MGASA-2018-0143

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2018-0143.html

Import Source

https://advisories.mageia.org/MGASA-2018-0143.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2018-0143

Related

CVE-2018-6560

Published

2018-02-26T16:23:22Z

Modified

2018-02-26T15:54:36Z

Summary

Updated flatpak packages fix security vulnerability

Details

Updated flatpak packages fix security vulnerability:

A sandbox escape in the flatpak dbus proxy in the authentication phase (CVE-2018-6560).

The flatpak has been upgraded to the latest stable version, 0.10.3, which fixes this issue. The bubblewrap, ostree, flatpak-builder, xdg-desktop-portal, xdg-desktop-portal-gtk, and appstream-glib packages have also been upgraded to support this updated.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:6

bubblewrap

Package

Name: bubblewrap
Purl: pkg:rpm/mageia/bubblewrap?arch=source&distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.2.0-1.mga6

Ecosystem specific

{
    "section": "core"
}

ostree

Package

Name: ostree
Purl: pkg:rpm/mageia/ostree?arch=source&distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2018.1-1.mga6

Ecosystem specific

{
    "section": "core"
}

flatpak

Package

Name: flatpak
Purl: pkg:rpm/mageia/flatpak?arch=source&distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.10.3-1.mga6

Ecosystem specific

{
    "section": "core"
}

flatpak-builder

Package

Name: flatpak-builder
Purl: pkg:rpm/mageia/flatpak-builder?arch=source&distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.10.6-1.mga6

Ecosystem specific

{
    "section": "core"
}

xdg-desktop-portal

Package

Name: xdg-desktop-portal
Purl: pkg:rpm/mageia/xdg-desktop-portal?arch=source&distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9-1.mga6

Ecosystem specific

{
    "section": "core"
}

xdg-desktop-portal-gtk

Package

Name: xdg-desktop-portal-gtk
Purl: pkg:rpm/mageia/xdg-desktop-portal-gtk?arch=source&distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9-1.mga6

Ecosystem specific

{
    "section": "core"
}

appstream-glib

Package

Name: appstream-glib
Purl: pkg:rpm/mageia/appstream-glib?arch=source&distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.7.6-1.mga6

Ecosystem specific

{
    "section": "core"
}