AVG-880

Package flatpak
Status Fixed
Severity High
Type privilege escalation
Affected 1.2.2-1
Fixed 1.2.3-1
Current 1.4.2-1 [extra]
Ticket None
Created Mon Feb 11 13:57:11 2019
Issue Severity Remote Type Description
CVE-2019-5736 High Yes Privilege escalation
A vulnerability discovered in runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary...
Date Advisory Package Description
17 Feb 2019 ASA-201902-20 flatpak privilege escalation
Notes
This mostly does not affect flatpak since the flatpak sandbox is not run with root permissions. However, there is one case (running the apply_extra script for system installs) where this happens, so the 1.2.3 release contains a fix for that.