Candidate: CVE-2019-12589
PublicDate: 2019-06-03 03:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12589
 https://github.com/netblue30/firejail/issues/2718
 https://github.com/netblue30/firejail/commit/eecf35c2f8249489a1d3e512bb07f0d427183134
 https://github.com/netblue30/firejail/releases/tag/0.9.60
Description:
 In Firejail before 0.9.60, seccomp filters are writable inside the jail,
 leading to a lack of intended seccomp restrictions for a process that is
 joined to the jail after a filter has been modified by an attacker.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929732
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H [8.8 HIGH]


Patches_firejail:
upstream_firejail: released (0.9.58.2-2)
precise/esm_firejail: DNE
trusty_firejail: ignored (out of standard support)
trusty/esm_firejail: DNE
xenial_firejail: ignored (end of standard support, was needed)
bionic_firejail: needed
cosmic_firejail: ignored (reached end-of-life)
disco_firejail: ignored (reached end-of-life)
eoan_firejail: released (0.9.58.2-2)
focal_firejail: released (0.9.58.2-2)
groovy_firejail: released (0.9.58.2-2)
hirsute_firejail: released (0.9.58.2-2)
impish_firejail: released (0.9.58.2-2)
jammy_firejail: released (0.9.58.2-2)
devel_firejail: released (0.9.58.2-2)