diff options
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 26 |
1 files changed, 26 insertions, 0 deletions
@@ -83,6 +83,32 @@ Backup Video Channel: https://www.bitchute.com/profile/JSBsA1aoQVfW/ | |||
83 | 83 | ||
84 | We take security bugs very seriously. If you believe you have found one, please report it by emailing us at netblue30@protonmail.com | 84 | We take security bugs very seriously. If you believe you have found one, please report it by emailing us at netblue30@protonmail.com |
85 | 85 | ||
86 | ````` | ||
87 | Security Adivsory - Feb 8, 2021 | ||
88 | |||
89 | Summary: A vulnerability resulting in root privilege escalation was discovered in Firejail's OverlayFS code, | ||
90 | |||
91 | Versions affected: Firejail software versions starting with 0.9.30. Long Term Support (LTS) Firejail branch is not affected by this bug. | ||
92 | |||
93 | Workaround: Disable overlayfs feature at runtime. In a text editor open /etc/firejail/firejail.config file, and set "overlayfs" entry to "no". | ||
94 | |||
95 | $ grep overlayfs /etc/firejail/firejail.config | ||
96 | # Enable or disable overlayfs features, default enabled. | ||
97 | overlayfs no | ||
98 | |||
99 | Fix: The bug is fixed in Firejail version 0.9.64.4 | ||
100 | |||
101 | GitHub commit: (file configure.ac) | ||
102 | https://github.com/netblue30/firejail/commit/97d8a03cad19501f017587cc4e47d8418273834b | ||
103 | |||
104 | Credit: Security researcher Roman Fiedler analyzed the code and discovered the vulnerability. | ||
105 | Functional PoC exploit code was provided to Firejail development team. | ||
106 | A description of the problem is here on Roman's blog: | ||
107 | |||
108 | https://unparalleled.eu/publications/2021/advisory-unpar-2021-0.txt | ||
109 | https://unparalleled.eu/blog/2021/20210208-rigged-race-against-firejail-for-local-root/ | ||
110 | ````` | ||
111 | |||
86 | ## Installing | 112 | ## Installing |
87 | 113 | ||
88 | Try installing Firejail from your system packages first. Firejail is included in Alpine, ALT Linux, Arch, Chakra, Debian, Deepin, Devuan, Fedora, Gentoo, Manjaro, Mint, NixOS, Parabola, Parrot, PCLinuxOS, ROSA, Solus, Slackware/SlackBuilds, Trisquel, Ubuntu, Void and possibly others. | 114 | Try installing Firejail from your system packages first. Firejail is included in Alpine, ALT Linux, Arch, Chakra, Debian, Deepin, Devuan, Fedora, Gentoo, Manjaro, Mint, NixOS, Parabola, Parrot, PCLinuxOS, ROSA, Solus, Slackware/SlackBuilds, Trisquel, Ubuntu, Void and possibly others. |