Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sat, 7 Jan 2017 12:57:10 -0500
From: <cve-assign@...re.org>
To: <mcarpenter@...e.fr>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>
Subject: Re: Firejail local root exploit

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> 6. Root shell via --bandwidth and --shell
> 
> Reported at:
> https://github.com/netblue30/firejail/issues/1023
> 
> Fixed at:
>   https://github.com/netblue30/firejail/commit/5d43fdcd215203868d440ffc42036f5f5ffc89fc

Use CVE-2017-5207.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYcSqgAAoJEHb/MwWLVhi2/v4QAJK4oISptZjq0MUeAnSnOtAT
DypS2YyDgmfXARVnW9Mo6h50XJFBStzBXF4bZMovBLXDNyoVnUNcJ3mGZVWvKAFj
cWSHH7oLv+9FBNQNpSW1C+HOdDUr1TVNaXY9h8qPl0jxP2qMKqRS2E9eOJ9OTMzX
v9bgKyJGECbv8njzju7EKzbjDgGgrB5X2Y1cTSZnNXwSAc1OZ2cXZDx4Q8Ai/G0f
8OqI5yO74iEEHjSwL0SljhjGX2/YZyOMJZASlI6zzNe15HLcqS4ewZQAWr25NsBz
7Pf5sxHCUBSEi10kDlZrL9PAZRuZtD/aRMG51robZg0abTrIp+WM7oI5HVPh65Ep
SOYLMi/ZyaBEDAc0S+mktCv7AmGiiyWDFyYkX9y7adZedURCNzbaGzi9RGXtj7nA
9tFmC48kiCdo7RYV/fQCZt+aYiEKZUmsJr6NTOvodIEJVoGBILefLCn8BGMBJer9
SCilgTO8XNQrR+jpampIX4txM9Ne4xgASz3do31Drzlkt4Uxcf/aG2NckOoKNrAl
jan/zdDnoDXyedp+DIjn9r9P0OJwic+kq1aLfXs2SlRmaqXsEMVi2IzE45SYbsBZ
SxDG7EwslqEnEA0s7us4I71M3r7NeDyhCV+NzIOoY/0PF5VbU8q5wQA7zPRis5Jz
OCu6RFZSA6OjdSLAe5fy
=5Uph
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.