flatpak

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	Linux application sandboxing and distribution framework (formerly xdg-app)
Version	1:1.15.8-1 [extra]

Resolved

Group	Affected	Fixed	Severity	Status	Ticket
AVG-2455	1.11.3-1	1.12.0-1	High	Fixed
AVG-1678	1.10.1-1	1.10.2-1	Medium	Fixed
AVG-1454	1.9.2-1	1.10.0-1	High	Fixed
AVG-971	1.2.4-1	1.3.1-1	High	Fixed
AVG-880	1.2.2-1	1.2.3-1	High	Fixed

Issue	Group	Severity	Remote	Type	Description
CVE-2021-41133	AVG-2455	High	No	Sandbox escape	A security issue has been found in Flatpak before version 1.12.0. An anonymous reporter discovered that Flatpak apps with direct access to AF_UNIX sockets...
CVE-2021-21381	AVG-1678	Medium	No	Sandbox escape	Flatpack since version 0.9.4 and before version 1.10.2 has a vulnerability in the "file forwarding" feature which can be used by an attacker to gain access...
CVE-2021-21261	AVG-1454	High	No	Sandbox escape	A bug was discovered in the `flatpak-portal` service that can allow sandboxed applications to execute arbitrary code on the host system (a sandbox escape)....
CVE-2019-10063	AVG-971	High	Yes	Sandbox escape	Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass. Flatpak versions since 0.8.1 address CVE-2017-5226 by...
CVE-2019-5736	AVG-880	High	Yes	Privilege escalation	A vulnerability discovered in runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary...

Advisories

Date	Advisory	Group	Severity	Type
13 Mar 2021	ASA-202103-4	AVG-1678	Medium	sandbox escape
20 Jan 2021	ASA-202101-40	AVG-1454	High	sandbox escape
17 Feb 2019	ASA-201902-20	AVG-880	High	privilege escalation