Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 25 Oct 2016 09:29:02 +0200
From: Yves-Alexis Perez <>
 netblue30 <>
Subject: Re: CVE-2016-7545 -- SELinux sandbox escape

On Sun, 2016-09-25 at 13:49 +0200, wrote:
> When executing a program via the SELinux sandbox, the nonpriv session
> can escape to the parent session by using the TIOCSTI ioctl to push
> characters into the terminal's input buffer, allowing an attacker to
> escape the sandbox.


it seems that firejail was affected by the same vulnerability, which was fixed
in 0.9.44 with

The commit log reuses the CVE-2016-7545 number, but I guess a new one should
be assigned since they don't share the same codebase?

Yves-Alexis Perez - Debian Security

Download attachment "signature.asc" of type "application/pgp-signature" (456 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