[Buildroot] [PATCH 1/1] package/bubblewrap: security bump to version 0.4.1
Peter Korsgaard
peter at korsgaard.com
Wed Apr 8 14:30:19 UTC 2020
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:
> Fix CVE-2020-5291: Bubblewrap (bwrap) before version 0.4.1, if installed
> in setuid mode and the kernel supports unprivileged user namespaces,
> then the `bwrap --userns2` option can be used to make the setuid process
> keep running as root while being traceable. This can in turn be used to
> gain root permissions. Note that this only affects the combination of
> bubblewrap in setuid mode (which is typically used when unprivileged
> user namespaces are not supported) and the support of unprivileged user
> namespaces.
> Also update indentation of hash file (two spaces)
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Committed to 2020.02.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list