Описание
Security update for firejail
This update for firejail fixes the following issues:
- CVE-2020-17367: The end-of-options separator -- was not handled correctly (boo#1174986).
- CVE-2020-17368: An attacker who has control over the command line arguments could run arbitrary commands (boo#1174986).
Список пакетов
openSUSE Leap 15.2
firejail-0.9.62-lp152.3.3.1
Ссылки
- E-Mail link for openSUSE-SU-2020:1208-1
- SUSE Security Ratings
- SUSE Bug 1174986
- SUSE CVE CVE-2020-17367 page
- SUSE CVE CVE-2020-17368 page
Описание
Firejail through 0.9.62 does not honor the -- end-of-options indicator after the --output option, which may lead to command injection.
Затронутые продукты
openSUSE Leap 15.2:firejail-0.9.62-lp152.3.3.1
Ссылки
- CVE-2020-17367
- SUSE Bug 1174986
Описание
Firejail through 0.9.62 mishandles shell metacharacters during use of the --output or --output-stderr option, which may lead to command injection.
Затронутые продукты
openSUSE Leap 15.2:firejail-0.9.62-lp152.3.3.1
Ссылки
- CVE-2020-17368
- SUSE Bug 1174986