Описание
ELSA-2024-6422: bubblewrap and flatpak security update (IMPORTANT)
bubblewrap [0.4.0-2]
- Backport upstream fix to help address CVE-2024-42472 in flatpak
flatpak [1.12.9-3]
- Fix previous changelog entry
[1.12.9-2]
- Backport upstream patches for CVE-2024-42472
- Require bubblewrap version that has new --bind-fd option backported for addressing CVE-2024-42472
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
bubblewrap
0.4.0-2.el8_10
flatpak
1.12.9-3.el8_10
flatpak-devel
1.12.9-3.el8_10
flatpak-libs
1.12.9-3.el8_10
flatpak-selinux
1.12.9-3.el8_10
flatpak-session-helper
1.12.9-3.el8_10
Oracle Linux x86_64
bubblewrap
0.4.0-2.el8_10
flatpak
1.12.9-3.el8_10
flatpak-devel
1.12.9-3.el8_10
flatpak-libs
1.12.9-3.el8_10
flatpak-selinux
1.12.9-3.el8_10
flatpak-session-helper
1.12.9-3.el8_10
Связанные CVE
Связанные уязвимости
Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app using persistent directories could access and write files outside of what it would otherwise have access to, which is an attack on integrity and confidentiality. When `persistent=subdir` is used in the application permissions (represented as `--persist=subdir` in the command-line interface), that means that an application which otherwise doesn't have access to the real user home directory will see an empty home directory with a writeable subdirectory `subdir`. Behind the scenes, this directory is actually a bind mount and the data is stored in the per-application directory as `~/.var/app/$APPID/subdir`. This allows existing apps that are not aware of the per-application directory to still work as intended without general home directory access. However, the application does have write access to the application directory `~/.var/app/$APPI...
Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app using persistent directories could access and write files outside of what it would otherwise have access to, which is an attack on integrity and confidentiality. When `persistent=subdir` is used in the application permissions (represented as `--persist=subdir` in the command-line interface), that means that an application which otherwise doesn't have access to the real user home directory will see an empty home directory with a writeable subdirectory `subdir`. Behind the scenes, this directory is actually a bind mount and the data is stored in the per-application directory as `~/.var/app/$APPID/subdir`. This allows existing apps that are not aware of the per-application directory to still work as intended without general home directory access. However, the application does have write access to the application directory `~/.var/app/$APPID`...
Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app using persistent directories could access and write files outside of what it would otherwise have access to, which is an attack on integrity and confidentiality. When `persistent=subdir` is used in the application permissions (represented as `--persist=subdir` in the command-line interface), that means that an application which otherwise doesn't have access to the real user home directory will see an empty home directory with a writeable subdirectory `subdir`. Behind the scenes, this directory is actually a bind mount and the data is stored in the per-application directory as `~/.var/app/$APPID/subdir`. This allows existing apps that are not aware of the per-application directory to still work as intended without general home directory access. However, the application does have write access to the application directory `~/.var/app/$APPID`
Flatpak is a Linux application sandboxing and distribution framework. ...
