Candidate: CVE-2017-5206
PublicDate: 2017-03-23 16:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5206
Description:
 Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, allows
 context-dependent attackers to bypass a seccomp-based sandbox protection
 mechanism via the --allow-debuggers argument.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850558
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H [9.0 CRITICAL]

Patches_firejail:
upstream_firejail: released (0.9.44.4-1)
precise_firejail: DNE
precise/esm_firejail: DNE
trusty_firejail: DNE
trusty/esm_firejail: DNE
vivid/stable-phone-overlay_firejail: DNE
vivid/ubuntu-core_firejail: DNE
xenial_firejail: ignored (end of standard support, was needed)
yakkety_firejail: ignored (reached end-of-life)
zesty_firejail: not-affected (0.9.44.8-1)
artful_firejail: not-affected (0.9.44.8-1)
bionic_firejail: not-affected (0.9.44.8-1)
cosmic_firejail: not-affected (0.9.44.8-1)
disco_firejail: not-affected (0.9.44.8-1)
eoan_firejail: not-affected (0.9.44.8-1)
focal_firejail: not-affected (0.9.44.8-1)
groovy_firejail: not-affected (0.9.44.8-1)
hirsute_firejail: not-affected (0.9.44.8-1)
impish_firejail: not-affected (0.9.44.8-1)
jammy_firejail: not-affected (0.9.44.8-1)
devel_firejail: not-affected (0.9.44.8-1)