Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2023:6518

Опубликовано: 10 мая 2024
Источник: rocky
Оценка: Moderate

Описание

Moderate: flatpak security, bug fix, and enhancement update

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.

The following packages have been upgraded to a later upstream version: flatpak (1.12.8). (BZ#2221792)

Security Fix(es):

  • flatpak: TIOCLINUX can send commands outside sandbox if running on a virtual console (CVE-2023-28100)

  • flatpak: Metadata with ANSI control codes can cause misleading terminal output (CVE-2023-28101)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 9.3 Release Notes linked from the References section.

Затронутые продукты

  • Rocky Linux 9

НаименованиеАрхитектураРелизRPM
flatpakx86_641.el9flatpak-1.12.8-1.el9.x86_64.rpm
flatpak-libsx86_641.el9flatpak-libs-1.12.8-1.el9.x86_64.rpm
flatpak-selinuxnoarch1.el9flatpak-selinux-1.12.8-1.el9.noarch.rpm
flatpak-session-helperx86_641.el9flatpak-session-helper-1.12.8-1.el9.x86_64.rpm

Показывать по

Связанные CVE

CVE-2023-28100
CVE-2023-28101

Ссылки на источники

Исправления

Связанные уязвимости

suse-cvrf логотип

SUSE-SU-2023:1715-1

suse-cvrf
около 2 лет назад

Security update for flatpak

suse-cvrf логотип

SUSE-SU-2023:1714-1

suse-cvrf
около 2 лет назад

Security update for flatpak

suse-cvrf логотип

SUSE-SU-2023:1713-1

suse-cvrf
около 2 лет назад

Security update for flatpak

suse-cvrf логотип

SUSE-SU-2023:1712-1

suse-cvrf
около 2 лет назад

Security update for flatpak

redos логотип

ROS-20240627-04

CVSS3: 6.5
redos
около 1 года назад

Множественные уязвимости flatpak