RLSA-2024:6356 Important: bubblewrap and flatpak security update

Bubblewrap /usr/bin/bwrap is a core execution engine for unprivileged containers that works as a setuid binary on kernels without user namespaces. Security Fixes: flatpak: Access to files outside sandbox for apps using persistent= --persist CVE-2024-42472 For more details about the security issue...

SUSE-RU-2025:0145-1 Recommended update for bubblewrap, flatpak, wayland-protocols

This update for bubblewrap, flatpak updates flatpak to 1.16.0. flatpak changes: - Update to version 1.16.0: + Bug fixes: - Update libglnx to 2024-12-06: . Fix an assertion failure if creating a parent directory encounters a dangling symlink. . Fix a Meson warning. . Don't emit terminal progress...

Important: flatpak

Issue Overview: A sandbox escape vulnerability was found in Flatpak due to a symlink-following issue when mounting persistent directories. This flaw allows a local user or attacker to craft a symbolic link that can bypass the intended restrictions, enabling access to and modification of files...

Fedora 41 : flatpak (2024-0c6db96fc3)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-0c6db96fc3 advisory. Update to 1.15.10 CVE-2024-42472 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Important: flatpak

Issue Overview: A sandbox escape vulnerability was found in Flatpak due to a symlink-following issue when mounting persistent directories. This flaw allows a local user or attacker to craft a symbolic link that can bypass the intended restrictions, enabling access to and modification of files...

SUSE-SU-2023:1713-1 Security update for flatpak

This update for flatpak fixes the following issues: - CVE-2023-28101: Fixed misleading terminal output with metadata with ANSI control codes bsc1209410. - CVE-2023-28100: Fixed unsandboxed TIOCLINUX commands bsc1209411...

SUSE-SU-2022:3439-1 Security update for flatpak

This update for flatpak fixes the following issues: - CVE-2021-41133: Fixed sandbox bypass via recent syscalls bsc1191507...

SUSE-SU-2022:3284-1 Security update for flatpak

This update for flatpak fixes the following issues: - CVE-2021-41133: Fixed sandbox bypass via recent syscalls bsc1191507. - CVE-2021-43860: Fixed metadata validation bsc1194610...

OPENSUSE-SU-2021:3472-1 Security update for flatpak

This update for flatpak fixes the following issues: - Update to version 1.10.5: - CVE-2021-41133: Fixed a bug that could lead to sandbox bypass via recent VFS-manipulating syscalls. bsc1191507...

OPENSUSE-SU-2019:2038-1 Security update for flatpak

This update for flatpak fixes the following issues: Security issues fixed: - CVE-2019-8308: Fixed a potential sandbox escape via /proc bsc1125431. - CVE-2019-11460: Fixed a compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl bsc1133043...

DSA-3895-1 flatpak - security update

Bulletin has no description...