Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 4868-1] flatpak security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 4868-1] flatpak security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Moritz Muehlenhoff <jmm AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 4868-1] flatpak security update
  • Date: Fri, 12 Mar 2021 21:38:12 +0000
  • List-archive: https://lists.debian.org/msgid-search/20210312213812.GA5462 AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From: Date:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=3ZDxga+PMMqbhziQsbkCoPGlR5peUCWLcVvS0N1ivuM=; b=j6 0Co4Ru7brhN2X/WNvY87ZMJ0CDP7Bcj+XO1cRPJqtnBXPs/cxdkEoPBBqpKL0f/fu1GXWexUSeHRM W+eXFQuLGGd4jBFOC2rL707YjYKTOUKJMnAh2dBm3AA6slaHtnUf8M3pdH2+/KHV7+mXRptcrqu78 Sks79HkoDIYcKOmy8ZgVCZZzEbj/GSVr7qh7E1LDn76S0si+JCKVjPxSS4rXsHILgr7aEYJWFl+0N N7mqpAy2TPZtvvHOVEtOt/6MoelYQkCy+Y9OkNL9FxsbeNQyTM76UVvva/s8qONVmoHUjyjhjVrmY XHSw63j6pGliWFoCI/C0rF3Q4ckpPn5g==;
  • Old-return-path: <jmm AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Fri, 12 Mar 2021 21:38:35 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <0eJ-0sWkxjJ.A.mw.b99SgB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4868-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
March 12, 2021 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : flatpak
CVE ID : CVE-2021-21381

Anton Lydike discovered that sandbox restrictions in Flatpak, an
application deployment framework for desktop apps, could by bypassed
via a malicious .desktop file.

For the stable distribution (buster), this problem has been fixed in
version 1.2.5-0+deb10u4.

We recommend that you upgrade your flatpak packages.

For the detailed security status of flatpak please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/flatpak

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmBL3pkACgkQEMKTtsN8
TjaRXxAAhOmndiO/HWvXC95KQr+LinVmYTk3rdXQQ2NtLGCJwoSo8CY5Cs6P649h
/nRAdNfjgfm40gVlOIIaI0v5pG7wTy4vTulwtRBbJ844wjuJEbTgsRPe2RIYIMLP
sZDTG1be0k0X48JKavGehn4JqXe+GyF54+g0X1Mh34mG0e6LVdYriBy0nHS8/UHQ
sI2S3ABS10zBz9nt+/CByvJabosPx4DaSMnWIHBanXFghu3TkhqVA/A1zX0VyZrT
DN0oHTYtvV2gN+hFe6u128ANh1yfm6fVAIQ6z/BMvhwdjgDT23HUNDqnZG1Wdj5P
LtICMy9ntBUF8Ho0oq8GguYY7AidUKzMqkd8UNufuM836mpy3YkCiVA76LHY0r4X
8VhpAsUyvdwS+enJ4q9SrvSfnlUKUG6032CPoC+UKqYwgaXtbEkcAvU1G2+WoiHW
OhsFJTivFXB1cfZILU6FN8IvDJxKPJG7tnzFv8utYmiAkx1nIXdV/xTsaeEkgOPl
s6zc4BVcx/CNgZYLRevoVN5sxG+Lo5hLj+Q4aqvWndXqEA3csDsMFD6sUBBTo5OW
ee97tLVGMyK0mrN0akujpg3FrQOxcr0KmpBXATy2/4qbt/1waanMcSCJdup5C2p1
UkvOxgzS87GRL8O7gET8uPpk0T7zQ8pc/LeqoeshXqLS3kbe/iU=
=oU5p
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 4868-1] flatpak security update, Moritz Muehlenhoff, 12.03.2021

Archiv bereitgestellt durch MHonArc 2.6.24.

Seitenanfang