bubblewrap-0.5.0-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10663 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z bubblewrap-0.5.0-1.1 on GA media These are all security issues fixed in the bubblewrap-0.5.0-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10663 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10663 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2017-5226/ SUSE CVE CVE-2017-5226 page https://www.suse.com/security/cve/CVE-2019-12439/ SUSE CVE CVE-2019-12439 page https://www.suse.com/security/cve/CVE-2020-5291/ SUSE CVE CVE-2020-5291 page openSUSE Tumbleweed bubblewrap-0.5.0-1.1 bubblewrap-zsh-completion-0.5.0-1.1 bubblewrap-0.5.0-1.1 as a component of openSUSE Tumbleweed bubblewrap-zsh-completion-0.5.0-1.1 as a component of openSUSE Tumbleweed When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox. CVE-2017-5226 openSUSE Tumbleweed:bubblewrap-0.5.0-1.1 openSUSE Tumbleweed:bubblewrap-zsh-completion-0.5.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5226.html CVE-2017-5226 https://bugzilla.suse.com/1130637 SUSE Bug 1130637 https://bugzilla.suse.com/1173998 SUSE Bug 1173998 https://bugzilla.suse.com/1174073 SUSE Bug 1174073 https://bugzilla.suse.com/1209411 SUSE Bug 1209411 bubblewrap.c in Bubblewrap before 0.3.3 misuses temporary directories in /tmp as a mount point. In some particular configurations (related to XDG_RUNTIME_DIR), a local attacker may abuse this flaw to prevent other users from executing bubblewrap or potentially execute code. CVE-2019-12439 openSUSE Tumbleweed:bubblewrap-0.5.0-1.1 openSUSE Tumbleweed:bubblewrap-zsh-completion-0.5.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-12439.html CVE-2019-12439 https://bugzilla.suse.com/1136958 SUSE Bug 1136958 Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the `bwrap --userns2` option can be used to make the setuid process keep running as root while being traceable. This can in turn be used to gain root permissions. Note that this only affects the combination of bubblewrap in setuid mode (which is typically used when unprivileged user namespaces are not supported) and the support of unprivileged user namespaces. Known to be affected are: * Debian testing/unstable, if unprivileged user namespaces enabled (not default) * Debian buster-backports, if unprivileged user namespaces enabled (not default) * Arch if using `linux-hardened`, if unprivileged user namespaces enabled (not default) * Centos 7 flatpak COPR, if unprivileged user namespaces enabled (not default) This has been fixed in the 0.4.1 release, and all affected users should update. CVE-2020-5291 openSUSE Tumbleweed:bubblewrap-0.5.0-1.1 openSUSE Tumbleweed:bubblewrap-zsh-completion-0.5.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-5291.html CVE-2020-5291 https://bugzilla.suse.com/1168291 SUSE Bug 1168291