Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 3895-1] flatpak security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 3895-1] flatpak security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Moritz Muehlenhoff <jmm AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 3895-1] flatpak security update
  • Date: Thu, 22 Jun 2017 19:45:31 +0200
  • List-archive: https://lists.debian.org/msgid-search/20170622174531.dtgrzgvhbppycyye AT pisco.westfalen.local
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-return-path: <jmm AT inutil.org>
  • Priority: urgent
  • Resent-date: Thu, 22 Jun 2017 17:45:49 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <jEc3n1UoM4H.A.23H.NJATZB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3895-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
June 22, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : flatpak
CVE ID : CVE-2017-9780

It was discovered that Flatpak, an application deployment framework for
desktop apps insufficiently restricted file permissinons in third-party
repositories, which could result in privilege escalation.

For the stable distribution (stretch), this problem has been fixed in
version 0.8.5-2+deb9u1.

For the unstable distribution (sid), this problem has been fixed in
version 0.8.7-1.

We recommend that you upgrade your flatpak packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAllMARwACgkQEMKTtsN8
TjbZ6hAAoKoaQJvsB3JLNm0oIhMJ6FLNDZhBRBH7uD1DWOZAVk+YNK/m+4Q0O9yq
+w1TrsFHI1MYhM/FSXhVP4L2RENaGGCYscpZLxRVOi0AuYprjsFL49LKqZC8RdQY
VaUlJWl90R2WPZcNSmuI2Q3reav6nPxDPdZfb2PK8Drg7JVda2DroJk/PF6gql7P
+4JZ4FoPgCjb6q9yZQWypJ74lBLYEBkQT3I/4iOnLHNU3iOiZ2XsIo7d/kvMmH7q
EldGivROFw3t9q/MlyaIYaeh6UOBg0C6aijJczVwhWlQ8G7jOSUrlN8DnsbX/2Wu
x5yaAkZFnur0F1FQ3zJoH9sKLkjCWOw0UlRhf2AV1HXuptvjB0De7R6km2g4cFbv
ykPL0ljHbdUNG9DlXQpr+yUSPeqh7d16Qhwhf8QBgcRlbo4Q7Z536k77G33bQask
D0r4HZ3GH/SizY4eX2smDGGdZ51YarqJvt5t18+E4r5vwe8/wd9zBadf9/iuMK5B
rUiQ1QbaEC2xwXKMe2sxnC1PLAW8Xqx8Vwb6SFeRqFQIGe1F1FnBSxONjMUgx6Z/
l3NUdLqyVBfjrS5paL113a4sWtskwO9NHTpQnJBD4hXDLTLi6kdR4aQfFhDf3dd4
wgai9t5njMLkFjPpQE2GcZ+Aite8ylDovudXYAVuOjW7sNNFz+A=
=StXu
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 3895-1] flatpak security update, Moritz Muehlenhoff, 22.06.2017

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang