Candidate: CVE-2016-9016
PublicDate: 2017-01-19 20:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9016
 http://www.openwall.com/lists/oss-security/2016/10/25/3
Description:
 Firejail 0.9.38.4 allows local users to execute arbitrary commands outside
 of the sandbox via a crafted TIOCSTI ioctl call.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/ubuntu/xenial/+source/firejail/+bug/1655136
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H [8.8 HIGH]

Patches_firejail:
 upstream: https://github.com/netblue30/firejail/commit/46dc2b34f1fbbc4597b4ff9f6a3cb28b2d500d1b
upstream_firejail: released (0.9.44-1)
precise_firejail: DNE
precise/esm_firejail: DNE
trusty_firejail: DNE
trusty/esm_firejail: DNE
vivid/stable-phone-overlay_firejail: DNE
vivid/ubuntu-core_firejail: DNE
xenial_firejail: released (0.9.38-1ubuntu0.1)
yakkety_firejail: ignored (reached end-of-life)
zesty_firejail: not-affected (0.9.44.8-1)
devel_firejail: not-affected (0.9.44.8-1)