Control: reassign 850702 bubblewrap 0~git160513-1 Control: forwarded 850702 https://github.com/projectatomic/bubblewrap/issues/142 Control: tags 850702 + security upstream
On Mon, 09 Jan 2017 at 14:19:36 +0100, up201407...@alunos.dcc.fc.up.pt wrote: > When executing a program via the bubblewrap sandbox, the nonpriv > session can escape to the parent session by using the TIOCSTI ioctl to > push characters into the terminal's input buffer, allowing an attacker > to escape the sandbox. Thanks. Do you have a proposed or preferred solution for this? Please direct any further correspondence about this bug upstream if possible: I've opened a GitHub bug https://github.com/projectatomic/bubblewrap/issues/142 for that. > This has been assigned CVE-2017-5226. Assigned by whom? If you are auditing for security vulnerabilities, please try to follow the normal disclosure best-practices: in particular, if a vulnerability is not already public, please contact upstream maintainers privately first, to give them a chance to fix a vulnerability before the general public know about it. Regards, S
