Candidate: CVE-2020-17368
PublicDate: 2020-08-11 16:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368
Description:
 Firejail through 0.9.62 mishandles shell metacharacters during use of the
 --output or --output-stderr option, which may lead to command injection.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by: Tim Starling
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_firejail:
 upstream: https://github.com/netblue30/firejail/commit/34193604fed04cad2b7b6b0f1a3a0428afd9ed5b
upstream_firejail: released (0.9.62-4)
precise/esm_firejail: DNE
trusty_firejail: ignored (out of standard support)
trusty/esm_firejail: DNE
xenial_firejail: ignored (end of standard support, was needs-triage)
bionic_firejail: needs-triage
focal_firejail: needs-triage
groovy_firejail: not-affected (0.9.62-4)
hirsute_firejail: not-affected (0.9.62-4)
impish_firejail: not-affected (0.9.62-4)
jammy_firejail: not-affected (0.9.62-4)
devel_firejail: not-affected (0.9.62-4)