Download
| Alert*
oval:org.secpod.oval:def:2500307
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. oval:org.secpod.oval:def:705882 flatpak: Application deployment framework for desktop apps Flatpak could be made to crash or run programs if it received specially crafted input. oval:org.secpod.oval:def:505780 Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix: * flatpak: sandbox escape via spawn portal For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the C ... oval:org.secpod.oval:def:1700555 A flaw was found in Flatpak. The Flatpak portal D-Bus service passes caller-specified environment variables to non-sandboxed processes on the host system, and in particular to the `flatpak run` command that is used to launch the new sandbox instance. A malicious or compromised Flatpak app could set ... oval:org.secpod.oval:def:89046935 This update for flatpak fixes the following issues: - CVE-2021-21381: Fixed an issue where a sandboxed application could read and write arbitrary host files via special tokens in the .desktop file . - CVE-2021-21261: Fixed a sandbox escape issue via the flatpak-portal service . Non-security fixes: - ... oval:org.secpod.oval:def:70370 flatpak: Application deployment framework for desktop apps Flatpak could be made to crash or run programs if it received specially crafted input. oval:org.secpod.oval:def:505787 Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix: * flatpak: sandbox escape via spawn portal For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the C ... oval:org.secpod.oval:def:1504620 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:69850 Simon McVittie discovered a bug in the flatpak-portal service that can allow sandboxed applications to execute arbitrary code on the host system . The Flatpak portal D-Bus service allows apps in a Flatpak sandbox to launch their own subprocesses in a new sandbox instance, either with the same secur ... oval:org.secpod.oval:def:89049451 This update for flatpak, libostree, xdg-desktop-portal, xdg-desktop-portal-gtk fixes the following issues: libostree: Update to version 2020.8 - Enable LTO. - This update contains scalability improvements and bugfixes. - Caching-related HTTP headers are now supported on summaries and signatures, so ... oval:org.secpod.oval:def:605395 Simon McVittie discovered a bug in the flatpak-portal service that can allow sandboxed applications to execute arbitrary code on the host system . The Flatpak portal D-Bus service allows apps in a Flatpak sandbox to launch their own subprocesses in a new sandbox instance, either with the same secur ... oval:org.secpod.oval:def:1504614 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:69588 Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix: * flatpak: sandbox escape via spawn portal For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the C ... oval:org.secpod.oval:def:205838 Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix: * flatpak: sandbox escape via spawn portal For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the C ... oval:org.secpod.oval:def:89047029 This update for flatpak fixes the following issues: - CVE-2021-41133: Fixed sandbox bypass via recent syscalls . - CVE-2021-43860: Fixed metadata validation . |