Should I keep using the version of firejail available in my distro repos? Or should I download the .deb from the official site?

[firejailaddssecuirty]

Hi,
I am using Ubuntu 20.04. I have installed firejail from the default repos using apt.
The version of firejail which is available in the Ubuntu 20.04 repos is 0.9.62.
I see the Firejail current release is 0.9.66 while the Firejail Long Term Support is 0.9.56.2-LTS.

Source: https://firejail.wordpress.com/download-2/

Is it acceptable from a security angle if I keep using 0.9.62?
Or should I download a .deb? If yes then which one is more suitable for me the current release or the LTS release? I am paranoid about security.

[rusty-snake]

Is it acceptable from a security angle if I keep using 0.9.62 ?

If they didn't patched it, your firejail version is vulnerable to CVE-2021-26910, CVE-2020-17367 and
CVE-2020-17368. IDK what ubu has patched and what not but I really don't expect anything from ubuntu, especially LTS.

In general it isn't a security problem to use old firejail version (as long as CVE get pacthed). However newer firejail versions have more/better profile and new hardening features (like dbus filtering in 0.9.64).

Or should I download a .deb ?

apt uses .deb too 😉. If you want a newer version, you should use the PPA.

My recommendation: Use the backports version if you're on debian, the PPA if you're on ubuntu (and don't use ubuntu).

[reinerh]

https://wiki.ubuntu.com/SecurityTeam/FAQ

What software is supported by the Ubuntu Security team?
Ubuntu is currently divided into four components: main, restricted, universe and multiverse. All binary packages in main and restricted are supported by the Ubuntu Security team for the life of an Ubuntu release, while binary packages in universe and multiverse are supported by the Ubuntu community.

[firejailaddssecuirty]

The PPA that @rusty-snake mentioned who actually maintains it ? If @netblue30 is the maintainer why is the PPA not mentioned as a possible installation method here >>> https://github.com/netblue30/firejail ??

[kmk3]

@firejailaddssecuirty on Nov 3:

The PPA that @rusty-snake mentioned who actually maintains it ? If @netblue30
is the maintainer why is the PPA not mentioned as a possible installation
method here >>> https://github.com/netblue30/firejail ??

See #4663.

I think we could make it clearer on README.md that the PPA should always be
used on Ubuntu (if I understand it correctly), especially given how many times
similar questions have come up. I'll send a PR later.

[rusty-snake]

The PPA that @rusty-snake mentioned who actually maintains it ?

@reinerh maintains the Ubuntu PPA and the Debian package.

[kmk3]

@kmk3 on Nov 4

@firejailaddssecuirty on Nov 3:

The PPA that @rusty-snake mentioned who actually maintains it ? If @netblue30
is the maintainer why is the PPA not mentioned as a possible installation
method here >>> https://github.com/netblue30/firejail ??

See #4663.

I think we could make it clearer on README.md that the PPA should always be
used on Ubuntu (if I understand it correctly), especially given how many
times similar questions have come up. I'll send a PR later.

Done: #4748.

[firejailaddssecuirty]

I am no longer using Ubuntu. I have installed EndeavourOS.
This is the firejail version that is in the default repos:

$ firejail --version
firejail version 0.9.66