Уязвимость инструмента для управления приложениями и средами Flatpak, связанная с неправильной нейтрализацией специальных элементов на выходе, используемых нижестоящим компонентом, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность

Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app using persistent directories could access and write files outside of what it would otherwise have access to, which is an attack on integrity and confidentiality. When `persistent=subdir` is used in the application permissions (represented as `--persist=subdir` in the command-line interface), that means that an application which otherwise doesn't have access to the real user home directory will see an empty home directory with a writeable subdirectory `subdir`. Behind the scenes, this directory is actually a bind mount and the data is stored in the per-application directory as `~/.var/app/$APPID/subdir`. This allows existing apps that are not aware of the per-application directory to still work as intended without general home directory access. However, the application does have write access to the application directory `~/.var/app/$APPID`...

Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app using persistent directories could access and write files outside of what it would otherwise have access to, which is an attack on integrity and confidentiality. When `persistent=subdir` is used in the application permissions (represented as `--persist=subdir` in the command-line interface), that means that an application which otherwise doesn't have access to the real user home directory will see an empty home directory with a writeable subdirectory `subdir`. Behind the scenes, this directory is actually a bind mount and the data is stored in the per-application directory as `~/.var/app/$APPID/subdir`. This allows existing apps that are not aware of the per-application directory to still work as intended without general home directory access. However, the application does have write access to the application directory `~/.var/app/$APPID`...

Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app using persistent directories could access and write files outside of what it would otherwise have access to, which is an attack on integrity and confidentiality. When `persistent=subdir` is used in the application permissions (represented as `--persist=subdir` in the command-line interface), that means that an application which otherwise doesn't have access to the real user home directory will see an empty home directory with a writeable subdirectory `subdir`. Behind the scenes, this directory is actually a bind mount and the data is stored in the per-application directory as `~/.var/app/$APPID/subdir`. This allows existing apps that are not aware of the per-application directory to still work as intended without general home directory access. However, the application does have write access to the application directory `~/.var/app/$APPID`

Flatpak is a Linux application sandboxing and distribution framework. ...

Security update for bubblewrap and flatpak

Security update for bubblewrap and flatpak

Security update for bubblewrap and flatpak

Уязвимость bubblewrap

Уязвимость flatpak

Important: bubblewrap and flatpak security update

Important: bubblewrap and flatpak security update

ELSA-2024-9449: bubblewrap and flatpak security update (IMPORTANT)

ELSA-2024-6422: bubblewrap and flatpak security update (IMPORTANT)

ELSA-2024-6417: flatpak security update (IMPORTANT)

ELSA-2024-6356: bubblewrap and flatpak security update (IMPORTANT)

Recommended update for bubblewrap, flatpak, wayland-protocols