CVE-2017-5226

NameCVE-2017-5226
DescriptionWhen executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs850702

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
bubblewrap (PTS)stretch0.1.7-1fixed
buster0.3.1-4fixed
bullseye0.4.1-3fixed
bookworm (security), bookworm0.8.0-2+deb12u1fixed
sid, trixie0.11.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bubblewrapsource(unstable)0.1.5-2850702

Notes

https://github.com/projectatomic/bubblewrap/issues/142
Search for package or bug name: Reporting problems