2 matches found
CLSA-2025-1741291194 flatpak: Fix of CVE-2024-42472
CVE-2024-42472: patch Flatpak to include the new --bind-fd option in bubblewrap to prevent symlink attacks on persistent directories...
CLSA-2025-1741125454 bubblewrap: Fix of CVE-2024-42472
fix CVE-2024-42472 in flatpak by adding --bind-fd and --ro-bind-fd options in in bubblewrap, enabling race-free bind mounts using an OPATH file descriptor instead of a direct path...