AVG-880 log
Package | flatpak |
Status | Fixed |
Severity | High |
Type | privilege escalation |
Affected | 1.2.2-1 |
Fixed | 1.2.3-1 |
Current | 1:1.15.10-1 [extra] |
Ticket | None |
Created | Mon Feb 11 13:57:11 2019 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2019-5736 | High | Yes | Privilege escalation | A vulnerability discovered in runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary... |
Date | Advisory | Package | Type |
---|---|---|---|
17 Feb 2019 | ASA-201902-20 | flatpak | privilege escalation |
Notes |
---|
This mostly does not affect flatpak since the flatpak sandbox is not run with root permissions. However, there is one case (running the apply_extra script for system installs) where this happens, so the 1.2.3 release contains a fix for that. |