MGASA-2021-0143

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2021-0143.html

Import Source

https://advisories.mageia.org/MGASA-2021-0143.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2021-0143

Related

Published

2021-03-18T09:56:09Z

Modified

2021-03-18T09:05:32Z

Summary

Updated flatpak packages fix security vulnerabilities

Details

Sandbox escape where a malicious application can execute code outside the sandbox by controlling the environment of the "flatpak run" command when spawning a sub-sandbox (CVE-2021-21261).

A potential attack where a flatpak application could use custom formatted .desktop files to gain access to files on the host system (CVE-2021-21381).

The update also removes the unnecessary flatpak-tests subpackage.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / libglib-testing

Package

Name: libglib-testing
Purl: pkg:rpm/mageia/libglib-testing?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.1.0-2.mga7

Ecosystem specific

{
    "section": "core"
}

Mageia:7 / appstream-glib

Package

Name: appstream-glib
Purl: pkg:rpm/mageia/appstream-glib?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.7.15-1.mga7

Ecosystem specific

{
    "section": "core"
}

Mageia:7 / malcontent

Package

Name: malcontent
Purl: pkg:rpm/mageia/malcontent?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.0-2.mga7

Ecosystem specific

{
    "section": "core"
}

Mageia:7 / bubblewrap

Package

Name: bubblewrap
Purl: pkg:rpm/mageia/bubblewrap?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.4.1-1.mga7

Ecosystem specific

{
    "section": "core"
}

Mageia:7 / ostree

Package

Name: ostree
Purl: pkg:rpm/mageia/ostree?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2020.8-1.mga7

Ecosystem specific

{
    "section": "core"
}

Mageia:7 / flatpak

Package

Name: flatpak
Purl: pkg:rpm/mageia/flatpak?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.10.2-1.mga7

Ecosystem specific

{
    "section": "core"
}

Mageia:7 / gnome-software

Package

Name: gnome-software
Purl: pkg:rpm/mageia/gnome-software?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.32.2-2.1.mga7

Ecosystem specific

{
    "section": "core"
}