Download
| Alert*
oval:org.secpod.oval:def:116049
flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information. oval:org.secpod.oval:def:502611 Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix: * flatpak: potential /proc based sandbox escape For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to ... oval:org.secpod.oval:def:1700147 Earlier versions of flatpak exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file. oval:org.secpod.oval:def:1502446 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:603635 It was discovered that Flatpak, an application deployment framework for desktop apps, insufficiently restricted the execution of apply_extra scripts which could potentially result in privilege escalation. oval:org.secpod.oval:def:205159 Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix: * flatpak: potential /proc based sandbox escape For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to ... oval:org.secpod.oval:def:89050577 This update for flatpak fixes the following issues: Security issues fixed: - CVE-2019-8308: Fixed a potential sandbox escape via /proc . - CVE-2019-11460: Fixed a compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl . - CVE-2019-11461: Fix ... |