--------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-bd651734da 2018-02-06 15:24:55.359844 --------------------------------------------------------------------------------Name : flatpak Product : Fedora 27 Version : 0.10.3 Release : 1.fc27 URL : https://flatpak.org/ Summary : Application deployment framework for desktop apps Description : flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information. --------------------------------------------------------------------------------Update Information: This is a security fix release that fixes a sandbox escape in the flatpak dbus proxy. This issue was found by Gabriel Campana of The Google Security Team. Major changes in 0.10.3 * Fix dbus proxy vulnerability in authentication phase * Make permission handling ignore unknown permissions for forwards compatibility * Removed incorrect error message in update --appdata when ther was no updates * Fix handling of abort in the duplicate remote prompt * Fix division by zero in progress calculation * Fix flatpak remote-info --show-metadata --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade flatpak' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora 27: flatpak Security Update 2018-bd651734da
February 6, 2018
This is a security fix release that fixes a sandbox escape in the flatpak dbus proxy
Summary
flatpak is a system for building, distributing and running sandboxed desktop
applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for
more information.
This is a security fix release that fixes a sandbox escape in the flatpak dbus
proxy. This issue was found by Gabriel Campana of The Google Security Team.
Major changes in 0.10.3 * Fix dbus proxy vulnerability in authentication phase
* Make permission handling ignore unknown permissions for forwards
compatibility * Removed incorrect error message in update --appdata when ther
was no updates * Fix handling of abort in the duplicate remote prompt * Fix
division by zero in progress calculation * Fix flatpak remote-info --show-metadata
su -c 'dnf upgrade flatpak' at the command line.
For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
FEDORA-2018-bd651734da 2018-02-06 15:24:55.359844 Product : Fedora 27 Version : 0.10.3 Release : 1.fc27 URL : https://flatpak.org/ Summary : Application deployment framework for desktop apps Description : flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information. This is a security fix release that fixes a sandbox escape in the flatpak dbus proxy. This issue was found by Gabriel Campana of The Google Security Team. Major changes in 0.10.3 * Fix dbus proxy vulnerability in authentication phase * Make permission handling ignore unknown permissions for forwards compatibility * Removed incorrect error message in update --appdata when ther was no updates * Fix handling of abort in the duplicate remote prompt * Fix division by zero in progress calculation * Fix flatpak remote-info --show-metadata su -c 'dnf upgrade flatpak' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Change Log
References
Update Instructions
Severity
Product : Fedora 27
Version : 0.10.3
Release : 1.fc27
URL : https://flatpak.org/
Summary : Application deployment framework for desktop apps
News
HOWTOs
Features
About Us
Powered By
