16 matches found
Mageia: Security Advisory (MGASA-2018-0143)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for flatpak (EulerOS-SA-2019-2146)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
NewStart CGSL CORE 5.04 / MAIN 5.04 : flatpak Vulnerability (NS-SA-2019-0042)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has flatpak packages installed that are affected by a vulnerability: - It was found that flatpak's D-Bus proxy did not properly filter the access to D-Bus during the authentication protocol. A specially crafted flatpak...
Amazon Linux 2 : flatpak (ALAS-2018-1096)
It was found that flatpak's D-Bus proxy did not properly filter the access to D-Bus during the authentication protocol. A specially crafted flatpak application could use this flaw to bypass all restrictions imposed by flatpak and have full access to the D-BUS interface.CVE-2018-6560 C Tenable...
Medium: flatpak
Issue Overview: It was found that flatpak's D-Bus proxy did not properly filter the access to D-Bus during the authentication protocol. A specially crafted flatpak application could use this flaw to bypass all restrictions imposed by flatpak and have full access to the D-BUS interface.CVE-2018-65...
CentOS 7 : flatpak (CESA-2018:2766)
An update for flatpak is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
flatpak security update
CentOS Errata and Security Advisory CESA-2018:2766 An update for flatpak is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
RHEL 7 : flatpak (RHSA-2018:2766)
An update for flatpak is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
Oracle Linux 7 : flatpak (ELSA-2018-2766)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-2766 advisory. 0.8.8-4 - Add patch for CVE-2018-6560 1547376 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...
Scientific Linux Security Update : flatpak on SL7.x x86_64 (20180925)
Security Fixes : - flatpak: sandbox escape in D-Bus filtering by a crafted authentication handshake CVE-2018-6560 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include"compat.inc"; if description scriptid117786; scriptversion"1.4";...
flatpak security update
0.8.8-4 - Add patch for CVE-2018-6560 1547376...
MGASA-2018-0143 Updated flatpak packages fix security vulnerability
Updated flatpak packages fix security vulnerability: A sandbox escape in the flatpak dbus proxy in the authentication phase CVE-2018-6560. The flatpak has been upgraded to the latest stable version, 0.10.3, which fixes this issue. The bubblewrap, ostree, flatpak-builder, xdg-desktop-portal,...
Updated flatpak packages fix security vulnerability
Updated flatpak packages fix security vulnerability: A sandbox escape in the flatpak dbus proxy in the authentication phase CVE-2018-6560. The flatpak has been upgraded to the latest stable version, 0.10.3, which fixes this issue. The bubblewrap, ostree, flatpak-builder, xdg-desktop-portal,...
openSUSE Security Update : flatpak (openSUSE-2018-139)
This update for flatpak to version 0.8.9 fixes security issues and bugs. The following vulnerabilities were fixed : - CVE-2018-6560: sandbox escape in the flatpak dbus proxy boo1078923 - CVE-2017-9780: Malicious apps could have included inappropriate permissions boo1078989 - old-style eavesdroppi...
CVE-2018-6560
In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon...
CVE-2018-6560
CVE-2018-6560 affects Flatpak’s D-Bus proxy (dbus-proxy/flatpak-proxy.c) in Flatpak versions prior to 0.8.9, and in 0.9.x and 0.10.x prior to 0.10.3. The issue is caused by whitespace handling in the proxy not matching the daemon, enabling crafted D‑Bus messages to escape the sandbox. Practical i...