mirror of
https://git.busybox.net/buildroot.git
synced 2024-12-11 14:23:52 +08:00
d82a5ade0b
Fix CVE-2020-5291: Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the `bwrap --userns2` option can be used to make the setuid process keep running as root while being traceable. This can in turn be used to gain root permissions. Note that this only affects the combination of bubblewrap in setuid mode (which is typically used when unprivileged user namespaces are not supported) and the support of unprivileged user namespaces. Also update indentation of hash file (two spaces) Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Reviewed-by: Adrian Perez de Castro <aperez@igalia.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
6 lines
227 B
Plaintext
6 lines
227 B
Plaintext
# Locally computed:
|
|
sha256 b9c69b9b1c61a608f34325c8e1a495229bacf6e4a07cbb0c80cf7a814d7ccc03 bubblewrap-0.4.1.tar.xz
|
|
|
|
# Hash for license files:
|
|
sha256 b7993225104d90ddd8024fd838faf300bea5e83d91203eab98e29512acebd69c COPYING
|