Alerts This Week
Warning Icon 1 566
Alerts This Week
Warning Icon 1 566

Ubuntu 20.04 LTS USN-4951-1: Critical Flatpak Access Risk Advisory

Calendar May 12, 2021 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory access control application update update instructions file access ubuntu risk mitigation file permission access risk application framework flatpak
A Flatpak application could access files that it would not normally be permitted to access. 
=========================================================================Ubuntu Security Notice USN-4951-1
May 12, 2021

flatpak vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

A Flatpak application could access files that it would not normally
be permitted to access.

Software Description:
- flatpak: Application deployment framework for desktop apps

Details:

Anton Lydike discovered that Flatpak did not properly handle special tokens
in desktop files. An attacker could use this to specially craft a Flatpak
application that could escape sandbox confinement.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
  flatpak                         1.8.2-1ubuntu0.2
  libflatpak0                     1.8.2-1ubuntu0.2

Ubuntu 20.04 LTS:
  flatpak                         1.6.5-0ubuntu0.3
  libflatpak0                     1.6.5-0ubuntu0.3

Ubuntu 18.04 LTS:
  flatpak                         1.0.9-0ubuntu0.3
  libflatpak0                     1.0.9-0ubuntu0.3

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-4951-1
  CVE-2021-21381

Package Information:
  https://launchpad.net/ubuntu/+source/flatpak/1.8.2-1ubuntu0.2
  https://launchpad.net/ubuntu/+source/flatpak/1.6.5-0ubuntu0.3
  https://launchpad.net/ubuntu/+source/flatpak/1.0.9-0ubuntu0.3

Ubuntu 20.04 LTS USN-4951-1: Critical Flatpak Access Risk Advisory

ubuntu
Calendar Grey May 12, 2021
Dist Ubuntu Esm H88
Security Alert USN-5002-2 addresses a Snap vulnerability permitting unauthorized data exposure on Linux distributions.
A Flatpak application could access files that it would not normally be permitted to access.

Summary

Topics%20covered

Topics Covered

security advisory access control application update update instructions file access ubuntu risk mitigation file permission access risk application framework flatpak

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10: flatpak 1.8.2-1ubuntu0.2 libflatpak0 1.8.2-1ubuntu0.2 Ubuntu 20.04 LTS: flatpak 1.6.5-0ubuntu0.3 libflatpak0 1.6.5-0ubuntu0.3 Ubuntu 18.04 LTS: flatpak 1.0.9-0ubuntu0.3 libflatpak0 1.0.9-0ubuntu0.3 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4951-1

CVE-2021-21381

Severity
critical
Lowest
Low
Medium
High
Critical

May 12, 2021

Topics%20covered

Topics Covered

security advisory access control application update update instructions file access ubuntu risk mitigation file permission access risk application framework flatpak

Package Information

https://launchpad.net/ubuntu/+source/flatpak/1.8.2-1ubuntu0.2 https://launchpad.net/ubuntu/+source/flatpak/1.6.5-0ubuntu0.3 https://launchpad.net/ubuntu/+source/flatpak/1.0.9-0ubuntu0.3

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here