Download
| Alert*
|
oval:org.secpod.oval:def:204882
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix: * flatpak: sandbox escape in D-Bus filtering by a crafted authentication handshake For more details about the security issue, including the impact, a CVSS score, and other related info ... oval:org.secpod.oval:def:502361 Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix: * flatpak: sandbox escape in D-Bus filtering by a crafted authentication handshake For more details about the security issue, including the impact, a CVSS score, and other related info ... oval:org.secpod.oval:def:1502318 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1700088 It was found that flatpak#039;s D-Bus proxy did not properly filter the access to D-Bus during the authentication protocol. A specially crafted flatpak application could use this flaw to bypass all restrictions imposed by flatpak and have full access to the D-BUS interface. |
