[USN-4721-1] Flatpak vulnerability
Paulo Flabiano Smorigo
pfsmorigo at canonical.com
Thu Feb 4 20:20:42 UTC 2021
Ubuntu Security Notice USN-4721-1
February 04, 2021
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Flatpak could be made to crash or run programs if it received
specially crafted input.
- flatpak: Application deployment framework for desktop apps
Simon McVittieg discovered that flatpak-portal service allowed sandboxed
applications to execute arbitrary code on the host system (a sandbox
escape). A malicious user could create a Flatpak application that set
environment variables, trusted by the Flatpak "run" command, and use it
to execute arbitrary code outside the sandbox.
The problem can be corrected by updating your system to the following
Ubuntu 20.04 LTS:
Ubuntu 18.04 LTS:
In general, a standard system update will make all the necessary changes.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: not available
More information about the ubuntu-security-announce