flatpak-1.0.2-5.el7
エラータID: AXSA:2019-3881:02
リリース日:
2019/05/17 Friday - 18:35
題名:
flatpak-1.0.2-5.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Flatpakには、bubblewrapサンドボックスを通してプログラムを実行するとき、
nonpriv セッションが TIOCSTI ioctlを使用してターミナルの入力バッファに
文字を入れ込むことにより親セッションへ脱出でき、サンドボックスからの脱出を
許してしまう脆弱性があります。(CVE-2017-5226)
- Flatpakは、seccompフィルターにより CVE-2017-5226 のTIOCSTI ioctlによる
サンドボックス脱出を防いでいましたが、
この修正は64bitプラットフォームにおいて不完全であった脆弱性があります。 (CVE-2019-10063)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2017-5226
When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox.
When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox.
CVE-2019-10063
Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass. Flatpak versions since 0.8.1 address CVE-2017-5226 by using a seccomp filter to prevent sandboxed apps from using the TIOCSTI ioctl, which could otherwise be used to inject commands into the controlling terminal so that they would be executed outside the sandbox after the sandboxed app exits. This fix was incomplete: on 64-bit platforms, the seccomp filter could be bypassed by an ioctl request number that has TIOCSTI in its 32 least significant bits and an arbitrary nonzero value in its 32 most significant bits, which the Linux kernel would treat as equivalent to TIOCSTI.
Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass. Flatpak versions since 0.8.1 address CVE-2017-5226 by using a seccomp filter to prevent sandboxed apps from using the TIOCSTI ioctl, which could otherwise be used to inject commands into the controlling terminal so that they would be executed outside the sandbox after the sandboxed app exits. This fix was incomplete: on 64-bit platforms, the seccomp filter could be bypassed by an ioctl request number that has TIOCSTI in its 32 least significant bits and an arbitrary nonzero value in its 32 most significant bits, which the Linux kernel would treat as equivalent to TIOCSTI.
追加情報:
N/A
ダウンロード:
SRPMS
- flatpak-1.0.2-5.el7.src.rpm
MD5: 69efbb6d1d6d5794c2ebf9fe74165bd4
SHA-256: 731d8dd8e108578c86d42e3e01f4f5df4195e29cc64e5b17e6f3f8672bdbfa03
Size: 3.24 MB
Asianux Server 7 for x86_64
- flatpak-1.0.2-5.el7.x86_64.rpm
MD5: f79162e9550191500eaaef377f715517
SHA-256: 77babb1dcd011b37dbbf63f01695ef5940df6900652c8709367a821045e83827
Size: 927.62 kB - flatpak-builder-1.0.0-5.el7.x86_64.rpm
MD5: 9d2868e43df597a98780c48f9b41ce3c
SHA-256: 48e286197e33b52d11a3b3997feab6d2ac0dce87e1bac4b73096ea31f5a9d340
Size: 178.98 kB - flatpak-devel-1.0.2-5.el7.x86_64.rpm
MD5: 93b02ed632bc159ec0632a2a744436e2
SHA-256: 244fe496727852916624ec91697d8f680a8dc9021be0f373da196c74293a67d9
Size: 56.90 kB - flatpak-libs-1.0.2-5.el7.x86_64.rpm
MD5: 87fbd834e565f84c58b4ad8f4a1e5ff6
SHA-256: fae4ca028a52673d4ed05a64462ee5d40e69ffd1a62b8dba43d750de4a048035
Size: 588.57 kB
English