Alpine: firejail: security update to 0.9.44.2-r1 (deprecated)

critical Tenable Self-Hosted Container Security Plugin ID 400938

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case
during its attempt to prevent accessing user files with an euid of zero, which allows local users to
conduct sandbox-escape attacks via vectors involving a symlink and the --private option. (CVE-2017-5180)

- Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, allows context-dependent attackers to
bypass a seccomp-based sandbox protection mechanism via the --allow-debuggers argument. (CVE-2017-5206)

- Firejail before 0.9.44.4, when running a bandwidth command, allows local users to gain root privileges via
the --shell argument. (CVE-2017-5207)

See Also

https://git.alpinelinux.org/aports/commit/?id=00813d387cd54a49a42860ae3385257770547cb3

https://git.alpinelinux.org/aports/commit/?id=c9c719c803587aae6ef3abb096ab27c1c8c1a791

Plugin Details

Severity: Critical

ID: 400938

Version: Revision 1.23

Type: Local

Published: 8/16/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 5

Percentile: 95.11

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2017-5207

CVSS v3

Risk Factor: Critical

Base Score: 9

Temporal Score: 8.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2017-5206

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/11/2017

Vulnerability Publication Date: 1/4/2017

Reference Information

CVE: CVE-2017-5180, CVE-2017-5206, CVE-2017-5207

BID: 95298, 97120, 97385