands.

For the stable distribution (buster), these problems have been fixed in
version 0.9.58.2-2+deb10u1.

We recommend that you upgrade your firejail packages.

For the detailed security status of firejail please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/firejail

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian9arm64firejail< 0.9.44.8-2+deb9u1firejail_0.9.44.8-2+deb9u1_arm64.deb
Debian10mips64elfirejail-dbgsym< 0.9.58.2-2+deb10u1firejail-dbgsym_0.9.58.2-2+deb10u1_mips64el.deb
Debian10arm64firejail< 0.9.58.2-2+deb10u1firejail_0.9.58.2-2+deb10u1_arm64.deb
Debian9amd64firejail< 0.9.44.8-2+deb9u1firejail_0.9.44.8-2+deb9u1_amd64.deb
Debian10amd64firejail< 0.9.58.2-2+deb10u1firejail_0.9.58.2-2+deb10u1_amd64.deb
Debian9armhffirejail< 0.9.44.8-2+deb9u1firejail_0.9.44.8-2+deb9u1_armhf.deb
Debian10armhffirejail-dbgsym< 0.9.58.2-2+deb10u1firejail-dbgsym_0.9.58.2-2+deb10u1_armhf.deb
Debian10mipselfirejail-dbgsym< 0.9.58.2-2+deb10u1firejail-dbgsym_0.9.58.2-2+deb10u1_mipsel.deb
Debian10allfirejail< 0.9.58.2-2+deb10u1firejail_0.9.58.2-2+deb10u1_all.deb
Debian10allmediawiki< 1.31.10-1~deb10u1mediawiki_1.31.10-1~deb10u1_all.deb
Rows per page:
1-10 of 311

Related

fedora 2
altlinux 2
openvas 10
nessus 7
debian 2
suse 2
gentoo 1
mageia 1
osv 5
nvd 2
debiancve 2
veracode 2
cvelist 2
ubuntucve 2
redhatcve 1
prion 2
cve 2
fedora
fedora
[SECURITY] Fedora 32 Update: firejail-0.9.62.4-1.fc32
2020-08-26 14:52:58
[SECURITY] Fedora 31 Update: firejail-0.9.62.4-1.fc31
2020-08-26 14:41:27
altlinux
altlinux
Security fix for the ALT Linux 10 package firejail version 0.9.62.4-alt1
2020-08-19 00:00:00
Security fix for the ALT Linux 9 package mediawiki version 1.35.0-alt1
2020-10-14 00:00:00
openvas
openvas
openSUSE: Security Advisory for firejail (openSUSE-SU-2020:1208-1)
2020-08-15 00:00:00
Debian: Security Advisory (DSA-4742-1)
2020-08-07 00:00:00
Fedora: Security Advisory for firejail (FEDORA-2020-45fc8559d5)
2020-09-02 00:00:00
nessus
nessus
Fedora 32 : firejail (2020-45fc8559d5)
2020-08-27 00:00:00
Fedora 31 : firejail (2020-80a6d7e7e0)
2020-08-27 00:00:00
GLSA-202101-02 : Firejail: Multiple vulnerabilities
2021-01-11 00:00:00
debian
debian
[SECURITY] [DSA 4742-1] firejail security update
2020-08-06 20:16:40
[SECURITY] [DLA 2336-1] firejail security update
2020-08-22 14:37:52
suse
suse
Security update for firejail (moderate)
2020-08-14 00:00:00
Security update for firejail (important)
2021-02-10 00:00:00
gentoo
gentoo
Firejail: Multiple vulnerabilities
2021-01-10 00:00:00
mageia
mageia
Updated firejail packages fix security vulnerability
2020-08-18 20:41:27
osv
osv
firejail - security update
2020-08-06 00:00:00
firejail - security update
2020-08-22 00:00:00
CVE-2020-17367
2020-08-11 16:15:12
nvd
nvd
CVE-2020-17368
2020-08-11 16:15:12
CVE-2020-17367
2020-08-11 16:15:12
debiancve
debiancve
CVE-2020-17367
2020-08-11 16:15:12
CVE-2020-17368
2020-08-11 16:15:12
veracode
veracode
Command Injection
2020-12-06 03:20:25
Command Injection
2020-12-06 03:20:20
cvelist
cvelist
CVE-2020-17368
2020-08-11 15:59:48
CVE-2020-17367
2020-08-11 15:58:50
ubuntucve
ubuntucve
CVE-2020-17367
2020-08-11 00:00:00
CVE-2020-17368
2020-08-11 00:00:00
redhatcve
redhatcve
CVE-2020-17367
2022-05-20 23:37:44
prion
prion
Command injection
2020-08-11 16:15:00
Command injection
2020-08-11 16:15:00
cve
cve
CVE-2020-17367
2020-08-11 16:15:12
CVE-2020-17368
2020-08-11 16:15:12

0.014 Low

EPSS

Percentile

86.3%

JSON
Related for DEBIAN:DSA-4742-1:0DC22
fedora2altlinux2openvas10nessus7debian2suse2gentoo1mageia1osv5nvd2debiancve2veracode2cvelist2ubuntucve2redhatcve1prion2cve2