security advisory

author: netblue30 <netblue30@protonmail.com> 2021-02-08 08:59:48 -0500
committer: netblue30 <netblue30@protonmail.com> 2021-02-08 08:59:48 -0500
commit: b7cf89ecf2c74ece1ee5c1bc55b10936fe7e045a (patch)
tree: bd473a0f4a308bef7a083decc22b47632e420c29 /README.md
parent: use ${DOWNLOADS} in lutris.profile (#3955) (diff)
download: firejail-b7cf89ecf2c74ece1ee5c1bc55b10936fe7e045a.tar.gz
firejail-b7cf89ecf2c74ece1ee5c1bc55b10936fe7e045a.tar.zst
firejail-b7cf89ecf2c74ece1ee5c1bc55b10936fe7e045a.zip
1 files changed, 26 insertions, 0 deletions
diff --git a/README.md b/README.md
index 973c4dcbd..635d1b28b 100644
--- a/README.md
+++ b/README.md
@@ -83,6 +83,32 @@ Backup Video Channel: https://www.bitchute.com/profile/JSBsA1aoQVfW/
 We take security bugs very seriously. If you believe you have found one, please report it by emailing us at netblue30@protonmail.com
+`````
+Security Adivsory - Feb 8, 2021
+Summary: A vulnerability resulting in root privilege escalation was discovered in Firejail's OverlayFS code,
+Versions affected: Firejail software versions starting with 0.9.30. Long Term Support (LTS) Firejail branch is not affected by this bug.
+Workaround: Disable overlayfs feature at runtime. In a text editor open /etc/firejail/firejail.config file, and set "overlayfs" entry to "no".
+      $ grep overlayfs /etc/firejail/firejail.config
+      # Enable or disable overlayfs features, default enabled.
+      overlayfs no
+Fix: The bug is fixed in Firejail version 0.9.64.4
+GitHub commit: (file configure.ac)
+https://github.com/netblue30/firejail/commit/97d8a03cad19501f017587cc4e47d8418273834b
+Credit:  Security researcher Roman Fiedler analyzed the code and discovered the vulnerability.
+Functional PoC exploit code was provided to Firejail development team.
+A description of the problem is here on Roman's blog:
+https://unparalleled.eu/publications/2021/advisory-unpar-2021-0.txt
+https://unparalleled.eu/blog/2021/20210208-rigged-race-against-firejail-for-local-root/
+`````
 ## Installing
 Try installing Firejail from your system packages first. Firejail is included in Alpine, ALT Linux, Arch, Chakra, Debian, Deepin, Devuan, Fedora, Gentoo, Manjaro, Mint, NixOS, Parabola, Parrot, PCLinuxOS, ROSA, Solus, Slackware/SlackBuilds, Trisquel, Ubuntu, Void and possibly others.
author	netblue30 <netblue30@protonmail.com>	2021-02-08 08:59:48 -0500
committer	netblue30 <netblue30@protonmail.com>	2021-02-08 08:59:48 -0500
commit	b7cf89ecf2c74ece1ee5c1bc55b10936fe7e045a (patch)
tree	bd473a0f4a308bef7a083decc22b47632e420c29 /README.md
parent	use ${DOWNLOADS} in lutris.profile (#3955) (diff)
download	firejail-b7cf89ecf2c74ece1ee5c1bc55b10936fe7e045a.tar.gz firejail-b7cf89ecf2c74ece1ee5c1bc55b10936fe7e045a.tar.zst firejail-b7cf89ecf2c74ece1ee5c1bc55b10936fe7e045a.zip

diff --git a/README.md b/README.md index 973c4dcbd..635d1b28b 100644 --- a/README.md +++ b/README.md
@@ -83,6 +83,32 @@ Backup Video Channel: https://www.bitchute.com/profile/JSBsA1aoQVfW/
83		83
84	We take security bugs very seriously. If you believe you have found one, please report it by emailing us at netblue30@protonmail.com	84	We take security bugs very seriously. If you believe you have found one, please report it by emailing us at netblue30@protonmail.com
85		85
		86	`````
		87	Security Adivsory - Feb 8, 2021
		88
		89	Summary: A vulnerability resulting in root privilege escalation was discovered in Firejail's OverlayFS code,
		90
		91	Versions affected: Firejail software versions starting with 0.9.30. Long Term Support (LTS) Firejail branch is not affected by this bug.
		92
		93	Workaround: Disable overlayfs feature at runtime. In a text editor open /etc/firejail/firejail.config file, and set "overlayfs" entry to "no".
		94
		95	$ grep overlayfs /etc/firejail/firejail.config
		96	# Enable or disable overlayfs features, default enabled.
		97	overlayfs no
		98
		99	Fix: The bug is fixed in Firejail version 0.9.64.4
		100
		101	GitHub commit: (file configure.ac)
		102	https://github.com/netblue30/firejail/commit/97d8a03cad19501f017587cc4e47d8418273834b
		103
		104	Credit: Security researcher Roman Fiedler analyzed the code and discovered the vulnerability.
		105	Functional PoC exploit code was provided to Firejail development team.
		106	A description of the problem is here on Roman's blog:
		107
		108	https://unparalleled.eu/publications/2021/advisory-unpar-2021-0.txt
		109	https://unparalleled.eu/blog/2021/20210208-rigged-race-against-firejail-for-local-root/
		110	`````
		111
86	## Installing	112	## Installing
87		113
88	Try installing Firejail from your system packages first. Firejail is included in Alpine, ALT Linux, Arch, Chakra, Debian, Deepin, Devuan, Fedora, Gentoo, Manjaro, Mint, NixOS, Parabola, Parrot, PCLinuxOS, ROSA, Solus, Slackware/SlackBuilds, Trisquel, Ubuntu, Void and possibly others.	114	Try installing Firejail from your system packages first. Firejail is included in Alpine, ALT Linux, Arch, Chakra, Debian, Deepin, Devuan, Fedora, Gentoo, Manjaro, Mint, NixOS, Parabola, Parrot, PCLinuxOS, ROSA, Solus, Slackware/SlackBuilds, Trisquel, Ubuntu, Void and possibly others.