Download
| Alert*
oval:org.secpod.oval:def:89046935
This update for flatpak fixes the following issues: - CVE-2021-21381: Fixed an issue where a sandboxed application could read and write arbitrary host files via special tokens in the .desktop file . - CVE-2021-21261: Fixed a sandbox escape issue via the flatpak-portal service . Non-security fixes: - ... oval:org.secpod.oval:def:706004 flatpak: Application deployment framework for desktop apps A Flatpak application could access files that it would not normally be permitted to access. oval:org.secpod.oval:def:1504817 [1.6.2-6] - Fix CVE-2021-21381 oval:org.secpod.oval:def:1504805 [1.0.9-11] - Fix CVE-2021-21381 oval:org.secpod.oval:def:70633 Anton Lydike discovered that sandbox restrictions in Flatpak, an application deployment framework for desktop apps, could by bypassed via a malicious .desktop file. oval:org.secpod.oval:def:605459 Anton Lydike discovered that sandbox restrictions in Flatpak, an application deployment framework for desktop apps, could by bypassed via a malicious .desktop file. oval:org.secpod.oval:def:506012 Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix: * flatpak: file forwarding feature can be used to gain unprivileged access to files For more details about the security issue, including the impact, a CVSS score, acknowledgments, and ... oval:org.secpod.oval:def:71253 Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix: * flatpak: file forwarding feature can be used to gain unprivileged access to files For more details about the security issue, including the impact, a CVSS score, acknowledgments, and ... oval:org.secpod.oval:def:72101 flatpak: Application deployment framework for desktop apps A Flatpak application could access files that it would not normally be permitted to access. oval:org.secpod.oval:def:1700577 A sandbox escape flaw was found in the way flatpak handled special tokens in ".desktop" files. This flaw allows an attacker to gain access to files that are not ordinarily allowed by the app"s permissions. The highest threat from this vulnerability is to confidentiality and integrity oval:org.secpod.oval:def:119596 flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information. oval:org.secpod.oval:def:505996 Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix: * flatpak: file forwarding feature can be used to gain unprivileged access to files For more details about the security issue, including the impact, a CVSS score, acknowledgments, and ... oval:org.secpod.oval:def:205882 Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix: * flatpak: file forwarding feature can be used to gain unprivileged access to files For more details about the security issue, including the impact, a CVSS score, acknowledgments, and ... oval:org.secpod.oval:def:2500347 Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. |