Stay Secure with the Latest Linux Advisories

security advisorycriticalFedora

Fedora 34: Critical Flatpak Sandbox Escape Vulnerability on 2021-01-19

This is a security update that fixes a sandbox escape where a malicious application can execute code outside the sandbox by controlling the environment of the "flatpak run" command when spawning a sub-sandbox. See the advisory for details: https://github.com/flatpak/flatpak/security/advisories/GHSA-4ppf-fxf6-vxg2. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-f807eb480a 2021-01-19 01:50:48.910487 --------------------------------------------------------------------------------Name : flatpak Product : Fedora 32 Version : 1.8.5 Release : 1.fc32 URL : https://flatpak.org/ Summary : Application deployment framework for desktop apps Description : flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information. --------------------------------------------------------------------------------Update Information: This is a security update that fixes a sandbox escape where a malicious application can execute code outside the sandbox by controlling the environment of the "flatpak run" command when spawning a sub-sandbox. See the advisory for details: https://github.com/flatpak/flatpak/security/advisories/GHSA-4ppf-fxf6-vxg2 --------------------------------------------------------------------------------ChangeLog: * Thu Jan 14 2021 Kalev Lember - 1.8.5-1 - Update to 1.8.5 * Wed Nov 18 2020 David King - 1.8.3-2 - Drop obsolete Requires on system-release --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-f807eb480a' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys usedby the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Fedora security patch issued to close sandbox vulnerability in flatpak, thwarting execution of harmful application scripts.. Fedora Update, Flatpak Escape, Critical Security Update. . Severity: Critical. LinuxSecurity.com Team

Jan 18, 2021 •Critical Fedora