rpm package
opensuse/firejail&distro=openSUSE Leap 15.2
pkg:rpm/opensuse/firejail&distro=openSUSE%20Leap%2015.2
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-26910 | — | < 0.9.64.4-lp152.3.6.1 | 0.9.64.4-lp152.3.6.1 | Feb 8, 2021 | Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation. | ||
| CVE-2020-17368 | — | < 0.9.62-lp152.3.3.1 | 0.9.62-lp152.3.3.1 | Aug 11, 2020 | Firejail through 0.9.62 mishandles shell metacharacters during use of the --output or --output-stderr option, which may lead to command injection. | ||
| CVE-2020-17367 | — | < 0.9.62-lp152.3.3.1 | 0.9.62-lp152.3.3.1 | Aug 11, 2020 | Firejail through 0.9.62 does not honor the -- end-of-options indicator after the --output option, which may lead to command injection. |
- CVE-2021-26910Feb 8, 2021affected < 0.9.64.4-lp152.3.6.1fixed 0.9.64.4-lp152.3.6.1
Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation.
- CVE-2020-17368Aug 11, 2020affected < 0.9.62-lp152.3.3.1fixed 0.9.62-lp152.3.3.1
Firejail through 0.9.62 mishandles shell metacharacters during use of the --output or --output-stderr option, which may lead to command injection.
- CVE-2020-17367Aug 11, 2020affected < 0.9.62-lp152.3.3.1fixed 0.9.62-lp152.3.3.1
Firejail through 0.9.62 does not honor the -- end-of-options indicator after the --output option, which may lead to command injection.