21 matches found
CVE-2020-17367
Firejail through 0.9.62 does not honor the -- end-of-options indicator after the --output option, which may lead to command injection...
Mageia: Security Advisory (MGASA-2020-0328)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GLSA-202101-02 : Firejail: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202101-02 Firejail: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Firejail. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for...
Security fix for the ALT Linux 9 package mediawiki version 1.35.0-alt1
1.35.0-alt1 built Oct. 14, 2020 Vitaly Lipatov in task 259569 Oct. 9, 2020 Vitaly Lipatov - new version 1.35.0 LTS with rpmrb script - CVE-2020-25813, CVE-2020-25812, CVE-2020-25815 - CVE-2020-17367, CVE-2020-17368, CVE-2020-25814 - CVE-2020-25828, CVE-2020-25869, CVE-2020-25827...
MediaWiki Multiple Vulnerabilities (Sep 2020) - Linux
MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; ifdescripti...
MediaWiki Multiple Vulnerabilities (Sep 2020) - Windows
MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; ifdescripti...
Debian: Security Advisory (DSA-4767-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 31 : firejail (2020-80a6d7e7e0)
Rebase to version 0.9.62.4 ---- Rebase to version 0.9.62.2 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
Fedora 32 : firejail (2020-45fc8559d5)
Rebase to version 0.9.62.4 ---- Rebase to version 0.9.62.2 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
Debian DLA-2336-1 : firejail security update
Tim Starling discovered two vulnerabilities in firejail, a sandbox program to restrict the running environment of untrusted applications. CVE-2020-17367 It was reported that firejail does not respect the end-of-options separator '--', allowing an attacker with control over the command line option...
Debian: Security Advisory (DLA-2336-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2336-1] firejail security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2336-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz August 22, 2020 https://wiki.debian.org/LTS -...
Security fix for the ALT Linux 10 package firejail version 0.9.62.4-alt1
Aug. 19, 2020 Aleksei Nikiforov 0.9.62.4-alt1 - Updated to upstream version 0.9.62.4 Fixes: CVE-2020-17367, CVE-2020-17368...
openSUSE Security Update : firejail (openSUSE-2020-1208)
This update for firejail fixes the following issues : - CVE-2020-17367: The end-of-options separator -- was not handled correctly boo1174986. - CVE-2020-17368: An attacker who has control over the command line arguments could run arbitrary commands boo1174986. C Tenable Network Security, Inc. The...
openSUSE: Security Advisory for firejail (openSUSE-SU-2020:1208-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2020-17367
Firejail through 0.9.62 does not honor the -- end-of-options indicator after the --output option, which may lead to command injection...
CVE-2020-17367
Firejail vulnerable to command injection via CLI handling: CVE-2020-17367 occurs because the end-of-options indicator is not honored after --output, allowing manipulation of a sandboxed app’s command line; CVE-2020-17368 also exists, where output redirection via --output/--output-stderr concatena...
Debian DSA-4742-1 : firejail - security update
Tim Starling discovered two vulnerabilities in firejail, a sandbox program to restrict the running environment of untrusted applications. - CVE-2020-17367 It was reported that firejail does not respect the end-of-options separator '--', allowing an attacker with control over the command line...
Debian: Security Advisory (DSA-4742-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 4742-1] firejail security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4742-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 06, 2020 https://www.debian.org/security/faq -...