** Changed in: firejail (Ubuntu)
Importance: Undecided => Medium
** Summary changed:
- firejail version in Ubuntu 20.04 LTS is vulnarable to CVE-2021-26910
+ firejail version in Ubuntu 20.04 LTS is vulnerable to CVE-2021-26910
--
You received this bug notification because you are a member of
** Patch added: "Debdiff provided by Reiner"
https://bugs.launchpad.net/ubuntu/+source/firejail/+bug/1916767/+attachment/5488486/+files/firejail-cve.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net
The launchpad also seems to have been mangled (converted tabs to spaces).
Please get the debdiff from here: https://paste.ubuntu.com/p/t6wF6253Yq/
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1916767
Attached is a debdiff that backports the upstream fix for this issue,
which disables the vulnerable overlayfs support (which was anyway broken
on recent kernel versions).
It compiles in an Ubuntu Focal chroot. I also verified that after
installation in the same chroot the overlayfs suppor is disab
I can't currently post patches, something seems broken in Launchpad. So
here is the full patch in a comment:
diff -Nru firejail-0.9.62/debian/changelog firejail-0.9.62/debian/changelog
--- firejail-0.9.62/debian/changelog2020-01-20 18:53:34.0 +
+++ firejail-0.9.62/debian/changelog
I'm changing this to public security bug, as the CVE is already
published.
** Information type changed from Private Security to Public Security
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-26910
--
You received this bug notification because you are a member of Ubuntu
Bugs,