PT-2018-17635 · Flatpak+3 · Flatpak+3

Gabriel Campana

Publicado

2018-02-02

Atualizado

2019-10-03

CVE-2018-6560

CVSS v3.1

8.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Flatpak versions prior to 0.8.9 Flatpak versions 0.9.x Flatpak versions 0.10.x prior to 0.10.3

Description The issue allows crafted D-Bus messages to the host to be used to break out of the sandbox. This is due to differences in whitespace handling between the proxy and the daemon.

Recommendations For versions prior to 0.8.9, update to version 0.8.9 or later. For versions 0.9.x, update to version 0.10.3 or later. For versions 0.10.x prior to 0.10.3, update to version 0.10.3 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-436

Identificadores relacionados

ALT-PU-2018-1133

CESA-2018_2766

CVE-2018-6560

MGASA-2018-0143

RHSA-2018:2766

RHSA-2018_2766

Produtos afetados

Alt Linux

Centos

Flatpak

Red Hat

PT-2018-17635 · Flatpak+3 · Flatpak+3

CVE-2018-6560

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 16