diff options
| author |  Reiner Herrmann <reiner@reiner-h.de> | 2017-01-07 17:27:43 +0100 |
|---|---|---|
| committer | Reiner Herrmann <reiner@reiner-h.de> | 2017-01-07 17:27:43 +0100 |
| commit | 2edc394d28b35a4aee13d98128cc4ce25836852a (patch) | |
| tree | 14ac43a8cbb2f8bbc18390ebbfe432b953aa6173 /RELNOTES | |
| parent | spelling (diff) | |
| download | firejail-2edc394d28b35a4aee13d98128cc4ce25836852a.tar.gz firejail-2edc394d28b35a4aee13d98128cc4ce25836852a.tar.zst firejail-2edc394d28b35a4aee13d98128cc4ce25836852a.zip | |
Add references to CVEs in release notes
Diffstat (limited to 'RELNOTES')
| -rw-r--r-- | RELNOTES | 13 |
1 files changed, 7 insertions, 6 deletions
| @@ -4,13 +4,13 @@ firejail (0.9.45) baseline; urgency=low | |||
| 4 | * security: disabled --allow-debuggers when running on kernel | 4 | * security: disabled --allow-debuggers when running on kernel |
| 5 | versions prior to 4.8; a kernel bug in ptrace system call | 5 | versions prior to 4.8; a kernel bug in ptrace system call |
| 6 | allows a full bypass of seccomp filter; problem reported by Lizzie Dixon | 6 | allows a full bypass of seccomp filter; problem reported by Lizzie Dixon |
| 7 | * security: overwrite /etc/resolv.conf found by Martin Carpenter | 7 | * security: overwrite /etc/resolv.conf found by Martin Carpenter (CVE-2016-10118) |
| 8 | * secuirty: TOCTOU exploit for --get and --put found by Daniel Hodson | 8 | * secuirty: TOCTOU exploit for --get and --put found by Daniel Hodson |
| 9 | * security: invalid environment exploit found by Martin Carpenter | 9 | * security: invalid environment exploit found by Martin Carpenter (CVE-2016-10122) |
| 10 | * security: split most of networking code in a separate executable | 10 | * security: split most of networking code in a separate executable |
| 11 | * security: split seccomp filter code configuration in a separate executable | 11 | * security: split seccomp filter code configuration in a separate executable |
| 12 | * security: split file copying in private option in a separate executable | 12 | * security: split file copying in private option in a separate executable |
| 13 | * security: root exploit found by Sebastian Krahmer | 13 | * security: root exploit found by Sebastian Krahmer (CVE-2017-5180) |
| 14 | * feature: disable gnupg and systemd directories under /run/user | 14 | * feature: disable gnupg and systemd directories under /run/user |
| 15 | * feature: allow root user access to /dev/shm (--noblacklist=/dev/shm) | 15 | * feature: allow root user access to /dev/shm (--noblacklist=/dev/shm) |
| 16 | * feature: AppImage type 2 support | 16 | * feature: AppImage type 2 support |
| @@ -32,7 +32,7 @@ firejail (0.9.45) baseline; urgency=low | |||
| 32 | -- netblue30 <netblue30@yahoo.com> Sun, 23 Oct 2016 08:00:00 -0500 | 32 | -- netblue30 <netblue30@yahoo.com> Sun, 23 Oct 2016 08:00:00 -0500 |
| 33 | 33 | ||
| 34 | firejail (0.9.44) baseline; urgency=low | 34 | firejail (0.9.44) baseline; urgency=low |
| 35 | * CVE-2016-7545 submitted by Aleksey Manevich | 35 | * CVE-2016-9016 submitted by Aleksey Manevich |
| 36 | * modifs: removed man firejail-config | 36 | * modifs: removed man firejail-config |
| 37 | * modifs: --private-tmp whitelists /tmp/.X11-unix directory | 37 | * modifs: --private-tmp whitelists /tmp/.X11-unix directory |
| 38 | * modifs: Nvidia drivers added to --private-dev | 38 | * modifs: Nvidia drivers added to --private-dev |
| @@ -149,11 +149,12 @@ firejail (0.9.38) baseline; urgency=low | |||
| 149 | * added KMail, Seamonkey, Telegram, Mathematica, uGet, | 149 | * added KMail, Seamonkey, Telegram, Mathematica, uGet, |
| 150 | * and mupen64plus profiles | 150 | * and mupen64plus profiles |
| 151 | * --chroot in user mode allowed only if seccomp support is available | 151 | * --chroot in user mode allowed only if seccomp support is available |
| 152 | * in current Linux kernel | 152 | * in current Linux kernel (CVE-2016-10123) |
| 153 | * deprecated --private-home feature | 153 | * deprecated --private-home feature |
| 154 | * the first protocol list installed takes precedence | 154 | * the first protocol list installed takes precedence |
| 155 | * --tmpfs option allowed only running as root | 155 | * --tmpfs option allowed only running as root (CVE-2016-10117) |
| 156 | * added --private-tmp option | 156 | * added --private-tmp option |
| 157 | * weak permissions (CVE-2016-10119, CVE-2016-10120, CVE-2016-10121) | ||
| 157 | * bugfixes | 158 | * bugfixes |
| 158 | -- netblue30 <netblue30@yahoo.com> Tue, 2 Feb 2016 10:00:00 -0500 | 159 | -- netblue30 <netblue30@yahoo.com> Tue, 2 Feb 2016 10:00:00 -0500 |
| 159 | 160 | ||