flatpak

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Linux application sandboxing and distribution framework (formerly xdg-app)
Version 1.12.2-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2455 1.11.3-1 1.12.0-1 High Fixed
AVG-1678 1.10.1-1 1.10.2-1 Medium Fixed
AVG-1454 1.9.2-1 1.10.0-1 High Fixed
AVG-971 1.2.4-1 1.3.1-1 High Fixed
AVG-880 1.2.2-1 1.2.3-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2021-41133 AVG-2455 High No Sandbox escape
A security issue has been found in Flatpak before version 1.12.0. An anonymous reporter discovered that Flatpak apps with direct access to AF_UNIX sockets...
CVE-2021-21381 AVG-1678 Medium No Sandbox escape
Flatpack since version 0.9.4 and before version 1.10.2 has a vulnerability in the "file forwarding" feature which can be used by an attacker to gain access...
CVE-2021-21261 AVG-1454 High No Sandbox escape
A bug was discovered in the `flatpak-portal` service that can allow sandboxed applications to execute arbitrary code on the host system (a sandbox escape)....
CVE-2019-10063 AVG-971 High Yes Sandbox escape
Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass. Flatpak versions since 0.8.1 address CVE-2017-5226 by...
CVE-2019-5736 AVG-880 High Yes Privilege escalation
A vulnerability discovered in runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary...

Advisories

Date Advisory Group Severity Type
13 Mar 2021 ASA-202103-4 AVG-1678 Medium sandbox escape
20 Jan 2021 ASA-202101-40 AVG-1454 High sandbox escape
17 Feb 2019 ASA-201902-20 AVG-880 High privilege escalation