Announce: Flatpak 1.2.3 (security update)
Alexander Larsson
alexl at redhat.com
Mon Feb 11 13:49:21 UTC 2019
Available here:
https://github.com/flatpak/flatpak/releases/tag/1.2.3
$ sha256sum flatpak-1.2.3.tar.xz
bb4720307fc10465660e37bb9489c1d9a349c19143e24f65ddb49032f8b00d44
flatpak-1.2.3.tar.xz
Changes in 1.2.3
================
The CVE-2019-5736 runc vulnerability is about using /proc/self/exe
to modify the host side binary from the sandbox. This mostly does not
affect flatpak since the flatpak sandbox is not run with root permissions.
However, there is one case (running the apply_extra script for system
installs) where this happens, so this release contains a fix for that.
* Don't expose /proc in apply_extra script sandbox.
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Alexander Larsson Red Hat, Inc
alexl at redhat.com alexander.larsson at gmail.com
More information about the Flatpak
mailing list