Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1.10.6, Flatpak doesn't properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to the app at runtime, in the case that there's a null byte in the metadata file of an app. Therefore apps can grant themselves permissions without the ...
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix: * flatpak: Permissions granted to applications can be hidden from the user at install time For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Additional ...
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix: * flatpak: Permissions granted to applications can be hidden from the user at install time For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Additional ...
flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information.
flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information.
Several vulnerabilities were discovered in Flatpak, an application deployment framework for desktop apps. CVE-2021-43860 Ryan Gonzalez discovered that Flatpak didn"t properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to the app at runtime. Malicious apps could therefore grant themselves permissions without the consent of the ...
This update for flatpak fixes the following issues: Update to flatpak 1.10.7: - CVE-2022-21682: Introduce new option --nofilesystem=host:reset to support flatpak-builder 1.2.2 . - CVE-2021-43860: A malicious repository could hav sent invalid application metadata in a way that hides some of the app permissions displayed during installation .
This update for flatpak fixes the following issues: - CVE-2021-41133: Fixed sandbox bypass via recent syscalls . - CVE-2021-43860: Fixed metadata validation .