Security update for flatpak
This update for flatpak to version 0.8.9 fixes security issues and bugs.
The following vulnerabilities were fixed:
- CVE-2018-6560: sandbox escape in the flatpak dbus proxy (boo#1078923)
- CVE-2017-9780: Malicious apps could have included inappropriate permissions (boo#1078989)
- old-style eavesdropping in the dbus proxy (boo#1078993)
This update also includes all upstream improvements and fixes in this stable release series.
-
Submitted by
Andreas Stieger (AndreasStieger)
Fixed bugs
bnc#1078993
VUL-0: flatpak: old-style eavesdropping in the dbus proxy
bnc#1078989
VUL-0: CVE-2017-9780: flatpak: a third-party app repository could include maliciousapps that contain files with inappropriate permissions, for example setuid orworld-writable
bnc#1078923
VUL-0: CVE-2018-6560: flatpak: sandbox escape in the dbus proxy
