logo
DATABASE RESOURCES PRICING ABOUT US

Updated flatpak packages fix security vulnerability

Description

Flatpak apps with direct access to AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services into treating the Flatpak app as though it was an ordinary, non-sandboxed host-OS process, by manipulating the VFS using recent mount-related syscalls that are not blocked by Flatpak's denylist seccomp filter, in order to substitute a crafted /.flatpak-info or make that file disappear entirely.


Affected Package


OS OS Version Package Name Package Version
Mageia 8 flatpak 1.10.5-1

Related