Announce: Flatpak 1.8.5 (security update: CVE-2021-21261)
Alexander Larsson
alexl at redhat.com
Fri Jan 15 07:44:20 UTC 2021
Available at:
https://github.com/flatpak/flatpak/releases/tag/1.8.5
This is a security update that fixes a sandbox escape where a
malicious application can execute code outside the sandbox
by controlling the environment of the "flatpak run" command
when spawning a sub-sandbox.
See the advisory for details:
https://github.com/flatpak/flatpak/security/advisories/GHSA-4ppf-fxf6-vxg2
$ sha256sum flatpak-1.8.5.tar.xz
338dc47398ef0b9bd95d14b6a321f6ee4d9ae53fdb06dc0f8901d6440319d47c
flatpak-1.8.5.tar.xz
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Alexander Larsson Red Hat, Inc
alexl at redhat.com alexander.larsson at gmail.com
More information about the Flatpak
mailing list