Skip to content

Release 0.1.3 (fixes CVE-2016-8659)
Compare
Choose a tag to compare
@cgwalters cgwalters released this 14 Oct 16:46
v0.1.3
This tag was signed with the committer’s verified signature.
cgwalters Colin Walters
GPG key ID: DC45FD5921C13F0B
Learn about vigilant mode.
0bf9fb6

This release fixes CVE-2016-8659: #107
which is a local privilege escalation that applies when
bubblewrap is installed with suid or file capabilities. This
vulnerability does not apply for systems/distributions which
unconditionally enable CLONE_NEWUSER access for unprivileged
users, as e.g. Fedora 24 and newer (as of this writing) do.

However, this will apply to systems such as CentOS/RHEL 7, Debian
stable, Arch, etc. that use bubblewrap as a gating mechanism for
container/app tooling like Flatpak.

The bubblewrap authors wish to thank Sebastian Krahmer, who
has found and responsibly reported many security issues over
time, including this one.

At this time, the bubblewrap authors still believe the codebase is a
sensible option for systems/distributions which don't want to enable
full CLONE_NEWUSER. However, the upstream kernel has improved, and
continues to do so. It's likely at some point in the future that
bubblewrap will evolve more flexibility around gating access to
CLONE_NEWUSER, such as only allowing it for logged in human users,
not background daemons.

Alexander Larsson (3):
      Move commandline args to top of the file
      Don't allow setting hostname if not unsharing UTS namespace
      Only set DUMPABLE when we need it (i.e. in user namespace child)

Bill Nottingham (1):
      Fix capability list in spec file.

Colin Walters (1):
      Release 0.1.3

Kenton Varda (1):
      Make notes on sandstorm.io somewhat more accurate

Git-EVTag-v0-SHA512: 47f77d675735c9ad7f134ac996843b8a6889be9a6a925d586ecc6a4138d2d8d35d1270da04198f09c69434be42a85319b4b763e45ac97e0fce9a961535567c99

Assets 3
Loading