[SECURITY] [DLA 3061-1] firejail security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3061-1] firejail security update
From: Sylvain Beucler <beuc@beuc.net>
Date: Wed, 29 Jun 2022 22:19:32 +0200
Message-id: <[🔎] 20220629201932.GA28734@mail.beuc.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3061-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Sylvain Beucler
June 29, 2022                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : firejail
Version        : 0.9.58.2-2+deb9u1
CVE ID         : CVE-2022-31214
Debian Bug     : 1012510

Matthias Gerstner discovered that the --join option of Firejail, a
sandbox to restrict an application environment, was susceptible to
local privilege escalation to root.

For Debian 9 stretch, this problem has been fixed in version
0.9.58.2-2+deb9u1.

We recommend that you upgrade your firejail packages.

For the detailed security status of firejail please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/firejail

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmK8sx4ACgkQDTl9HeUl
XjDpkQ//bs8RA/e+kwQdvk3FafPY4k0OR1w8grQ6ZFCJplkz9/MIHW/uZ0NQJC8p
aJa/fucOu2g0SaT8hmVZglc6NEu8+w1crzYatfmwNKxR/vpcGWCtEHBgCFcXUfwe
oFBy9wxOxfskNi5FLnGEI4H+/I2vcz+0rWcDYIZkkoX4fSsVmAO4Hi+n6fTOA4Ff
w8b0qZLKV6HqTIaDbkIpynU9vRJFwOvEElMSPeTPy9Yar0erRH5k/xfO+cUAf0LC
MiWugYflKfaDSvlA8Xtp4AdNblTrM5QCchpHtQn5PcKdkLw3gpkI1wTb0yDldCF6
WxVXv/at1eCJEVZyT4iZAKIK0Up0ALy86DcHNpHVz/OjxaeGx/zApR2JFDmmuMrN
gY4iqhIDD8dy8yKwuhsOTiRAZ9DHnTARvRZxtP4xUQ6mzziLv4t2QaZpsLsPflmR
U6/oyUTfMrlwmkqHdrOOpkj3BIKGMJBboICmaWj2UjX0IXC+rPfnrDC0TWyCDZ6g
NjWaTEvYQv92pMAx+O/YZBWHBrNlvwsvka0cPshqKS6T1WXu56HS0RiCmatL10qx
uEAXhwomz0fDtUmzac/5TdxPC5L/DQje1rqXG7eGhtkki23W4kbRozXAwpep0vBg
6s4ey5NlKe5ytlPGbWh5vC8GpBPV+ECg37upQgpudLURSx9Wucc=
=INlG
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3059-1] maven-shared-utils security update
Next by Date: [SECURITY] [DLA 3062-1] ublock-origin security update
Previous by thread: [SECURITY] [DLA 3059-1] maven-shared-utils security update
Next by thread: [SECURITY] [DLA 3062-1] ublock-origin security update
Index(es):
- Date
- Thread