CVE-2017-5940

Name of the Vulnerable Software and Affected Versions Firejail versions prior to 0.9.44.6 Firejail 0.9.38.x LTS versions prior to 0.9.38.10 LTS

Description The issue allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option, due to an incomplete fix for a previous issue. This is possible because Firejail does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero.

Recommendations For Firejail versions prior to 0.9.44.6, update to version 0.9.44.6 or later. For Firejail 0.9.38.x LTS versions prior to 0.9.38.10 LTS, update to version 0.9.38.10 LTS or later.