20 matches found
EulerOS 2.0 SP8 : flatpak (EulerOS-SA-2020-1846)
According to the version of the flatpak packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the applyextra script sandbox, which allows attackers to modify a host-si...
Huawei EulerOS: Security Advisory for flatpak (EulerOS-SA-2019-1134)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2019-8308
A flaw was found in flatpak. In certain special cases, installing flatpak applications and runtimes system-wide may allow an attacker to escape the flatpak sandbox. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
openSUSE Security Update : flatpak (openSUSE-2019-2038)
This update for flatpak fixes the following issues : Security issues fixed : - CVE-2019-8308: Fixed a potential sandbox escape via /proc bsc1125431. - CVE-2019-11460: Fixed a compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl...
openSUSE: Security Advisory for flatpak (openSUSE-SU-2019:2038-1)
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE SLED15 / SLES15 Security Update : flatpak (SUSE-SU-2019:2185-1)
This update for flatpak fixes the following issues : Security issues fixed : CVE-2019-8308: Fixed a potential sandbox escape via /proc bsc1125431. CVE-2019-11460: Fixed a compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl bsc1133043...
SUSE-SU-2019:2185-1 Security update for flatpak
This update for flatpak fixes the following issues: Security issues fixed: - CVE-2019-8308: Fixed a potential sandbox escape via /proc bsc1125431. - CVE-2019-11460: Fixed a compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl bsc1133043...
NewStart CGSL CORE 5.04 / MAIN 5.04 : flatpak Vulnerability (NS-SA-2019-0056)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has flatpak packages installed that are affected by a vulnerability: - Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the applyextra script sandbox, which allows attackers to modify a host-side...
Amazon Linux 2 : flatpak (ALAS-2019-1183)
Earlier versions of flatpak exposes /proc in the applyextra script sandbox, which allows attackers to modify a host-side executable file.CVE-2019-8308 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux 2 Security Advisory...
Important: flatpak
Issue Overview: Earlier versions of flatpak exposes /proc in the applyextra script sandbox, which allows attackers to modify a host-side executable file.CVE-2019-8308 Affected Packages: flatpak Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the...
Scientific Linux Security Update : flatpak on SL7.x x86_64 (20190221)
Security Fixes : - flatpak: potential /proc based sandbox escape CVE-2019-8308 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid122391; scriptversion"1.5"; scriptsetattributeattribute:"pluginmodificationdate",...
CentOS Update for flatpak CESA-2019:0375 centos7
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CentOS 7 : flatpak (CESA-2019:0375)
An update for flatpak is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
flatpak security update
CentOS Errata and Security Advisory CESA-2019:0375 An update for flatpak is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Oracle Linux 7 : flatpak (ELSA-2019-0375)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-0375 advisory. 1.0.2-4 - Tweak /proc sandbox patch 1675433 1.0.2-3 - Do not mount /proc in root sandbox 1675433 Tenable has extracted the preceding description block directly...
RHEL 7 : flatpak (RHSA-2019:0375)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:0375 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: potential /proc based...
Important: Red Hat Security Advisory: flatpak security update
An update for flatpak is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
DEBIAN-CVE-2019-8308
Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the applyextra script sandbox, which allows attackers to modify a host-side executable file...
CVE-2019-8308
CVE-2019-8308 affects Flatpak before 1.0.7 and 1.1.x and 1.2.x before 1.2.3, where the /proc is exposed in the apply_extra sandbox, enabling a local attacker to modify a host-side executable. CVSS v3 base score 8.2 (HIGH) with LOCAL attack vector, LOW privileges required, UI required, and impact ...
CVE-2019-8308
Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the applyextra script sandbox, which allows attackers to modify a host-side executable file...