Fedora 39: Security Advisory for Bubblewrap Update - CVE-2024-42472
fedora
September 15, 2024
flatpak 1.15.10 and bubblewrap 0.10.0 updates, which together fix CVE-2024-42472 in Flatpak.
Summary
Bubblewrap (/usr/bin/bwrap) is a core execution engine for unprivileged
containers that works as a setuid binary on kernels without
user namespaces.
Update Information:
flatpak 1.15.10 and bubblewrap 0.10.0 updates, which together fix CVE-2024-42472 in Flatpak.
Topics Covered
Change Log
* Thu Aug 22 2024 Debarshi Ray
References
[ 1 ] Bug #2271977 - bubblewrap-0.10.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2271977
[ 2 ] Bug #2299621 - flatpak-1.15.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2299621
[ 3 ] Bug #2305286 - CVE-2024-42472 flatpak: Access to files outside sandbox for apps using persistent= (--persist) [fedora-39]
https://bugzilla.redhat.com/show_bug.cgi?id=2305286
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-03fd821ae2' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Name: bubblewrap
Product: Fedora 39
Version: 0.10.0
Release: 1.fc39
Summary: Core execution tool for unprivileged containers
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!