Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2020-0328)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2020.0328

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2020-0328)

Resumen: The remote host is missing an update for the 'firejail' package(s) announced via the MGASA-2020-0328 advisory.

Descripción: Summary:
The remote host is missing an update for the 'firejail' package(s) announced via the MGASA-2020-0328 advisory.

Vulnerability Insight:
It was reported that firejail does not respect the end-of-options separator
('--'), allowing an attacker with control over the command line options of the
sandboxed application, to write data to a specified file (CVE-2020-17367).

It was reported that firejail when redirecting output via --output or
--output-stderr, concatenates all command line arguments into a single string
that is passed to a shell. An attacker who has control over the command line
arguments of the sandboxed application could take advantage of this flaw to run
arbitrary commands (CVE-2020-17368).

Affected Software/OS:
'firejail' package(s) on Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2020-17367
Debian Security Information: DSA-4743 (Google Search)
https://www.debian.org/security/2020/dsa-4743
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W66IR5YT4KG464SKEMQN2NP2LGATGEGS/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JFXN3JJG4DIMN4TAHOTKFMS7SGM4EOTR/
https://security.gentoo.org/glsa/202101-02
https://github.com/netblue30/firejail
https://www.debian.org/security/2020/dsa-4742
https://lists.debian.org/debian-lts-announce/2020/08/msg00033.html
SuSE Security Announcement: openSUSE-SU-2020:1208 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00036.html
Common Vulnerability Exposure (CVE) ID: CVE-2020-17368
Debian Security Information: DSA-4742 (Google Search)
https://github.com/netblue30/firejail/

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2020.0328
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2020-0328)
Resumen:	The remote host is missing an update for the 'firejail' package(s) announced via the MGASA-2020-0328 advisory.
Descripción:	Summary: The remote host is missing an update for the 'firejail' package(s) announced via the MGASA-2020-0328 advisory. Vulnerability Insight: It was reported that firejail does not respect the end-of-options separator ('--'), allowing an attacker with control over the command line options of the sandboxed application, to write data to a specified file (CVE-2020-17367). It was reported that firejail when redirecting output via --output or --output-stderr, concatenates all command line arguments into a single string that is passed to a shell. An attacker who has control over the command line arguments of the sandboxed application could take advantage of this flaw to run arbitrary commands (CVE-2020-17368). Affected Software/OS: 'firejail' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2020-17367 Debian Security Information: DSA-4743 (Google Search) https://www.debian.org/security/2020/dsa-4743 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W66IR5YT4KG464SKEMQN2NP2LGATGEGS/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JFXN3JJG4DIMN4TAHOTKFMS7SGM4EOTR/ https://security.gentoo.org/glsa/202101-02 https://github.com/netblue30/firejail https://www.debian.org/security/2020/dsa-4742 https://lists.debian.org/debian-lts-announce/2020/08/msg00033.html SuSE Security Announcement: openSUSE-SU-2020:1208 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00036.html Common Vulnerability Exposure (CVE) ID: CVE-2020-17368 Debian Security Information: DSA-4742 (Google Search) https://github.com/netblue30/firejail/
Copyright	Copyright (C) 2022 Greenbone AG