Lucene search
AlmaLinuxALEA-2021:4539HistoryNov 09, 2021 - 7:26 p.m.
flatpak bug fix and enhancement update
2021-11-0919:26:12
errata.almalinux.org
13
CVSS2
4.6
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
8.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS
0.001
Percentile
17.0%
Flatpak is a system for building, distributing, and running sandboxed
desktop applications on Linux.
Bug Fix(es) and Enhancement(s):
- CVE-2021-41133 flatpak: sandbox bypass via recent VFS-manipulating
syscalls (BZ#2012868)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| almalinux | 8 | x86_64 | flatpak-devel | < 1.8.5-5.el8_5 | flatpak-devel-1.8.5-5.el8_5.x86_64.rpm |
| almalinux | 8 | i686 | flatpak | < 1.8.5-5.el8_5 | flatpak-1.8.5-5.el8_5.i686.rpm |
| almalinux | 8 | i686 | flatpak-devel | < 1.8.5-5.el8_5 | flatpak-devel-1.8.5-5.el8_5.i686.rpm |
| almalinux | 8 | i686 | flatpak-session-helper | < 1.8.5-5.el8_5 | flatpak-session-helper-1.8.5-5.el8_5.i686.rpm |
| almalinux | 8 | x86_64 | flatpak-session-helper | < 1.8.5-5.el8_5 | flatpak-session-helper-1.8.5-5.el8_5.x86_64.rpm |
| almalinux | 8 | i686 | flatpak-libs | < 1.8.5-5.el8_5 | flatpak-libs-1.8.5-5.el8_5.i686.rpm |
| almalinux | 8 | x86_64 | flatpak | < 1.8.5-5.el8_5 | flatpak-1.8.5-5.el8_5.x86_64.rpm |
| almalinux | 8 | x86_64 | flatpak-libs | < 1.8.5-5.el8_5 | flatpak-libs-1.8.5-5.el8_5.x86_64.rpm |
| almalinux | 8 | noarch | flatpak-selinux | < 1.8.5-5.el8_5 | flatpak-selinux-1.8.5-5.el8_5.noarch.rpm |
Related
nessus
nessus
RHEL 8 : flatpak (RHSA-2021:4107)
2021-11-03 00:00:00
SUSE SLED15 / SLES15 Security Update : flatpak (SUSE-SU-2021:3472-1)
2021-10-21 00:00:00
EulerOS 2.0 SP8 : flatpak (EulerOS-SA-2021-2799)
2021-12-25 00:00:00
cvelist
cvelist
CVE-2021-41133 Sandbox bypass via recent VFS-manipulating syscalls
2021-10-08 00:00:00
CVE-2021-42762
2021-10-20 18:15:59
openvas
openvas
Debian: Security Advisory (DSA-4984-1)
2021-10-15 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:3472-1)
2021-10-21 00:00:00
openSUSE: Security Advisory for flatpak (openSUSE-SU-2021:1400-1)
2021-11-01 00:00:00
cve
cve
CVE-2021-41133
2021-10-08 14:15:08
CVE-2021-42762
2021-10-20 19:15:07
redhat
redhat
(RHSA-2021:4044) Important: flatpak security update
2021-11-01 15:49:45
(RHSA-2021:4042) Important: flatpak security update
2021-11-01 13:11:58
(RHSA-2021:4106) Important: flatpak security update
2021-11-02 18:10:36
oraclelinux
oraclelinux
flatpak security update
2021-11-01 00:00:00
flatpak security update
2021-11-01 00:00:00
rocky
rocky
flatpak security update
2021-11-01 13:11:58
flatpak bug fix and enhancement update
2021-11-09 19:26:12
osv
osv
Important: flatpak security update
2021-11-01 13:11:58
CVE-2021-41133
2021-10-08 14:15:08
flatpak - security update
2021-10-12 00:00:00
amazon
amazon
Important: flatpak
2023-06-05 16:39:00
Important: webkitgtk4
2023-06-07 23:52:00
ubuntu
ubuntu
Flatpak vulnerability
2021-12-14 00:00:00
alpinelinux
alpinelinux
CVE-2021-41133
2021-10-08 14:15:08
CVE-2021-42762
2021-10-20 19:15:07
almalinux
almalinux
Important: flatpak security update
2021-11-01 13:11:58
ubuntucve
ubuntucve
CVE-2021-41133
2021-10-08 00:00:00
CVE-2021-42762
2021-10-20 00:00:00
suse
suse
Security update for flatpak (important)
2021-10-31 00:00:00
Security update for flatpak (important)
2021-10-20 00:00:00
debian
debian
[SECURITY] [DSA 4984-1] flatpak security update
2021-10-12 21:27:27
[SECURITY] [DSA 4984-1] flatpak security update
2021-10-12 21:27:27
fedora
fedora
[SECURITY] Fedora 34 Update: flatpak-1.10.5-1.fc34
2021-10-12 23:46:05
[SECURITY] Fedora 33 Update: flatpak-1.10.5-1.fc33
2021-10-28 19:31:26
mageia
mageia
Updated flatpak packages fix security vulnerability
2021-10-23 13:05:28
centos
centos
flatpak security update
2021-11-17 15:08:41
redhatcve
redhatcve
CVE-2021-41133
2021-10-08 16:53:11
CVE-2021-42762
2021-10-22 16:44:41
debiancve
debiancve
CVE-2021-41133
2021-10-08 14:15:08
CVE-2021-42762
2021-10-20 19:15:07
prion
prion
Code injection
2021-10-08 14:15:00
Authentication flaw
2021-10-20 19:15:00
cnvd
cnvd
Flatpak input validation error vulnerability
2021-10-11 00:00:00
veracode
veracode
Privilege Escalation
2021-10-11 09:23:37
nvd
nvd
CVE-2021-41133
2021-10-08 14:15:08
CVE-2021-42762
2021-10-20 19:15:07
archlinux
archlinux
[ASA-202110-9] webkit2gtk: multiple issues
2021-10-29 00:00:00
[ASA-202110-10] wpewebkit: multiple issues
2021-10-29 00:00:00
gentoo
gentoo
Flatpak: Multiple Vulnerabilities
2023-12-23 00:00:00
CVSS2
4.6
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
8.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS
0.001
Percentile
17.0%
Related for ALEA-2021:4539