ALT-PU-2016-2018-1
Package bubblewrap updated to version 0.1.2-alt1 for branch sisyphus in task 169960.
Closed vulnerabilities
Published: 2017-02-13
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2016-8659
Bubblewrap before 0.1.3 sets the PR_SET_DUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket.
Severity: MEDIUM (6.9)
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Severity: HIGH (7.0)
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- http://www.openwall.com/lists/oss-security/2016/10/12/5
- http://www.openwall.com/lists/oss-security/2016/10/13/4
- http://www.securityfocus.com/bid/93542
- https://github.com/projectatomic/bubblewrap/issues/107
- http://www.openwall.com/lists/oss-security/2016/10/12/5
- http://www.openwall.com/lists/oss-security/2016/10/13/4
- http://www.securityfocus.com/bid/93542
- https://github.com/projectatomic/bubblewrap/issues/107