flatpak-0.8.8-4.el7
エラータID: AXSA:2018-3332:02
Release date:
Tuesday, September 25, 2018 - 21:28
Subject:
flatpak-0.8.8-4.el7
Affected Channels:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.
Security Fix(es):
* flatpak: sandbox escape in D-Bus filtering by a crafted authentication handshake (CVE-2018-6560)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2018-6560
In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon.
Solution:
Update packages.
CVEs:
CVE-2018-6560
In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon.
In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon.
Additional Info:
N/A
Download:
SRPMS
- flatpak-0.8.8-4.el7.src.rpm
MD5: 9595b33e26710f60d91eafb1488dbe43
SHA-256: 1aa852e1d2f7fcfc407be6997ff4cd5312f1bbeba88283759c0e92c0f2d69dd0
Size: 1.42 MB
Asianux Server 7 for x86_64
- flatpak-0.8.8-4.el7.x86_64.rpm
MD5: d8b64bf9a216919e631f99d4be9b14b6
SHA-256: d604e8c1b52fe719f84083a9d7fe8fe11e28b0a64c3c97cdb5b5ae3928e3ab54
Size: 712.39 kB - flatpak-builder-0.8.8-4.el7.x86_64.rpm
MD5: 296628b90805fbe1bd0c9876dc7f691c
SHA-256: 048c61a7e6ef89203afb40c73831713238104e5572f74277f2d398082db9d589
Size: 245.32 kB - flatpak-devel-0.8.8-4.el7.x86_64.rpm
MD5: 4e997497e3cb00d59a940d083e0d2e1f
SHA-256: 9d373c3b99dc507801c459dc73f3bb82e54a823fc7e47ae8756de3bd8d269051
Size: 35.55 kB - flatpak-libs-0.8.8-4.el7.x86_64.rpm
MD5: d3575fc7b9adfaf6fcde4a2539926956
SHA-256: 0479aba0f58924738c8e5334f66a7eb817599e1e8fba7a2d77cbf4c088104891
Size: 423.58 kB