Upstream description: An anonymous reporter discovered that Flatpak apps with direct access to AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services into treating the Flatpak app as though it was an ordinary, non-sandboxed host-OS process, by manipulating the VFS using recent mount-related syscalls that are not blocked by Flatpak's denylist seccomp filter, in order to substitute a crafted /.flatpak-info or make that file disappear entirely.
*** Bug 817023 has been marked as a duplicate of this bug. ***
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=212064d519c5f273a96132a882db1cec637e6416 commit 212064d519c5f273a96132a882db1cec637e6416 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2021-10-10 03:51:30 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2021-10-10 03:51:37 +0000 sys-apps/flatpak: Remove vulnerable Bug: https://bugs.gentoo.org/816951 Package-Manager: Portage-3.0.28, Repoman-3.0.3 Signed-off-by: Zac Medico <zmedico@gentoo.org> sys-apps/flatpak/Manifest | 3 - sys-apps/flatpak/flatpak-1.10.0.ebuild | 101 --------------------------------- sys-apps/flatpak/flatpak-1.10.2.ebuild | 101 --------------------------------- sys-apps/flatpak/flatpak-1.11.1.ebuild | 101 --------------------------------- 4 files changed, 306 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=643ed442b2c41f32abca8a64ac63ea95c0b2e1fa commit 643ed442b2c41f32abca8a64ac63ea95c0b2e1fa Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2021-10-10 03:49:34 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2021-10-10 03:49:46 +0000 sys-apps/flatpak: 1.12.1 bump Bug: https://bugs.gentoo.org/816951 Package-Manager: Portage-3.0.28, Repoman-3.0.3 Signed-off-by: Zac Medico <zmedico@gentoo.org> sys-apps/flatpak/Manifest | 2 +- sys-apps/flatpak/{flatpak-1.11.3.ebuild => flatpak-1.12.1.ebuild} | 0 2 files changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cd8077153c0440912e3101b6cfec76e3baec103f commit cd8077153c0440912e3101b6cfec76e3baec103f Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2021-10-10 03:45:45 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2021-10-10 03:46:22 +0000 sys-apps/flatpak: 1.10.5 bump Bug: https://bugs.gentoo.org/816951 Package-Manager: Portage-3.0.28, Repoman-3.0.3 Signed-off-by: Zac Medico <zmedico@gentoo.org> sys-apps/flatpak/Manifest | 2 +- sys-apps/flatpak/{flatpak-1.10.3.ebuild => flatpak-1.10.5.ebuild} | 0 2 files changed, 1 insertion(+), 1 deletion(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=47ec7bcf87397307bd7056b71b03188358bab2ff commit 47ec7bcf87397307bd7056b71b03188358bab2ff Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2021-10-10 04:28:43 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2021-10-10 04:31:29 +0000 sys-apps/flatpak: Re-add stable version 1.10.2 Bug: https://bugs.gentoo.org/816951 Signed-off-by: Zac Medico <zmedico@gentoo.org> sys-apps/flatpak/Manifest | 1 + sys-apps/flatpak/flatpak-1.10.2.ebuild | 101 +++++++++++++++++++++++++++++++++ 2 files changed, 102 insertions(+)
amd64 stable
x86 stable
arm64 done all arches done
Please cleanup, thanks!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b0a3f1fe69f7811ee8eb1d202c6a1e7da81d1a9f commit b0a3f1fe69f7811ee8eb1d202c6a1e7da81d1a9f Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2021-10-11 00:50:59 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2021-10-11 00:51:06 +0000 sys-apps/flatpak: Remove vulnerable version 1.10.2 Bug: https://bugs.gentoo.org/816951 Package-Manager: Portage-3.0.28, Repoman-3.0.3 Signed-off-by: Zac Medico <zmedico@gentoo.org> sys-apps/flatpak/Manifest | 1 - sys-apps/flatpak/flatpak-1.10.2.ebuild | 101 --------------------------------- 2 files changed, 102 deletions(-)
Thanks Zac!
Unable to check for sanity: > no match for package: sys-apps/flatpak-1.10.5
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=774692af49b616797706937b258815617e132c83 commit 774692af49b616797706937b258815617e132c83 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-12-23 09:05:21 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2023-12-23 09:05:57 +0000 [ GLSA 202312-12 ] Flatpak: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/775365 Bug: https://bugs.gentoo.org/816951 Bug: https://bugs.gentoo.org/831087 Bug: https://bugs.gentoo.org/901507 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202312-12.xml | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+)