A Flatpak application could access files that it would not normally
be permitted to access.
Software Description:
- flatpak: Application deployment framework for desktop apps
Details:
Anton Lydike discovered that Flatpak did not properly handle special tokens
in desktop files. An attacker could use this to specially craft a Flatpak
application that could escape sandbox confinement.
The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10: flatpak 1.8.2-1ubuntu0.2 libflatpak0 1.8.2-1ubuntu0.2 Ubuntu 20.04 LTS: flatpak 1.6.5-0ubuntu0.3 libflatpak0 1.6.5-0ubuntu0.3 Ubuntu 18.04 LTS: flatpak 1.0.9-0ubuntu0.3 libflatpak0 1.0.9-0ubuntu0.3 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-4951-1
CVE-2021-21381
Get the latest Linux and open source security news straight to your inbox.