-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4984-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso October 12, 2021 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : flatpak CVE ID : CVE-2021-41133 Debian Bug : 995935 It was discovered that sandbox restrictions in Flatpak, an application deployment framework for desktop apps, could be bypassed for a Flatpak app with direct access to AF_UNIX sockets, by manipulating the VFS using mount-related syscalls that are not blocked by Flatpak's denylist seccomp filter. Details can be found in the upstream advisory at https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q For the stable distribution (bullseye), this problem has been fixed in version 1.10.5-0+deb11u1. We recommend that you upgrade your flatpak packages. For the detailed security status of flatpak please refer to its security tracker page at: https://security-tracker.debian.org/tracker/flatpak Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmFl+ylfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Qysg/9GSusDNb//c2YenjtD69MbupqsPif+PkKOxD1CUo2wWZReglxg28gBTy2 1WDhACY07FalwuOGbRAruWEJ5+Meb+ecQ8oI2VWtqIm7sTUaxWQ/CsKmwkviWZyh jCWLr2ds7LSUISf5yl+HYzeAYGDCfdfdxDQ5BgcBXL7AiAMEmoDObi6dBk2QonVP uF6ArVSm1uBgLYtsl2t1OjxzjXaaDIyGy6rA2RwO6AYAJU6+gZ6PQnf04gDz5kZ2 oj30TqBYTIgXM1TFdkJMNrxGbsGYW/mGYeFNYlZb3eBnNggTKyIlRKcr3OHDEjPf MYELv2lN7UN4zU8qr5KmMqKYbmw5E2SZVpwtann3acWIk8TdasAZ3uLn+03qr4ke T1ppk1unaH+V9JEXcyG1JIltgDZv7MmjF/xvlo8hLI9PRRtNu2Hb1RUQLVOiEB23 tNbYn2uJ3kRxQkWcBJMB64uEdihl+nt3VvwO8c03pNimC3NgLwEUiLzu3unwftxb OYV2ypgoeLe27HBLvBJGS/uPQak9IH0OlNyGi7Rmstl/I2b983IfQJR+1Y5wRedx Gl3JtjrEK7dCN87pLDjgb3gI9FV3bkyTHdO063by8V/Q4pqDk7xfBX1cS1iqrmhZ tsABke2ApaxHGjyf7deztxVhTK6zwuznqPOtbAMi0bFF/fUMUmw= =L6qM -----END PGP SIGNATURE-----