Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Ubuntu 20.04 LTS USN-4951-1: Critical Flatpak Access Risk Advisory

ubuntu
Calendar Grey May 12, 2021
Dist Ubuntu Esm H88
Security Alert USN-5002-2 addresses a Snap vulnerability permitting unauthorized data exposure on Linux distributions.
A Flatpak application could access files that it would not normally be permitted to access.

Summary

A Flatpak application could access files that it would not normally

be permitted to access.

Software Description:

- flatpak: Application deployment framework for desktop apps

Details:

Anton Lydike discovered that Flatpak did not properly handle special tokens

in desktop files. An attacker could use this to specially craft a Flatpak

application that could escape sandbox confinement.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
  flatpak                         1.8.2-1ubuntu0.2
  libflatpak0                     1.8.2-1ubuntu0.2

Ubuntu 20.04 LTS:
  flatpak                         1.6.5-0ubuntu0.3
  libflatpak0                     1.6.5-0ubuntu0.3

Ubuntu 18.04 LTS:
  flatpak                         1.0.9-0ubuntu0.3
  libflatpak0                     1.0.9-0ubuntu0.3

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4951-1

CVE-2021-21381

Severity
critical
Lowest
Low
Medium
High
Critical

May 12, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here