MGASA-2021-0143
- Source
- https://advisories.mageia.org/MGASA-2021-0143.html
- Import Source
- https://advisories.mageia.org/MGASA-2021-0143.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2021-0143
- Related
- Published
- 2021-03-18T09:56:09Z
- Modified
- 2021-03-18T09:05:32Z
- Summary
- Updated flatpak packages fix security vulnerabilities
- Details
-
Sandbox escape where a malicious application can execute code outside the sandbox by controlling the environment of the "flatpak run" command when spawning a sub-sandbox (CVE-2021-21261).
A potential attack where a flatpak application could use custom formatted .desktop files to gain access to files on the host system (CVE-2021-21381).
The update also removes the unnecessary flatpak-tests subpackage.
- References
-
- https://advisories.mageia.org/MGASA-2021-0143.html
- https://bugs.mageia.org/show_bug.cgi?id=27126
- https://bugs.mageia.org/show_bug.cgi?id=25978
- https://bugs.mageia.org/show_bug.cgi?id=28575
- https://github.com/flatpak/flatpak/security/advisories/GHSA-4ppf-fxf6-vxg2
- https://github.com/flatpak/flatpak/security/advisories/GHSA-xgh4-387p-hqpp
- https://github.com/flatpak/flatpak/issues/4146
- https://github.com/flatpak/flatpak/releases
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2K2Q5P4IIUN2SFJKQKB4UJQ37CE2E55K/
- Credits
-
-
- Mageia - COORDINATOR
-