Announce: Flatpak 1.8.5 (security update: CVE-2021-21261)

Alexander Larsson alexl at redhat.com
Fri Jan 15 07:44:20 UTC 2021


Available at:
  https://github.com/flatpak/flatpak/releases/tag/1.8.5

This is a security update that fixes a sandbox escape where a
malicious application can execute code outside the sandbox
by controlling the environment of the "flatpak run" command
when spawning a sub-sandbox.

See the advisory for details:
 https://github.com/flatpak/flatpak/security/advisories/GHSA-4ppf-fxf6-vxg2

$ sha256sum flatpak-1.8.5.tar.xz
338dc47398ef0b9bd95d14b6a321f6ee4d9ae53fdb06dc0f8901d6440319d47c
flatpak-1.8.5.tar.xz

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 Alexander Larsson                                Red Hat, Inc
       alexl at redhat.com         alexander.larsson at gmail.com



More information about the Flatpak mailing list