nono: Sandbox escape on Linux via D-Bus: `systemd-run --user`

Summary The nono Landlock/seccomp policies allow access to local Unix domain sockets concrete and abstract. This allows an easy sandbox escape by talking to the per-user systemd dbus socket. Threat scenario: Running Aider, Claude Code, OpenCode or similar tools with "allow bash" policy so that it...

GHSA-27VP-2MMC-VMH3 nono: Sandbox escape on Linux via D-Bus: `systemd-run --user`

Summary The nono Landlock/seccomp policies allow access to local Unix domain sockets concrete and abstract. This allows an easy sandbox escape by talking to the per-user systemd dbus socket. Threat scenario: Running Aider, Claude Code, OpenCode or similar tools with "allow bash" policy so that it...

SUSE-SU-2022:1804-1 Security update for postgresql10

This update for postgresql10 fixes the following issues: - CVE-2022-1552: Confine additional operations within 'security restricted operation' sandboxes bsc1199475...

USN-5191-1 flatpak vulnerability

It was discovered that Flatpak incorrectly handled certain AFUNIX sockets. An attacker could use this to specially craft a Flatpak application that could escape sandbox confinement...

Ubuntu: Security Advisory (USN-4951-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4951-1: Flatpak vulnerability

Anton Lydike discovered that Flatpak did not properly handle special tokens in desktop files. An attacker could use this to specially craft a Flatpak application that could escape sandbox confinement...