CVE-2017-5226

NameCVE-2017-5226
DescriptionWhen executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs850702

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
bubblewrap (PTS)buster0.3.1-4fixed
bullseye0.4.1-3fixed
bookworm0.8.0-2fixed
sid, trixie0.9.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bubblewrapsource(unstable)0.1.5-2850702

Notes

https://github.com/projectatomic/bubblewrap/issues/142
Search for package or bug name: Reporting problems