This bug was fixed in the package flatpak - 0.6.11-1ubuntu0.16.10.0 --------------- flatpak (0.6.11-1ubuntu0.16.10.0) yakkety-security; urgency=medium
* SECURITY UPDATE: bubblewrap escape via TIOCSTI ioctl (LP: #1657357) - Fixed in d/p/Use-seccomp-to-filter-out-TIOCSTI-ioctl.patch: Add patch from upstream 0.8.1 to prevent contained apps from using TIOCSTI ioctl. This would let the app inject commands into the terminal from which it was invoked. Prevent the attack here by using seccomp to filter out TIOCSTI ioctl. - CVE-2017-5226 * SECURITY UPDATE: Prevent writing to per-user installed fonts and Flatpak extensions (typically locales) - Fixed in d/p/Make-sure-all-mounted-sources-are-read-only.patch: Add patch from upstream 0.8.2 -- Jeremy Bicha <jbi...@ubuntu.com> Sat, 28 Jan 2017 06:00:41 -0500 ** Changed in: flatpak (Ubuntu) Status: Confirmed => Fix Released ** Changed in: bubblewrap (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1657357 Title: bubblewrap escape via TIOCSTI ioctl To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bubblewrap/+bug/1657357/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs