flatpak

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Linux application sandboxing and distribution framework (formerly xdg-app)
Version 1.4.2-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-971 1.2.4-1 1.3.1-1 High Fixed
AVG-880 1.2.2-1 1.2.3-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2019-10063 AVG-971 High Yes Sandbox escape
Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass. Flatpak versions since 0.8.1 address CVE-2017-5226 by...
CVE-2019-5736 AVG-880 High Yes Privilege escalation
A vulnerability discovered in runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary...

Advisories

Date Advisory Group Severity Description
17 Feb 2019 ASA-201902-20 AVG-880 High privilege escalation