{"id":"MGASA-2020-0115","summary":"Updated firejail packages fix security vulnerabilities","details":"Updated firejail package fixes security vulnerabilities:\n\nFirejail before 0.9.60 allows truncation (resizing to length 0) of the\nfirejail binary on the host by running exploit code inside a firejail\nsandbox and having the sandbox terminated. To succeed, certain conditions\nneed to be fulfilled: The jail (with the exploit code inside) needs to be\nstarted as root, and it also needs to be terminated as root from the host\n(either by stopping it ungracefully (e.g., SIGKILL), or by using the\n --shutdown control command) (CVE-2019-12499).\n\nIn Firejail before 0.9.60, seccomp filters are writable inside the jail,\nleading to a lack of intended seccomp restrictions for a process that is\njoined to the jail after a filter has been modified by an attacker\n(CVE-2019-12589).\n","modified":"2026-04-16T00:12:20.793109197Z","published":"2020-03-06T16:13:58Z","upstream":["CVE-2019-12499","CVE-2019-12589"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0115.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=26013"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RGVULJ6IKVDO6UAVIQRHQVSKOUD6QDWM/"}],"affected":[{"package":{"name":"firejail","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/firejail?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.9.56-2.1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0115.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}