[Git][security-tracker-team/security-tracker][master] 2 commits: Add new firejail issue
Salvatore Bonaccorso
carnil at debian.org
Mon Feb 8 16:08:49 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d8771544 by Salvatore Bonaccorso at 2021-02-08T17:03:23+01:00
Add new firejail issue
- - - - -
d4f99c40 by Salvatore Bonaccorso at 2021-02-08T17:04:51+01:00
Add references for firejail issue
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2021-XXXX [root privilege escalation in OverlayFS code]
+ - firejail <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/08/5
+ NOTE: Fix (disabled overlayfs): https://github.com/netblue30/firejail/commit/97d8a03cad19501f017587cc4e47d8418273834b
+ NOTE: https://unparalleled.eu/publications/2021/advisory-unpar-2021-0.txt
+ NOTE: https://unparalleled.eu/blog/2021/20210208-rigged-race-against-firejail-for-local-root/
CVE-2019-XXXX [zstd adds read permissions to files while being compressed or uncompressed]
- libzstd 1.4.8+dfsg-1 (bug #981404)
NOTE: https://github.com/facebook/zstd/issues/1630
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/dde1d4bd46e91ad56851d35b9c17b1f285774352...d4f99c4078bae6c702f9f1335b61de6573f94adf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/dde1d4bd46e91ad56851d35b9c17b1f285774352...d4f99c4078bae6c702f9f1335b61de6573f94adf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210208/216352cd/attachment.html>
More information about the debian-security-tracker-commits
mailing list