Vulnerabilities

CVE-2018-6560

by Fred · 02/02/2018

In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon.

Date published : 2018-02-02

https://github.com/flatpak/flatpak/commit/52346bf187b5a7f1c0fe9075b328b7ad6abe78f6

https://github.com/flatpak/flatpak/releases/tag/0.10.3

Similar

Tags: Cybersecurity Alert