flatpak bug fix and enhancement update

An update is available for flatpak. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Flatpak is a system for building, distributing, and running sandboxed desktop...

ALEA-2021:4539 flatpak bug fix and enhancement update

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Bug Fixes and Enhancements: CVE-2021-41133 flatpak: sandbox bypass via recent VFS-manipulating syscalls BZ2012868...

Microsoft Azure Sphere Security Monitor SMSyscallStageBaseManifests offset calculation out-of-bounds read vulnerability

Summary An out-of-bounds read vulnerability exists in the Security Monitor SMSyscallStageBaseManifests offset calculation of Microsoft Azure Sphere 21.01. A specially crafted manifest could lead to information disclosure. An attacker can use syscalls to trigger this vulnerability. Tested Versions...

Microsoft Azure Sphere Security Monitor SMSyscallStageBaseManifests image validation signature check bypass vulnerability

Summary A signature check bypass vulnerability exists in the Security Monitor SMSyscallStageBaseManifests image validation functionality of Microsoft Azure Sphere 21.01. A specially crafted manifest can lead to a firmware downgrade. An attacker can use syscalls to trigger this vulnerability. Test...

Microsoft Azure Sphere Pluton concurrent syscalls denial of service vulnerability

Summary A denial of service vulnerability exists in the Pluton syscalls functionality of Microsoft Azure Sphere 21.01, 21.06 and 21.07. A specially-crafted set of syscalls executed in parallel by an unprivileged process can lead to the crash of Pluton, resulting in a device reboot denial of...

openSUSE 15 Security Update : webkit2gtk3 (openSUSE-SU-2021:1454-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:1454-1 advisory. - BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host...

SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2021:3603-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:3603-1 advisory. - BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick hos...

CentOS 8 : flatpak (CESA-2021:4042)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2021:4042 advisory. - flatpak: Sandbox bypass via recent VFS-manipulating syscalls CVE-2021-41133 Note that Nessus has not tested for this issue but has instead relied only on the...

Important: Red Hat Security Advisory: flatpak security update

An update for flatpak is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

RHEL 8 : flatpak (RHSA-2021:4042)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:4042 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: Sandbox bypass via rece...

Important: Red Hat Security Advisory: flatpak security update

An update for flatpak is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

flatpak: Sandbox bypass via recent VFS-manipulating syscalls

A flaw was found in the flatpak package. It is susceptible to a software flaw that can deceive portals and other host-OS services into treating the flatpak app as an ordinary, non-sandboxed host-OS process. This flaw allows the escalation of privileges that the corresponding services presume the...

flatpak security update

An update is available for flatpak. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Flatpak is a system for building, distributing, and running sandboxed desktop...

OPENSUSE-SU-2021:1400-1 Security update for flatpak

This update for flatpak fixes the following issues: - Update to version 1.10.5: - CVE-2021-41133: Fixed a bug that could lead to sandbox bypass via recent VFS-manipulating syscalls. bsc1191507 This update was imported from the SUSE:SLE-15-SP2:Update update project...

Updated flatpak packages fix security vulnerability

Flatpak apps with direct access to AFUNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services into treating the Flatpak app as though it was an ordinary, non-sandboxed host-OS process, by manipulating the VFS using recent mount-related...

CVE-2021-42762

BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact...

openSUSE: Security Advisory for flatpak (openSUSE-SU-2021:3472-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2021-42762

BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact...

CVE-2021-42762

BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact...

CVE-2021-42762

BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact...