Jump to:

CVE-2016-8659

Jump to:

CVE-2016-8659

Package bubblewrap updated to version 0.1.2-alt1 for branch sisyphus in task 169960.

Published: 2017-02-13
Modified: 2024-11-21

CVE-2016-8659

Bubblewrap before 0.1.3 sets the PR_SET_DUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket.

Severity: HIGH (7.0) Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

[oss-security] 20161012 bubblewrap LPE
[oss-security] 20161012 bubblewrap LPE
[oss-security] 20161013 Re: bubblewrap LPE
[oss-security] 20161013 Re: bubblewrap LPE
93542
93542
https://github.com/projectatomic/bubblewrap/issues/107
https://github.com/projectatomic/bubblewrap/issues/107

Version: 2.1.0

Package bubblewrap update in sisyphus on 2016-09-25

ALT-PU-2016-2018-1

Closed vulnerabilities

CVE-2016-8659