Alerts This Week
Warning Icon 1 560
Alerts This Week
Warning Icon 1 560

Mageia 8: 2023-0224 Low: Application Isolation Vulnerabilities

mageia
Calendar Grey March 18, 2021
Dist Mageia Esm H88
Fedora enhances podman to address significant container vulnerabilities and security threats starting April 2021.
Sandbox escape where a malicious application can execute code outside the sandbox by controlling the environment of the "flatpak run" command when spawning a sub-sandbox (CVE-2021-...

Summary

Sandbox escape where a malicious application can execute code outside the sandbox by controlling the environment of the "flatpak run" command when spawning a sub-sandbox (CVE-2021-21261).
A potential attack where a flatpak application could use custom formatted .desktop files to gain access to files on the host system (CVE-2021-21381).
The update also removes the unnecessary flatpak-tests subpackage.

References

- https://bugs.mageia.org/show_bug.cgi?id=27126

- https://bugs.mageia.org/show_bug.cgi?id=25978

- https://bugs.mageia.org/show_bug.cgi?id=28575

- https://github.com/flatpak/flatpak/security/advisories/GHSA-4ppf-fxf6-vxg2

- https://github.com/flatpak/flatpak/security/advisories/GHSA-xgh4-387p-hqpp

- https://github.com/flatpak/flatpak/issues/4146

- https://github.com/flatpak/flatpak/releases

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2K2Q5P4IIUN2SFJKQKB4UJQ37CE2E55K/

- https://www.cve.org/CVERecord?id=CVE-2021-21261

- https://www.cve.org/CVERecord?id=CVE-2021-21381

Topics%20covered

Topics Covered

security advisory security issue code execution moderate severity sandbox escape Mageia flatpak

Resolution

SRPMS

- 7/core/libglib-testing-0.1.0-2.mga7

- 7/core/appstream-glib-0.7.15-1.mga7

- 7/core/malcontent-0.9.0-2.mga7

- 7/core/bubblewrap-0.4.1-1.mga7

- 7/core/ostree-2020.8-1.mga7

- 7/core/flatpak-1.10.2-1.mga7

- 7/core/gnome-software-3.32.2-2.1.mga7

Severity
low
Lowest
Low
Medium
High
Critical

Publication date: 18 Mar 2021
URL: https://advisories.mageia.org/MGASA-2021-0143.html
Type: security
CVE: CVE-2021-21261, CVE-2021-21381

Topics%20covered

Topics Covered

security advisory security issue code execution moderate severity sandbox escape Mageia flatpak

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here