README.md update

author: netblue30 <netblue30@protonmail.com> 2022-06-12 11:19:18 -0400
committer: netblue30 <netblue30@protonmail.com> 2022-06-12 11:19:18 -0400
commit: 1f9dd92f6f0aa50522e624d1f4c70e068649e6df (patch)
tree: 2f43db4644208ea86a5fd36c4bb93f9524facc71 /README.md
parent: 0.9.71 (diff)
download: firejail-1f9dd92f6f0aa50522e624d1f4c70e068649e6df.tar.gz
firejail-1f9dd92f6f0aa50522e624d1f4c70e068649e6df.tar.zst
firejail-1f9dd92f6f0aa50522e624d1f4c70e068649e6df.zip
1 files changed, 0 insertions, 31 deletions
diff --git a/README.md b/README.md
index 1ceb6e70c..a6c69c336 100644
--- a/README.md
+++ b/README.md
@@ -63,35 +63,6 @@ Backup Video Channel: https://www.bitchute.com/profile/JSBsA1aoQVfW/
 We take security bugs very seriously. If you believe you have found one, please report it by emailing us at netblue30@protonmail.com
-`````
-Security Advisory - Feb 8, 2021
-Summary: A vulnerability resulting in root privilege escalation was discovered in
-Firejail's OverlayFS code,
-Versions affected: Firejail software versions starting with 0.9.30.
-Long Term Support (LTS) Firejail branch is not affected by this bug.
-Workaround: Disable overlayfs feature at runtime.
-In a text editor open /etc/firejail/firejail.config file, and set "overlayfs" entry to "no".
-      $ grep overlayfs /etc/firejail/firejail.config
-      # Enable or disable overlayfs features, default enabled.
-      overlayfs no
-Fix: The bug is fixed in Firejail version 0.9.64.4
-GitHub commit: (file configure.ac)
-https://github.com/netblue30/firejail/commit/97d8a03cad19501f017587cc4e47d8418273834b
-Credit:  Security researcher Roman Fiedler analyzed the code and discovered the vulnerability.
-Functional PoC exploit code was provided to Firejail development team.
-A description of the problem is here on Roman's blog:
-https://unparalleled.eu/publications/2021/advisory-unpar-2021-0.txt
-https://unparalleled.eu/blog/2021/20210208-rigged-race-against-firejail-for-local-root/
-`````
 ## Installing
 ### Debian
@@ -134,8 +105,6 @@ See the following discussions for details:
 Firejail is included in a large number of Linux distributions.
-Note: The firejail 0.9.52-LTS version is deprecated.
 You can also install one of the [released packages](http://sourceforge.net/projects/firejail/files/firejail), or clone Firejail’s source code from our Git repository and compile manually:
 `````
author	netblue30 <netblue30@protonmail.com>	2022-06-12 11:19:18 -0400
committer	netblue30 <netblue30@protonmail.com>	2022-06-12 11:19:18 -0400
commit	1f9dd92f6f0aa50522e624d1f4c70e068649e6df (patch)
tree	2f43db4644208ea86a5fd36c4bb93f9524facc71 /README.md
parent	0.9.71 (diff)
download	firejail-1f9dd92f6f0aa50522e624d1f4c70e068649e6df.tar.gz firejail-1f9dd92f6f0aa50522e624d1f4c70e068649e6df.tar.zst firejail-1f9dd92f6f0aa50522e624d1f4c70e068649e6df.zip

diff --git a/README.md b/README.md index 1ceb6e70c..a6c69c336 100644 --- a/README.md +++ b/README.md
@@ -63,35 +63,6 @@ Backup Video Channel: https://www.bitchute.com/profile/JSBsA1aoQVfW/
63		63
64	We take security bugs very seriously. If you believe you have found one, please report it by emailing us at netblue30@protonmail.com	64	We take security bugs very seriously. If you believe you have found one, please report it by emailing us at netblue30@protonmail.com
65		65
66	`````
67	Security Advisory - Feb 8, 2021
68
69	Summary: A vulnerability resulting in root privilege escalation was discovered in
70	Firejail's OverlayFS code,
71
72	Versions affected: Firejail software versions starting with 0.9.30.
73	Long Term Support (LTS) Firejail branch is not affected by this bug.
74
75	Workaround: Disable overlayfs feature at runtime.
76	In a text editor open /etc/firejail/firejail.config file, and set "overlayfs" entry to "no".
77
78	$ grep overlayfs /etc/firejail/firejail.config
79	# Enable or disable overlayfs features, default enabled.
80	overlayfs no
81
82	Fix: The bug is fixed in Firejail version 0.9.64.4
83
84	GitHub commit: (file configure.ac)
85	https://github.com/netblue30/firejail/commit/97d8a03cad19501f017587cc4e47d8418273834b
86
87	Credit: Security researcher Roman Fiedler analyzed the code and discovered the vulnerability.
88	Functional PoC exploit code was provided to Firejail development team.
89	A description of the problem is here on Roman's blog:
90
91	https://unparalleled.eu/publications/2021/advisory-unpar-2021-0.txt
92	https://unparalleled.eu/blog/2021/20210208-rigged-race-against-firejail-for-local-root/
93	`````
94
95	## Installing	66	## Installing
96		67
97	### Debian	68	### Debian
@@ -134,8 +105,6 @@ See the following discussions for details:
134		105
135	Firejail is included in a large number of Linux distributions.	106	Firejail is included in a large number of Linux distributions.
136		107
137	Note: The firejail 0.9.52-LTS version is deprecated.
138
139	You can also install one of the [released packages](http://sourceforge.net/projects/firejail/files/firejail), or clone Firejail’s source code from our Git repository and compile manually:	108	You can also install one of the [released packages](http://sourceforge.net/projects/firejail/files/firejail), or clone Firejail’s source code from our Git repository and compile manually:
140		109
141	`````	110	`````