flatpak-1.0.2-5.el7

エラータID: AXSA:2019-3881:02

Release date: 
Friday, May 17, 2019 - 18:35
Subject: 
flatpak-1.0.2-5.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.

Security Fix(es):

* flatpak: Sandbox bypass via IOCSTI (incomplete fix for CVE-2017-5226) (CVE-2019-10063)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2017-5226
When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox.
CVE-2019-10063
Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass. Flatpak versions since 0.8.1 address CVE-2017-5226 by using a seccomp filter to prevent sandboxed apps from using the TIOCSTI ioctl, which could otherwise be used to inject commands into the controlling terminal so that they would be executed outside the sandbox after the sandboxed app exits. This fix was incomplete: on 64-bit platforms, the seccomp filter could be bypassed by an ioctl request number that has TIOCSTI in its 32 least significant bits and an arbitrary nonzero value in its 32 most significant bits, which the Linux kernel would treat as equivalent to TIOCSTI.

Solution: 

Update packages.

CVEs: 
CVE-2017-5226
When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox.
CVE-2019-10063
Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass. Flatpak versions since 0.8.1 address CVE-2017-5226 by using a seccomp filter to prevent sandboxed apps from using the TIOCSTI ioctl, which could otherwise be used to inject commands into the controlling terminal so that they would be executed outside the sandbox after the sandboxed app exits. This fix was incomplete: on 64-bit platforms, the seccomp filter could be bypassed by an ioctl request number that has TIOCSTI in its 32 least significant bits and an arbitrary nonzero value in its 32 most significant bits, which the Linux kernel would treat as equivalent to TIOCSTI.
Additional Info: 

N/A

Download: 

SRPMS
  1. flatpak-1.0.2-5.el7.src.rpm
    MD5: 69efbb6d1d6d5794c2ebf9fe74165bd4
    SHA-256: 731d8dd8e108578c86d42e3e01f4f5df4195e29cc64e5b17e6f3f8672bdbfa03
    Size: 3.24 MB

Asianux Server 7 for x86_64
  1. flatpak-1.0.2-5.el7.x86_64.rpm
    MD5: f79162e9550191500eaaef377f715517
    SHA-256: 77babb1dcd011b37dbbf63f01695ef5940df6900652c8709367a821045e83827
    Size: 927.62 kB
  2. flatpak-builder-1.0.0-5.el7.x86_64.rpm
    MD5: 9d2868e43df597a98780c48f9b41ce3c
    SHA-256: 48e286197e33b52d11a3b3997feab6d2ac0dce87e1bac4b73096ea31f5a9d340
    Size: 178.98 kB
  3. flatpak-devel-1.0.2-5.el7.x86_64.rpm
    MD5: 93b02ed632bc159ec0632a2a744436e2
    SHA-256: 244fe496727852916624ec91697d8f680a8dc9021be0f373da196c74293a67d9
    Size: 56.90 kB
  4. flatpak-libs-1.0.2-5.el7.x86_64.rpm
    MD5: 87fbd834e565f84c58b4ad8f4a1e5ff6
    SHA-256: fae4ca028a52673d4ed05a64462ee5d40e69ffd1a62b8dba43d750de4a048035
    Size: 588.57 kB