Announce: Flatpak 1.10.4
Alexander Larsson
alexl at redhat.com
Fri Oct 8 11:29:42 UTC 2021
Available at:
https://github.com/flatpak/flatpak/releases/tag/1.10.4
$ sha256sum flatpak-1.10.4.tar.xz
641f1a62b1b875cc0561ab9bdfd3030071286d6021ae4bac6f80094408f00d1c
flatpak-1.10.4.tar.xz
This release fixes a security vulnerability in the portal
support. Some recently added syscalls were not blocked by the seccomp rules
which allowed the application to create sub-sandboxes which can confuste
the sandboxing verification mechanisms of the portal. This has been
fixed by extending the seccomp rules.
For details, see:
https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q
Other changes in this version:
* OCI now use the pax tar format which handles large files better than gnutar
* Fix the parental control checks for root
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Alexander Larsson Red Hat, Inc
alexl at redhat.com alexander.larsson at gmail.com
More information about the Flatpak
mailing list