Announce: Flatpak 1.2.4 (security update)
Alexander Larsson
alexl at redhat.com
Wed Mar 27 10:29:55 UTC 2019
Available here:
https://github.com/flatpak/flatpak/releases/tag/1.2.4
$ sha256sum flatpak-1.2.4.tar.xz
1b6539d94d31e571661a2545cfcece7ec9267b4e2552e3cc0f617f4790f6c3e1
flatpak-1.2.4.tar.xz
This release fixes CVE-2019-10063.
It has been discovered that the previous fix for CVE-2017-5226, which uses
seccomp to prevent sandboxed apps from using the (dangerous) TIOCSTI ioctl
was only incomplete on 64bit arches. This is now fixed.
* seccomp: Only compare the low 32bit of the TIOCSTI ioctl args.
* Support multiple nvidia cards on the machine
* Fix support for systems where XDG_RUNTIME_DIR is /var/run which is a symlink
like gentoo.
* Fix potential crash when updating apps.
* flatpak list --arch now works correctly again.
* Update translations
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Alexander Larsson Red Hat, Inc
alexl at redhat.com alexander.larsson at gmail.com
More information about the Flatpak
mailing list