Firejail: Local Privilege Escalation A vulnerability has been discovered in Firejail which could result in local root privilege escalation. firejail,firejail-lts 2023-05-03 2023-05-03 850748 remote 0.9.70 0.9.70 0.9.56.2-r1

A SUID program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf.

Firejail does not sufficiently validate the user's environment prior to using it as the root user when using the --join command line option.

An unprivileged user can exploit this vulnerability to achieve local root privileges.

System administrators can mitigate this vulnerability via adding either "force-nonewprivs yes" or "join no" to the Firejail configuration file in /etc/firejail/firejail.config.

Gentoo has discontinued support for sys-apps/firejail-lts. Users should unmerge it in favor of sys-apps/firejail:

# emerge --ask --depclean --verbose "sys-apps/firejail-lts" # emerge --ask --verbose "sys-apps/firejail"

All Firejail users should upgrade to the latest version:

# emerge --ask --oneshot --verbose ">=sys-apps/firejail-0.9.70"
CVE-2022-31214 ajak sam