A vulnerability has been discovered in Flatpak, which can lead to a sandbox escape.
Package | sys-apps/flatpak on all architectures |
---|---|
Affected versions | < 1.4.10 |
Unaffected versions | >= 1.4.10 |
Flatpak is a Linux application sandboxing and distribution framework.
A vulnerability has been discovered in Flatpak. Please review the CVE identifier referenced below for details.
A malicious or compromised Flatpak app using persistent directories could read and write files in locations it would not normally have access to.
There is no known workaround at this time.
All Flatpak users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/flatpak-1.4.10"
Release date
November 06, 2024
Latest revision
November 06, 2024: 1
Severity
high
Exploitable
remote
Bugzilla entries