it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 4849-1] firejail security update

From: Salvatore Bonaccorso <carnil AT debian.org>
To: debian-security-announce AT lists.debian.org
Subject: [IT-SecNots] [SECURITY] [DSA 4849-1] firejail security update
Date: Tue, 09 Feb 2021 21:18:28 +0000
List-archive: https://lists.debian.org/msgid-search/E1l9aOy-0000rj-8x AT seger.debian.org
List-id: <debian-security-announce.lists.debian.org>
List-url: <http://lists.debian.org/debian-security-announce/>
Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version :Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=lPzyxTdLisrdwAkeaiBrEAlVvOe5GvqxYPxH1Jb5+5s=; b=Ab 3ohTvDQ4TypwT1IeUXO9hTyPxUSrO0mb43n10MKZtoZAwNDNrau7IzwIp5NsrlRc0ckyAULxD8/J2 +GY1TKYWIAroAC/w7c5weu7cZpD6ngT2Gfnfo/ZuKkS8oztveUdtm7eJTJrFpg7njWMCskRbygqiS z6TRjZn0h4TMTQAeOsOVLgYQsXyam6ZBpAMD4efHZnfa2OElsyL1Z2OgND2kwSfFk1tEphY/wVj42 70en32jwqrdfztm/dWlPo2NtaYhCQQsKICVRPek0FZmNSLHcDNAFPrXAue+1yKEflD4tDJZRLcUT4 /k9HdHrgn5h8Xp3zZwKzWLfdPWMLkAcQ==;
Old-return-path: <carnil AT seger.debian.org>
Priority: urgent
Resent-date: Tue, 9 Feb 2021 21:18:53 +0000 (UTC)
Resent-from: debian-security-announce AT lists.debian.org
Resent-message-id: <M_uXUXFiIsO.A.RXF.9wvIgB@bendel>
Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4849-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
February 09, 2021 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : firejail
CVE ID : CVE-2021-26910

Roman Fiedler discovered a vulnerability in the OverlayFS code in
firejail, a sandbox program to restrict the running environment of
untrusted applications, which could result in root privilege escalation.
This update disables OverlayFS support in firejail.

For the stable distribution (buster), this problem has been fixed in
version 0.9.58.2-2+deb10u2.

We recommend that you upgrade your firejail packages.

For the detailed security status of firejail please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/firejail

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmAi+oVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0TfcA/+Oql0UYg91bBhISV37airwVjjdiLubX6bBpd4F3T12TPDuPBMxofY+61o
M10BBbW8w7MQaQ+uePFT+rL8I3UNU6j3BtvdU8L11FIvkIFIYMKC5VkqThNsJaNK
r/LGxIQbxudY2yr7DFOao2pdF5KoorcTcK8Vw/ULiRIL1/jtfzM7tz6RZjVysKlC
tNfY7GGOMmHTFyxPkU6sAlAS9scUZuQEJHIAJuzbLHMudoFf5jE2+HbnhAuiYKYh
q34ewtuNSda2H4hMNC6U76StdKmWvqjVuPyt9kQ1HVF+gbcaNRz7XL0rC1YEcnpo
d3mGZem1Pa5TcFzjaH8OKfqTsNKU+gC5JbRt/JmQho0IS8BPdZxOiHWWplawjj/k
K1VfBIWNJBf2Z9guoTqBkfLB5B1nreO3opVhgveft9NiH5ydeFa1z92utLQPN8fN
Mr7quGK88F9EGlORHdCXoqp4WTAai5wwdUkjY+y+Zt1Cr7wTsdTSvcWNKQQP8EvT
fhFTvU/57f3/jqE2N/FStDdcJNt95Q81qiuM7Ot4c9UQBuSGhcUo1+eoCArj1niv
MqeHc+bMv/Wxrg6LGsAEnDTgQHVBul+hROFBqlUExsQSLwq5o0jjUGBT8V3ZkXs6
JU69tVRsNU6c2+BHjg8zclURqQ3mLTW0BCReKK5JqbL8eo1G2lA=
=+BOy
-----END PGP SIGNATURE-----

[IT-SecNots] [SECURITY] [DSA 4849-1] firejail security update, Salvatore Bonaccorso, 09.02.2021

Archiv bereitgestellt durch MHonArc 2.6.24.