1231 matches found
CVE-2018-6560
In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon...
CVE-2018-6560
CVE-2018-6560 affects Flatpak’s D-Bus proxy (dbus-proxy/flatpak-proxy.c) in Flatpak versions prior to 0.8.9, and in 0.9.x and 0.10.x prior to 0.10.3. The issue is caused by whitespace handling in the proxy not matching the daemon, enabling crafted D‑Bus messages to escape the sandbox. Practical i...
CVE-2018-6560
In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon...
CVE-2017-9780
In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the...
Fedora Update for flatpak FEDORA-2017-6b1f07acd9
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 24 : flatpak (2017-6b1f07acd9)
Security fix for CVE-2017-9780 Update to 0.8.7 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
[SECURITY] Fedora 24 Update: flatpak-0.8.7-1.fc24
flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information...
Flatpak Local Elevation of Privilege Vulnerability
Flatpak is a system for building and installing Linux desktop applications. A local elevation of privilege vulnerability exists in versions of Flatpak prior to 0.8.7. A local attacker could exploit this vulnerability to run the setuid executable...
Debian DSA-3895-1 : flatpak - security update
It was discovered that Flatpak, an application deployment framework for desktop apps insufficiently restricted file permissinons in third-party repositories, which could result in privilege escalation. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...
[SECURITY] [DSA 3895-1] flatpak security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3895-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 22, 2017 https://www.debian.org/security/faq -...
Debian Security Advisory DSA 3895-1 (flatpak - security update)
It was discovered that Flatpak, an application deployment framework for desktop apps insufficiently restricted file permissinons in third-party repositories, which could result in privilege escalation. OpenVAS Vulnerability Test $Id: deb3895.nasl 6607 2017-07-07 12:04:25Z cfischer $ Auto-generate...
DSA-3895-1 flatpak - security update
Bulletin has no description...
CVE-2017-9780
In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the...
Design/Logic Flaw
In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the...
UBUNTU-CVE-2017-9780
In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the...
CVE-2017-9780
In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the...
DEBIAN-CVE-2017-9780
In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the...
CVE-2017-9780
In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the...
CVE-2017-9780
In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the...
CVE-2017-9780
CVE-2017-9780 affects Flatpak prior to 0.8.7. A third‑party app repository could supply malicious apps with files that have insecure permissions (e.g., setuid or world‑writeable), causing deployed files to run with elevated privileges or write to world‑writable locations. The worst‑case involves ...