1
Candidate: CVE-2017-5180
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5180
5
http://www.openwall.com/lists/oss-security/2017/01/04/1
6
https://github.com/netblue30/firejail/issues/1020
7
http://www.openwall.com/lists/oss-security/2017/01/05/1
9
Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not
10
consider the .Xauthority case during its attempt to prevent accessing user
11
files with an euid of zero, which allows local users to conduct
12
sandbox-escape attacks via vectors involving a symlink and the --private
17
https://bugs.launchpad.net/ubuntu/xenial/+source/firejail/+bug/1655136
18
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850160
20
Discovered-by: Sebastian Krahmer
24
upstream_firejail: released (0.9.44.2-2)
26
precise/esm_firejail: DNE
28
vivid/stable-phone-overlay_firejail: DNE
29
vivid/ubuntu-core_firejail: DNE
30
xenial_firejail: released (0.9.38-1ubuntu0.1)
31
yakkety_firejail: ignored (reached end-of-life)
32
zesty_firejail: not-affected (0.9.44.8-1)
33
devel_firejail: not-affected (0.9.44.8-1)