Security
Security
A vulnerability has been discovered in Firejail which could result in local root privilege escalation.
| Package | sys-apps/firejail on all architectures |
|---|---|
| Affected versions | < 0.9.70 |
| Unaffected versions | >= 0.9.70 |
| Package | sys-apps/firejail-lts on all architectures |
|---|---|
| Affected versions | <= 0.9.56.2-r1 |
| Unaffected versions |
A SUID program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf.
Firejail does not sufficiently validate the user's environment prior to using it as the root user when using the --join command line option.
An unprivileged user can exploit this vulnerability to achieve local root privileges.
System administrators can mitigate this vulnerability via adding either "force-nonewprivs yes" or "join no" to the Firejail configuration file in /etc/firejail/firejail.config.
Gentoo has discontinued support for sys-apps/firejail-lts. Users should unmerge it in favor of sys-apps/firejail:
# emerge --ask --depclean --verbose "sys-apps/firejail-lts" # emerge --ask --verbose "sys-apps/firejail"
All Firejail users should upgrade to the latest version:
# emerge --ask --oneshot --verbose ">=sys-apps/firejail-0.9.70"
Release date
May 03, 2023
Latest revision
May 03, 2023: 1
Severity
normal
Exploitable
remote
Bugzilla entries