README.md: Mention security situation on Ubuntu and recommend PPA

Add the information posted by @reinerh on #4666 (related to CVE-2021-26910 and Ubuntu's security policy) and also the instructions from #4663 for installing from the PPA. See also https://bugs.launchpad.net/ubuntu/+source/firejail/+bug/1916767
author: Kelvin M. Klann <kmk3.code@protonmail.com> 2021-12-07 19:57:51 -0300
committer: Kelvin M. Klann <kmk3.code@protonmail.com> 2021-12-07 21:01:10 -0300
commit: 09de225e6d9c53111acb9069a02e0ac8278a0a48 (patch)
tree: b2d0d0eabc8923e509359be01961fc9a30454117 /README.md
parent: profstats: Fix whitespace on license notice (diff)
download: firejail-09de225e6d9c53111acb9069a02e0ac8278a0a48.tar.gz
firejail-09de225e6d9c53111acb9069a02e0ac8278a0a48.tar.zst
firejail-09de225e6d9c53111acb9069a02e0ac8278a0a48.zip
1 files changed, 42 insertions, 2 deletions
diff --git a/README.md b/README.md
index 33b23f418..878ad476a 100644
--- a/README.md
+++ b/README.md
@@ -94,9 +94,49 @@ https://unparalleled.eu/blog/2021/20210208-rigged-race-against-firejail-for-loca
 ## Installing
-Try installing Firejail from your system packages first. Firejail is included in Alpine, ALT Linux, Arch, Artix, Chakra, Debian, Deepin, Devuan, Fedora, Gentoo, Manjaro, Mint, NixOS, Parabola, Parrot, PCLinuxOS, ROSA, Solus, Slackware/SlackBuilds, Trisquel, Ubuntu, Void and possibly others.
+### Debian
-The firejail 0.9.52-LTS version is deprecated. On Ubuntu 18.04 LTS users are advised to use the [PPA](https://launchpad.net/~deki/+archive/ubuntu/firejail). On Debian stable (bullseye) we recommend to use the [backports](https://packages.debian.org/bullseye-backports/firejail) package.
+Debian stable (bullseye): We recommend to use the [backports](https://packages.debian.org/bullseye-backports/firejail) package.
+### Ubuntu
+For Ubuntu 18.04+ and derivatives (such as Linux Mint), users are **strongly advised** to use the [PPA](https://launchpad.net/~deki/+archive/ubuntu/firejail).
+How to add and install from the PPA:
+```sh
+sudo add-apt-repository ppa:deki/firejail
+sudo apt-get update
+sudo apt-get install firejail firejail-profiles
+```
+Reason: The firejail package for Ubuntu 20.04 has been left vulnerable to CVE-2021-26910 for months after a patch for it was posted on Launchpad:
+* [firejail version in Ubuntu 20.04 LTS is vulnerable to CVE-2021-26910](https://bugs.launchpad.net/ubuntu/+source/firejail/+bug/1916767)
+See also <https://wiki.ubuntu.com/SecurityTeam/FAQ>:
+> What software is supported by the Ubuntu Security team?
+>
+> Ubuntu is currently divided into four components: main, restricted, universe
+> and multiverse. All binary packages in main and restricted are supported by
+> the Ubuntu Security team for the life of an Ubuntu release, while binary
+> packages in universe and multiverse are supported by the Ubuntu community.
+Additionally, the PPA version is likely to be more recent and to contain more profile fixes.
+See the following discussions for details:
+* [Should I keep using the version of firejail available in my distro repos?](https://github.com/netblue30/firejail/discussions/4666)
+* [How to install the latest version on Ubuntu and derivatives](https://github.com/netblue30/firejail/discussions/4663)
+### Other
+Try installing Firejail from your distribution.
+Firejail is included in Alpine, ALT Linux, Arch, Artix, Chakra, Debian, Deepin, Devuan, Fedora, Gentoo, Manjaro, Mint, NixOS, Parabola, Parrot, PCLinuxOS, ROSA, Solus, Slackware/SlackBuilds, Trisquel, Ubuntu, Void and possibly others.
+Note: The firejail 0.9.52-LTS version is deprecated.
