DSA-4742-1 firejail -- firejailID: oval:org.secpod.oval:def:604981 | Date: (C)2020-08-11 (M)2023-11-13 |
Class: PATCH | Family: unix |
Tim Starling discovered two vulnerabilities in firejail, a sandbox program to restrict the running environment of untrusted applications. CVE-2020-17367 It was reported that firejail does not respect the end-of-options separator , allowing an attacker with control over the command line options of the sandboxed application, to write data to a specified file. CVE-2020-17368 It was reported that firejail when redirecting output via --output or --output-stderr, concatenates all command line arguments into a single string that is passed to a shell. An attacker who has control over the command line arguments of the sandboxed application could take advantage of this flaw to run run arbitrary other commands.