bubblewrap.c in Bubblewrap before 0.3.3 misuses temporary directories in /tmp as a mount point. In some particular configurations (related to XDG_RUNTIME_DIR) a local attacker may abuse this flaw to prevent other users from executing bubblewrap or potentially execute code.

...

Security update for webkit2gtk3 (important)

openSUSE Security Update: Security update for webkit2gtk3 Announcement ID: openSUSE-SU-2020:1064-1 Rating: important References: 1173998 Cross-References: CVE-2020-13753 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 Affected Products: openSUSE...

SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2020:1990-1)

This update for webkit2gtk3 fixes the following issues : Update to version 2.28.3 bsc1173998 : + Enable kinetic scrolling with async scrolling. + Fix web process hangs on large GitHub pages. + Bubblewrap sandbox should not attempt to bind empty paths. + Fix threading issues in the media player. +...

DEBIAN-CVE-2020-13753

The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONENEWUSER and the TIOCSTI ioctl. CLONENEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute comman...

Design/Logic Flaw

The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONENEWUSER and the TIOCSTI ioctl. CLONENEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute comman...

CVE-2020-13753

The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONENEWUSER and the TIOCSTI ioctl. CLONENEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute comman...

UBUNTU-CVE-2020-13753

The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONENEWUSER and the TIOCSTI ioctl. CLONENEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute comman...

GLSA-202006-18 : Bubblewrap: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-202006-18 Bubblewrap: Arbitrary code execution Bubblewrap misuses temporary directories in /tmp as a mount point. Impact : This flaw may allow possible execution of code or prevention of running Bubblewrap. Workaround : There is n...

Bubblewrap: Arbitrary code execution

Background Bubblewrap is an unprivileged sandboxing tool namespaces-powered chroot-like solution. Description Bubblewrap misuses temporary directories in /tmp as a mount point. Impact This flaw may allow possible execution of code or prevention of running Bubblewrap. Workaround There is no known...

flatpak bug fix and enhancement update

An update is available for bubblewrap. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 8...

Photon OS 3.0: Bubblewrap PHSA-2020-3.0-0078

An update of the bubblewrap package has been released. C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-3.0-0078. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid135780;...

Fedora: Security Advisory for bubblewrap (FEDORA-2020-a4206f14f1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 31 : bubblewrap (2020-a4206f14f1)

Update to 0.4.1 This release fixes a privilege escalation bug pointed out by Stephen Rttger, where in some setups bubblewrap can be used to gain root permissions. Only version 0.4.0 is vulnerable, and only if installed setuid while at the same time the kernel supports unprivileged user namespaces...

[SECURITY] Fedora 31 Update: bubblewrap-0.4.1-1.fc31

Bubblewrap /usr/bin/bwrap is a core execution engine for unprivileged containers that works as a setuid binary on kernels without user namespaces...

CVE-2020-5291

Bubblewrap bwrap before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the bwrap --userns2 option can be used to make the setuid process keep running as root while being traceable. This can in turn be used to gain root permissions. Note that...

Important Photon OS Security Update - PHSA-2020-0078

Updates of 'bubblewrap', 'python3', 'python2', 'haproxy', 'yarn', 'ansible', 'libtiff', 'libvirt' packages of Photon OS have been released...

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0227

An update of 'libtiff', 'python2', 'bubblewrap', 'postgresql', 'yarn', 'libgcrypt', 'haproxy' packages of Photon OS has been released...

Important Photon OS Security Update - PHSA-2020-0227

Updates of 'haproxy', 'yarn', 'libgcrypt', 'python2', 'libtiff', 'postgresql', 'bubblewrap' packages of Photon OS have been released...

Fedora: Security Advisory for bubblewrap (FEDORA-2020-8bef0cd310)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 32 Update: bubblewrap-0.4.1-1.fc32

Bubblewrap /usr/bin/bwrap is a core execution engine for unprivileged containers that works as a setuid binary on kernels without user namespaces...