AVG-880 log
| Package | flatpak |
| Status | Fixed |
| Severity | High |
| Type | privilege escalation |
| Affected | 1.2.2-1 |
| Fixed | 1.2.3-1 |
| Current | 1:1.16.1-1 [extra] |
| Ticket | None |
| Created | Mon Feb 11 13:57:11 2019 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2019-5736 | High | Yes | Privilege escalation | A vulnerability discovered in runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary... |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 17 Feb 2019 | ASA-201902-20 | flatpak | privilege escalation |
| Notes |
|---|
This mostly does not affect flatpak since the flatpak sandbox is not run with root permissions. However, there is one case (running the apply_extra script for system installs) where this happens, so the 1.2.3 release contains a fix for that. |