RHEL 9 : bubblewrap and flatpak (RHSA-2024:6356)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:6356 advisory. Bubblewrap /usr/bin/bwrap is a core execution engine for unprivileged containers that works as a setuid binary on kernels without user namespaces...

Oracle Linux 9 : bubblewrap / and / flatpak (ELSA-2024-6356)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-6356 advisory. - Add support for --bind-fd and --ro-bind-fd CVE-2024-42472 flatpak - Backport upstream patches for CVE-2024-42472 Tenable has extracted the preceding descripti...

RHEL 9 : bubblewrap and flatpak (RHSA-2024:6355)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:6355 advisory. Bubblewrap /usr/bin/bwrap is a core execution engine for unprivileged containers that works as a setuid binary on kernels without user namespaces...

RHEL 8 : bubblewrap and flatpak (RHSA-2024:6422)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:6422 advisory. Bubblewrap /usr/bin/bwrap is a core execution engine for unprivileged containers that works as a setuid binary on kernels without user namespaces...

AlmaLinux 9 : bubblewrap and flatpak (ALSA-2024:6356)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:6356 advisory. flatpak: Access to files outside sandbox for apps using persistent= --persist CVE-2024-42472 Tenable has extracted the preceding description block directly from th...

ALSA-2024:6422 Important: bubblewrap and flatpak security update

Bubblewrap /usr/bin/bwrap is a core execution engine for unprivileged containers that works as a setuid binary on kernels without user namespaces. Security Fixes: flatpak: Access to files outside sandbox for apps using persistent= --persist CVE-2024-42472 For more details about the security issue...

Important: Red Hat Security Advisory: bubblewrap and flatpak security update

An update for bubblewrap and flatpak is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: bubblewrap and flatpak security update

An update for bubblewrap and flatpak is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

Important: Red Hat Security Advisory: bubblewrap and flatpak security update

An update for bubblewrap and flatpak is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

bubblewrap and flatpak security update

bubblewrap 0.4.1-7 - Add support for --bind-fd and --ro-bind-fd CVE-2024-42472 flatpak 1.12.9-3 - Fix previous changelog entry 1.12.9-2 - Backport upstream patches for CVE-2024-42472 - Require bubblewrap version that has new --bind-fd option backported for addressing CVE-2024-42472...

Important: bubblewrap and flatpak security update

Bubblewrap /usr/bin/bwrap is a core execution engine for unprivileged containers that works as a setuid binary on kernels without user namespaces. Security Fixes: flatpak: Access to files outside sandbox for apps using persistent= --persist CVE-2024-42472 For more details about the security issue...

ALSA-2024:6356 Important: bubblewrap and flatpak security update

Bubblewrap /usr/bin/bwrap is a core execution engine for unprivileged containers that works as a setuid binary on kernels without user namespaces. Security Fixes: flatpak: Access to files outside sandbox for apps using persistent= --persist CVE-2024-42472 For more details about the security issue...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : bubblewrap and flatpak (SUSE-SU-2024:3104-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:3104-1 advisory. - CVE-2024-42472: Fixed access to files outside sandbox for apps using persistent bsc1229157 Tenable has...

SUSE-SU-2024:3104-1 Security update for bubblewrap and flatpak

This update for bubblewrap and flatpak fixes the following issues: - CVE-2024-42472: Fixed access to files outside sandbox for apps using persistent bsc1229157...

SUSE SLES12 Security Update : bubblewrap and flatpak (SUSE-SU-2024:3073-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:3073-1 advisory. - CVE-2024-42472: Fixed access to files outside sandbox for apps using persistent bsc1229157 Tenable has extracted the preceding description...

SUSE: Security Advisory (SUSE-SU-2024:3073-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2024:3073-1 Security update for bubblewrap and flatpak

This update for bubblewrap and flatpak fixes the following issues: - CVE-2024-42472: Fixed access to files outside sandbox for apps using persistent bsc1229157...

OESA-2024-2053 flatpak security update

flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information. Security Fixes: Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a...

OPENSUSE-SU-2024:14269-1 bubblewrap-0.10.0-1.1 on GA media

These are all security issues fixed in the bubblewrap-0.10.0-1.1 package on the GA media of openSUSE Tumbleweed...

ALPINE-CVE-2024-42472

Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app using persistent directories could access and write files outside of what it would otherwise have access to, which is an attack on integrity and...