CVE-2019-12499

Name of the Vulnerable Software and Affected Versions Firejail versions prior to 0.9.60

Description The issue allows for the truncation of the firejail binary on the host by running exploit code inside a firejail sandbox and having the sandbox terminated under specific conditions. These conditions include starting the jail with the exploit code inside as root and terminating it as root from the host, either by stopping it ungracefully or using the --shutdown control command.

Recommendations For versions prior to 0.9.60, update to version 0.9.60 or later to resolve the issue. As a temporary workaround, consider restricting the use of the firejail sandbox to non-root users to minimize the risk of exploitation. Additionally, avoid using the --shutdown control command or ungracefully stopping the sandbox when running as root until the issue is resolved.