MGASA-2022-0131
- Source
- https://advisories.mageia.org/MGASA-2022-0131.html
- Import Source
- https://advisories.mageia.org/MGASA-2022-0131.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2022-0131
- Related
- Published
- 2022-04-09T21:20:39Z
- Modified
- 2022-04-09T20:35:42Z
- Summary
- Updated flatpak packages fix security vulnerability
- Details
-
Flatpak doesn't properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to the app at runtime, in the case that there's a null byte in the metadata file of an app. (CVE-2021-43860) Path traversal vulnerability (CVE-2022-21682) Various other fixes and enhancements included in update to version 1.12.7.
- References
-
- https://advisories.mageia.org/MGASA-2022-0131.html
- https://bugs.mageia.org/show_bug.cgi?id=29885
- https://github.com/flatpak/flatpak/security/advisories/GHSA-qpjc-vq3c-572j
- https://github.com/flatpak/flatpak/security/advisories/GHSA-8ch7-5j3h-g4fx
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/APFTBYGJJVJPFVHRXUW5PII5XOAFI4KH/
- https://github.com/flatpak/flatpak/releases/tag/1.10.7
- https://github.com/flatpak/flatpak/releases/tag/1.12.4
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/G4SGDDYLN2BFKCHIDCXL2QTDVHPMZZM4/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IXKBERLJRYV7KXKGXOLI6IOXVBQNN4DP/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UELF5NVMHRQ45DEBIRQGIVCV4PADFC37/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/F46WFOXXRE63UMMTLQB2FOJT4KLI5AR7/
- https://github.com/flatpak/flatpak/releases/tag/1.12.5
- https://github.com/flatpak/flatpak/releases/tag/1.12.6
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/T4OG73MX3JPZBHYMUXUULPTVL7ZOOTZ5/
- https://github.com/flatpak/flatpak/releases/tag/1.12.7
- Credits
-
-
- Mageia - COORDINATOR
-