--------------------------------------------------------------------------------Fedora Update Notification
FEDORA-2018-009a65a873
2018-11-14 03:11:43.672850
--------------------------------------------------------------------------------Name        : flatpak
Product     : Fedora 29
Version     : 1.0.5
Release     : 2.fc29
URL         : https://flatpak.org/
Summary     : Application deployment framework for desktop apps
Description :
flatpak is a system for building, distributing and running sandboxed desktop
applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for
more information.

--------------------------------------------------------------------------------Update Information:

flatpak 1.0.5 release.  There was a sandbox bug in the previous version where
parts of the runtime /etc was not mounted read-only. In case the runtime was
installed as the user (not the default) this means that the app could modify
files on the runtime. Nothing in the host uses the runtime files, so this is not
a direct sandbox escape, but it is possible that an app can confuse a different
app that has higher permissions and so gain privileges.  Detailed changes:   *
Make the /etc -> /usr/etc bind-mounts read-only.  * Make various app-specific
configuration files read-only.  * flatpak is more picky about remote names to
avoid problems with storing weird names in the ostree config.  * A segfault in
libflatpak handling of bundles was fixed.  * Updated translations  * Fixed a
regression in flatpak run that caused problems running user-installed apps when
the system installation was broken.  In addition to upstream changes, this
update also fixes a packaging issue and adds a missing dependency on p11-kit-server to fix accessing host TLS certificates.
--------------------------------------------------------------------------------ChangeLog:

* Mon Nov 12 2018 Kalev Lember  - 1.0.5-2
- Recommend p11-kit-server instead of just p11-kit (#1649049)
* Mon Nov 12 2018 Kalev Lember  - 1.0.5-1
- Update to 1.0.5
* Fri Oct 12 2018 Kalev Lember  - 1.0.4-1
- Update to 1.0.4
--------------------------------------------------------------------------------References:

  [ 1 ] Bug #1649049 - missing dependency on p11-kit-server
        https://bugzilla.redhat.com/show_bug.cgi?id=1649049
--------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-009a65a873' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

Fedora 29: flatpak Security Update 2018-009a65a873

November 14, 2018
flatpak 1.0.5 release

Summary

flatpak is a system for building, distributing and running sandboxed desktop

applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for

more information.

flatpak 1.0.5 release. There was a sandbox bug in the previous version where

parts of the runtime /etc was not mounted read-only. In case the runtime was

installed as the user (not the default) this means that the app could modify

files on the runtime. Nothing in the host uses the runtime files, so this is not

a direct sandbox escape, but it is possible that an app can confuse a different

app that has higher permissions and so gain privileges. Detailed changes: *

Make the /etc -> /usr/etc bind-mounts read-only. * Make various app-specific

configuration files read-only. * flatpak is more picky about remote names to

avoid problems with storing weird names in the ostree config. * A segfault in

libflatpak handling of bundles was fixed. * Updated translations * Fixed a

regression in flatpak run that caused problems running user-installed apps when

the system installation was broken. In addition to upstream changes, this

update also fixes a packaging issue and adds a missing dependency on p11-kit-server to fix accessing host TLS certificates.

* Mon Nov 12 2018 Kalev Lember - 1.0.5-2

- Recommend p11-kit-server instead of just p11-kit (#1649049)

* Mon Nov 12 2018 Kalev Lember - 1.0.5-1

- Update to 1.0.5

* Fri Oct 12 2018 Kalev Lember - 1.0.4-1

- Update to 1.0.4

[ 1 ] Bug #1649049 - missing dependency on p11-kit-server

https://bugzilla.redhat.com/show_bug.cgi?id=1649049

su -c 'dnf upgrade --advisory FEDORA-2018-009a65a873' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

FEDORA-2018-009a65a873 2018-11-14 03:11:43.672850 Product : Fedora 29 Version : 1.0.5 Release : 2.fc29 URL : https://flatpak.org/ Summary : Application deployment framework for desktop apps Description : flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information. flatpak 1.0.5 release. There was a sandbox bug in the previous version where parts of the runtime /etc was not mounted read-only. In case the runtime was installed as the user (not the default) this means that the app could modify files on the runtime. Nothing in the host uses the runtime files, so this is not a direct sandbox escape, but it is possible that an app can confuse a different app that has higher permissions and so gain privileges. Detailed changes: * Make the /etc -> /usr/etc bind-mounts read-only. * Make various app-specific configuration files read-only. * flatpak is more picky about remote names to avoid problems with storing weird names in the ostree config. * A segfault in libflatpak handling of bundles was fixed. * Updated translations * Fixed a regression in flatpak run that caused problems running user-installed apps when the system installation was broken. In addition to upstream changes, this update also fixes a packaging issue and adds a missing dependency on p11-kit-server to fix accessing host TLS certificates. * Mon Nov 12 2018 Kalev Lember - 1.0.5-2 - Recommend p11-kit-server instead of just p11-kit (#1649049) * Mon Nov 12 2018 Kalev Lember - 1.0.5-1 - Update to 1.0.5 * Fri Oct 12 2018 Kalev Lember - 1.0.4-1 - Update to 1.0.4 [ 1 ] Bug #1649049 - missing dependency on p11-kit-server https://bugzilla.redhat.com/show_bug.cgi?id=1649049 su -c 'dnf upgrade --advisory FEDORA-2018-009a65a873' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

Change Log

References

Update Instructions

Severity
Product : Fedora 29
Version : 1.0.5
Release : 2.fc29
URL : https://flatpak.org/
Summary : Application deployment framework for desktop apps

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved