Alerts This Week
Warning Icon 1 1,529
Alerts This Week
Warning Icon 1 1,529

Ubuntu 21.10 Security Advisory: USN-5191-1 Critical Flatpak Escape

ubuntu
Calendar Grey December 14, 2021
Dist Ubuntu Esm H88
Ubuntu Security Notice USN-5200-1 addresses a Docker vulnerability that may result in privilege escalation within containerized settings.
A system hardening measure could be bypassed.

Summary

A system hardening measure could be bypassed.

Software Description:

- flatpak: Application deployment framework for desktop apps

Details:

It was discovered that Flatpak incorrectly handled certain AF_UNIX sockets.

An attacker could use this to specially craft a Flatpak application that

could escape sandbox confinement.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.10:
  flatpak                         1.10.2-3ubuntu0.1
  libflatpak0                     1.10.2-3ubuntu0.1

Ubuntu 21.04:
  flatpak                         1.10.2-1ubuntu1.1
  libflatpak0                     1.10.2-1ubuntu1.1

Ubuntu 20.04 LTS:
  flatpak                         1.6.5-0ubuntu0.4
  libflatpak0                     1.6.5-0ubuntu0.4

Ubuntu 18.04 LTS:
  flatpak                         1.0.9-0ubuntu0.4
  libflatpak0                     1.0.9-0ubuntu0.4

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5191-1

CVE-2021-41133

Severity
critical
Lowest
Low
Medium
High
Critical

December 14, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here