 You can also install one of the [released packages](http://sourceforge.net/projects/firejail/files/firejail), or clone Firejail’s source code from our Git repository and compile manually:
author	Kelvin M. Klann <kmk3.code@protonmail.com>	2021-12-07 19:57:51 -0300
committer	Kelvin M. Klann <kmk3.code@protonmail.com>	2021-12-07 21:01:10 -0300
commit	09de225e6d9c53111acb9069a02e0ac8278a0a48 (patch)
tree	b2d0d0eabc8923e509359be01961fc9a30454117 /README.md
parent	profstats: Fix whitespace on license notice (diff)
download	firejail-09de225e6d9c53111acb9069a02e0ac8278a0a48.tar.gz firejail-09de225e6d9c53111acb9069a02e0ac8278a0a48.tar.zst firejail-09de225e6d9c53111acb9069a02e0ac8278a0a48.zip

diff --git a/README.md b/README.md index 33b23f418..878ad476a 100644 --- a/README.md +++ b/README.md
@@ -94,9 +94,49 @@ https://unparalleled.eu/blog/2021/20210208-rigged-race-against-firejail-for-loca
94		94
95	## Installing	95	## Installing
96		96
97	Try installing Firejail from your system packages first. Firejail is included in Alpine, ALT Linux, Arch, Artix, Chakra, Debian, Deepin, Devuan, Fedora, Gentoo, Manjaro, Mint, NixOS, Parabola, Parrot, PCLinuxOS, ROSA, Solus, Slackware/SlackBuilds, Trisquel, Ubuntu, Void and possibly others.	97	### Debian
98		98
99	The firejail 0.9.52-LTS version is deprecated. On Ubuntu 18.04 LTS users are advised to use the [PPA](https://launchpad.net/~deki/+archive/ubuntu/firejail). On Debian stable (bullseye) we recommend to use the [backports](https://packages.debian.org/bullseye-backports/firejail) package.	99	Debian stable (bullseye): We recommend to use the [backports](https://packages.debian.org/bullseye-backports/firejail) package.
		100
		101	### Ubuntu
		102
		103	For Ubuntu 18.04+ and derivatives (such as Linux Mint), users are strongly advised to use the [PPA](https://launchpad.net/~deki/+archive/ubuntu/firejail).
		104
		105	How to add and install from the PPA:
		106
		107	```sh
		108	sudo add-apt-repository ppa:deki/firejail
		109	sudo apt-get update
		110	sudo apt-get install firejail firejail-profiles
		111	```
		112
		113	Reason: The firejail package for Ubuntu 20.04 has been left vulnerable to CVE-2021-26910 for months after a patch for it was posted on Launchpad:
		114
		115	* [firejail version in Ubuntu 20.04 LTS is vulnerable to CVE-2021-26910](https://bugs.launchpad.net/ubuntu/+source/firejail/+bug/1916767)
		116
		117	See also <https://wiki.ubuntu.com/SecurityTeam/FAQ>:
		118
		119	> What software is supported by the Ubuntu Security team?
		120	>
		121	> Ubuntu is currently divided into four components: main, restricted, universe
		122	> and multiverse. All binary packages in main and restricted are supported by
		123	> the Ubuntu Security team for the life of an Ubuntu release, while binary
		124	> packages in universe and multiverse are supported by the Ubuntu community.
		125
		126	Additionally, the PPA version is likely to be more recent and to contain more profile fixes.
		127
		128	See the following discussions for details:
		129
		130	* [Should I keep using the version of firejail available in my distro repos?](https://github.com/netblue30/firejail/discussions/4666)
		131	* [How to install the latest version on Ubuntu and derivatives](https://github.com/netblue30/firejail/discussions/4663)
		132
		133	### Other
		134
		135	Try installing Firejail from your distribution.
		136
		137	Firejail is included in Alpine, ALT Linux, Arch, Artix, Chakra, Debian, Deepin, Devuan, Fedora, Gentoo, Manjaro, Mint, NixOS, Parabola, Parrot, PCLinuxOS, ROSA, Solus, Slackware/SlackBuilds, Trisquel, Ubuntu, Void and possibly others.
		138
		139	Note: The firejail 0.9.52-LTS version is deprecated.
100		140
101	You can also install one of the [released packages](http://sourceforge.net/projects/firejail/files/firejail), or clone Firejail’s source code from our Git repository and compile manually:	141	You can also install one of the [released packages](http://sourceforge.net/projects/firejail/files/firejail), or clone Firejail’s source code from our Git repository and compile manually:
102		142