CVE-2017-5206

Firejail before 0.9.44.4 on Linux kernels before 4.8 permits bypassing the seccomp sandbox via the --allow-debuggers option, enabling context-dependent bypass of sandbox protections. Affected: Firejail prior to 0.9.44.4; impacted kernel

CVE-2017-5206

Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, allows context-dependent attackers to bypass a seccomp-based sandbox protection mechanism via the --allow-debuggers argument...

CVE-2017-5206

Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, allows context-dependent attackers to bypass a seccomp-based sandbox protection mechanism via the --allow-debuggers argument...

openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2017:0690-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2017-5426

On Linux, if the secure computing mode BPF seccomp-bpf filter is running when the Gecko Media Plugin sandbox is started, the sandbox fails to be applied and items that would run within the sandbox are run protected only by the running filter which is typically weak compared to the sandbox. Note:...

Firejail: Multiple vulnerabilities

Background A SUID program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf. Description Multiple vulnerabilities have been discovered in Firejail. Please review the CVE identifiers referenced below f...

Fedora 25 : 1:runc (2017-0200646669)

Resolves: 1412238 - CVE-2016-9962 - set init processes as non-dumpable, ---- patch to enable seccomp ---- bump to 1.0.0 rc2 ---- Resolves: 1342707 - bump to v1.0.0-rc1 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website...

Firejail '/etc/resolv.conf' Remote Security Bypass Vulnerability

Firejail is a suite of SUID programs written in C that reduces the risk of security vulnerabilities by restricting the operating environment of untrusted applications using Linuxnamespaces and seccomp-bpf, a sandboxing mechanism. A remote security bypass vulnerability exists in Firejail. An...

Firejail Remote Elevation of Privilege Vulnerability

Firejail is a suite of SUID programs written in C that reduces the risk of security vulnerabilities by restricting the runtime environment of untrusted applications using the Linux namespace and seccomp-bpf. A security vulnerability exists in Firejail that allows a remote attacker to exploit the...

Google Details Linux Kernel Defenses, New and Old

Developers with Android’s Security Team peeled back some of the layers on the mobile operating system this week; describing the lengths Google goes to protect the Linux kernel. In a post to Google’s Security Blog, Jeff Vander Stoep clarified several mitigations slated for inclusion in Nougat, the...

Fedora 23 : 2:docker (2016-6a0d540088)

built docker @projectatomic/fedora-1.10.3 commit f476348 ---- built docker @projectatomic/fedora-1.10.3 commit f476348 ---- built docker @projectatomic/fedora-1.10.3 commit 4158ccc ---- Resolves: 1335649 - enable Red Hat subscription use in Docker containers on Fedora ---- built docker...

The vulnerability of the Linux operating system’s kernel, which allows a hacker to circumvent existing access restrictions

The vulnerability of the securecomputing function in the seccomp subsystem of the Linux operating system’s kernel lies in the fact that when the CONFIGSECCOMP option is enabled, errors occur during the processing of 32-bit processes spawned by 64-bit calls, or 64-bit processes spawned by 32-bit...

The vulnerability of Google Chrome’s browser allows a malicious actor to circumvent sandboxing restrictions.

Google Chrome browser contains a vulnerability related to incorrect block merging in the PointerCompare function of codegen.cc within Seccomp-BPF. Exploiting this vulnerability allows malicious actors to bypass sandbox restrictions by accessing the render process...

PT-2016-3292 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Android kernel versions prior to 4.8 Description: The issue is related to the seccomp implementation in the Linux kernel, specifically with access control errors. This could allow an attacker to escalate privileges and execute arbitrary code...

Fedora 23 : pax-utils-1.1.4-1.fc23 (2015-73cdd43bc0)

Changes since 1.0.5: security: whitelist the getcwd syscall security: fix build on systems w/out sisyscall security: whitelist the futex syscall security: whitelist dup syscalls security: do not warn when seccomp is disabled in the kernel security: whitelist fakeroot syscalls security: add a debu...

Fedora 22 : pax-utils-1.1.4-1.fc22 (2015-6565f29415)

Changes since 1.0.5: security: whitelist the getcwd syscall security: fix build on systems w/out sisyscall security: whitelist the futex syscall security: whitelist dup syscalls security: do not warn when seccomp is disabled in the kernel security: whitelist fakeroot syscalls security: add a debu...

Linux x86_64 NMI Privilege Escalation Due to Nested NMIs Interrupting espfix64

Exploit for linux platform in category local exploits / +++++ CVE-2015-3290 +++++ High impact NMI bug on x8664 systems 3.13 and newer, embargoed. Also fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b6e6a8334d56354853f9c255d1395c2ba570e0a The other fix...

Linux Kernel - espfix64 Nested NMIs Interrupting Privilege Escalation

Linux Kernel - espfix64 Nested NMIs Interrupting Privilege Escalation / +++++ CVE-2015-3290 +++++ High impact NMI bug on x8664 systems 3.13 and newer, embargoed. Also fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b6e6a8334d56354853f9c255d1395c2ba570e0a The...

DEBIAN-CVE-2015-2830

arch/x86/kernel/entry64.S in the Linux kernel before 3.19.2 does not prevent the TSCOMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the 1 fork or 2 close system call, as demonstrated b...

CVE-2015-2830

arch/x86/kernel/entry64.S in the Linux kernel before 3.19.2 does not prevent the TSCOMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the 1 fork or 2 close system call, as demonstrated b...