diff options
author | Kåre Thor Olsen <kaare@nightcall.dk> | 2021-10-14 09:47:33 +0200 |
---|---|---|
committer | Kåre Thor Olsen <kaare@nightcall.dk> | 2021-10-14 09:47:33 +0200 |
commit | 5004ac5f8a314d76777de79849730426b3f783fc (patch) | |
tree | cbdc2465c4c5d8620e009ac3443fb2f4b1374abf | |
parent | 8f17b3f07826d620978215444d12afa62a576b99 (diff) |
[SECURITY] [DSA 4984-1] flatpak security update
-rw-r--r-- | english/security/2021/dsa-4984.data | 13 | ||||
-rw-r--r-- | english/security/2021/dsa-4984.wml | 26 |
2 files changed, 39 insertions, 0 deletions
diff --git a/english/security/2021/dsa-4984.data b/english/security/2021/dsa-4984.data new file mode 100644 index 00000000000..b83cff21790 --- /dev/null +++ b/english/security/2021/dsa-4984.data @@ -0,0 +1,13 @@ +<define-tag pagetitle>DSA-4984-1 flatpak</define-tag> +<define-tag report_date>2021-10-12</define-tag> +<define-tag secrefs>CVE-2021-41133 Bug#995935</define-tag> +<define-tag packages>flatpak</define-tag> +<define-tag isvulnerable>yes</define-tag> +<define-tag fixed>yes</define-tag> +<define-tag fixed-section>no</define-tag> + +#use wml::debian::security + + + +</dl> diff --git a/english/security/2021/dsa-4984.wml b/english/security/2021/dsa-4984.wml new file mode 100644 index 00000000000..cea9bb42995 --- /dev/null +++ b/english/security/2021/dsa-4984.wml @@ -0,0 +1,26 @@ +<define-tag description>security update</define-tag> +<define-tag moreinfo> +<p>It was discovered that sandbox restrictions in Flatpak, an application +deployment framework for desktop apps, could be bypassed for a Flatpak +app with direct access to AF_UNIX sockets, by manipulating the VFS using +mount-related syscalls that are not blocked by Flatpak's denylist +seccomp filter.</p> + +<p>Details can be found in the upstream advisory at +<a href="https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q">\ +https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q</a></p> + +<p>For the stable distribution (bullseye), this problem has been fixed in +version 1.10.5-0+deb11u1.</p> + +<p>We recommend that you upgrade your flatpak packages.</p> + +<p>For the detailed security status of flatpak please refer to its security +tracker page at: +<a href="https://security-tracker.debian.org/tracker/flatpak">\ +https://security-tracker.debian.org/tracker/flatpak</a></p> +</define-tag> + +# do not modify the following line +#include "$(ENGLISHDIR)/security/2021/dsa-4984.data" +# $Id: $ |