Lucene search
Gentoo FoundationMGASA-2023-0115HistoryMar 24, 2023 - 8:55 a.m.
Updated flatpak packages fix security vulnerability
2023-03-2408:55:49
Gentoo Foundation
advisories.mageia.org
20
0.008 Low
EPSS
Percentile
81.5%
If a malicious Flatpak app is run on a Linux virtual console such as /dev/tty1, it can copy text from the virtual console and paste it back into the virtual console’s input buffer, from which the command might be run by the user’s shell after the Flatpak app has exited. This is similar to CVE-2017-5226, but using the TIOCLINUX ioctl command instead of TIOCSTI. (CVE-2023-28100) Flatpak app with elevated permissions mayhide those permissions from users of the ‘flatpak(1)’ command-line interface by setting other permissions to crafted values that contain non-printable control characters such as ‘ESC’. (CVE-2023-28101)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 8 | noarch | flatpak | <Â 1.12.8-1 | flatpak-1.12.8-1.mga8 |
Related
nessus
nessus
CentOS 8 : flatpak (CESA-2023:7038)
2023-11-14 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : flatpak (SUSE-SU-2023:1715-1)
2023-04-02 00:00:00
SUSE SLES15 Security Update : flatpak (SUSE-SU-2023:1714-1)
2023-04-02 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2023-0115)
2023-03-28 00:00:00
Fedora: Security Advisory for flatpak (FEDORA-2023-9fbc701e0d)
2023-04-03 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:1714-1)
2023-04-03 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package flatpak version 1.14.4-alt1
2023-03-27 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: flatpak-1.12.8-1.fc36
2023-04-02 01:34:23
[SECURITY] Fedora 37 Update: flatpak-1.14.4-1.fc37
2023-03-24 02:00:28
[SECURITY] Fedora 38 Update: flatpak-1.15.4-1.fc38
2023-03-20 00:20:25
rocky
rocky
flatpak security, bug fix, and enhancement update
2024-05-10 14:32:38
redhat
redhat
(RHSA-2023:7038) Moderate: flatpak security, bug fix, and enhancement update
2023-11-14 08:43:27
(RHSA-2023:6518) Moderate: flatpak security, bug fix, and enhancement update
2023-11-07 06:07:36
(RHSA-2019:1143) Important: flatpak security update
2019-05-13 04:50:39
osv
osv
Moderate: flatpak security, bug fix, and enhancement update
2024-05-10 14:32:38
Moderate: flatpak security, bug fix, and enhancement update
2023-11-14 00:00:00
Moderate: flatpak security, bug fix, and enhancement update
2023-11-07 00:00:00
almalinux
almalinux
Moderate: flatpak security, bug fix, and enhancement update
2023-11-07 00:00:00
Moderate: flatpak security, bug fix, and enhancement update
2023-11-14 00:00:00
oraclelinux
oraclelinux
flatpak security, bug fix, and enhancement update
2023-11-17 00:00:00
flatpak security, bug fix, and enhancement update
2023-11-11 00:00:00
cve
cve
cvelist
cvelist
CVE-2023-28100 TIOCLINUX can send commands outside sandbox if running on a virtual console
2023-03-16 15:51:32
CVE-2023-28101 Flatpak metadata with ANSI control codes can cause misleading terminal output
2023-03-16 15:55:53
CVE-2017-5226
2017-03-29 00:00:00
redhatcve
redhatcve
prion
prion
Command injection
2023-03-16 16:15:00
Command injection
2023-03-16 16:15:00
Input validation
2017-03-29 20:59:00
ubuntucve
ubuntucve
debiancve
debiancve
amazon
amazon
Medium: flatpak
2023-07-17 17:39:00
Important: flatpak
2019-05-29 19:11:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2337
2024-02-06 07:45:40
veracode
veracode
Improper Input Validation
2023-04-28 02:53:50
Improper Encoding
2023-04-28 02:53:50
Arbitrary Code Execution
2020-08-06 21:32:23
gentoo
gentoo
Flatpak: Multiple Vulnerabilities
2023-12-23 00:00:00
alpinelinux
alpinelinux
CVE-2019-10063
2019-03-26 14:29:00
CVE-2020-13753
2020-07-14 14:15:00
centos
centos
flatpak security update
2019-05-13 15:08:37
archlinux
archlinux
[ASA-202007-1] webkit2gtk: multiple issues
2020-07-14 00:00:00