Advisories » MGASA-2018-0143

Updated flatpak packages fix security vulnerability

Publication date: 26 Feb 2018
Modification date: 26 Feb 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-6560

Description

Updated flatpak packages fix security vulnerability:

A sandbox escape in the flatpak dbus proxy in the authentication phase
(CVE-2018-6560).

The flatpak has been upgraded to the latest stable version, 0.10.3, which fixes
this issue.  The bubblewrap, ostree, flatpak-builder, xdg-desktop-portal,
xdg-desktop-portal-gtk, and appstream-glib packages have also been upgraded to
support this updated.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22562
• https://lists.opensuse.org/opensuse-updates/2018-02/msg00019.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6560

SRPMS

6/core

• bubblewrap-0.2.0-1.mga6
• ostree-2018.1-1.mga6
• flatpak-0.10.3-1.mga6
• flatpak-builder-0.10.6-1.mga6
• xdg-desktop-portal-0.9-1.mga6
• xdg-desktop-portal-gtk-0.9-1.mga6
• appstream-glib-0.7.6-1.mga6