Red Hat Security Advisory 2021-0306-01

Red Hat Security Advisory 2021-0306-01: Posted Feb 1, 2021; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2021-0306-01 - Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.; tags | advisory; systems | linux, redhat; advisories | CVE-2021-21261; SHA-256 | 8a4a7ef0ec0ebaf1a12ebc008878b3fca2bdeb22a85a1b3cafc67e5ab79ebe00; Download | Favorite | View

Red Hat Security Advisory 2021-0306-01

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: flatpak security update
Advisory ID:       RHSA-2021:0306-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:0306
Issue date:        2021-02-01
CVE Names:         CVE-2021-21261 
=====================================================================

1. Summary:

An update for flatpak is now available for Red Hat Enterprise Linux 8.1
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v. 8.1) - aarch64, ppc64le, s390x, x86_64

3. Description:

Flatpak is a system for building, distributing, and running sandboxed
desktop applications on Linux.

Security Fix(es):

* flatpak: sandbox escape via spawn portal (CVE-2021-21261)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1917430 - CVE-2021-21261 flatpak: sandbox escape via spawn portal

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v. 8.1):

Source:
flatpak-1.0.9-3.el8_1.src.rpm

aarch64:
flatpak-1.0.9-3.el8_1.aarch64.rpm
flatpak-debuginfo-1.0.9-3.el8_1.aarch64.rpm
flatpak-debugsource-1.0.9-3.el8_1.aarch64.rpm
flatpak-libs-1.0.9-3.el8_1.aarch64.rpm
flatpak-libs-debuginfo-1.0.9-3.el8_1.aarch64.rpm

ppc64le:
flatpak-1.0.9-3.el8_1.ppc64le.rpm
flatpak-debuginfo-1.0.9-3.el8_1.ppc64le.rpm
flatpak-debugsource-1.0.9-3.el8_1.ppc64le.rpm
flatpak-libs-1.0.9-3.el8_1.ppc64le.rpm
flatpak-libs-debuginfo-1.0.9-3.el8_1.ppc64le.rpm

s390x:
flatpak-1.0.9-3.el8_1.s390x.rpm
flatpak-debuginfo-1.0.9-3.el8_1.s390x.rpm
flatpak-debugsource-1.0.9-3.el8_1.s390x.rpm
flatpak-libs-1.0.9-3.el8_1.s390x.rpm
flatpak-libs-debuginfo-1.0.9-3.el8_1.s390x.rpm

x86_64:
flatpak-1.0.9-3.el8_1.x86_64.rpm
flatpak-debuginfo-1.0.9-3.el8_1.i686.rpm
flatpak-debuginfo-1.0.9-3.el8_1.x86_64.rpm
flatpak-debugsource-1.0.9-3.el8_1.i686.rpm
flatpak-debugsource-1.0.9-3.el8_1.x86_64.rpm
flatpak-libs-1.0.9-3.el8_1.i686.rpm
flatpak-libs-1.0.9-3.el8_1.x86_64.rpm
flatpak-libs-debuginfo-1.0.9-3.el8_1.i686.rpm
flatpak-libs-debuginfo-1.0.9-3.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-21261
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYBfVLtzjgjWX9erEAQhH8g/+JyEkIhng2vK46NsPVFYXvl0Y4B4P6piT
ZCXlT7WytinsFrDOl0JqClfrIDSZ2janNv8n0HXwS1tkq7TZQEV6sL+aeZRlZI8d
BMroelJ0STzoekwhHpfclnrZjf1HjiDFcGCAe90cMDNh8oZCsp0xLn2XIEKW8t0Q
MIxwI2FiaYmz3GWRkCZ5hPGHMG4jSauXjZRabvQsk9Npw7t7HVnO3qACD2brLHKl
RoG5g8lPGA+b2i1oWES3hWYjDd4OG+RO4ByqlRtSnDaowQQLmM7X5eKjfQzlArvX
ukgNI83OzrG90IaCMch6J2fjcLSd2N+0fzJN5G3VCff4GbJaLRBX8HYk4fadz73I
v2PyfvcacYrfsDTQjOcCGks9CLa/hLlGc25AMcMMYw9DilqHvvig9arhCQBxfvpt
7yqZJzqf7j1ssWsSxgzHFQLyXvy/TIKwnWzMRLNyNW/t54P/6Urv5wydK4pTznBD
bDT1X+vhINPLDo0UAmCKpP9NgFEOuAPegWSiGljhqZTBML8gO9qS+z079y7bOO8G
ifYuDbryNmXLG7naeKMrwXngWeWJhqsiuGSI4kHscboHl1qGDgxey/8JOARNqGap
XHCEvHgEG/MfdXnIJBV+2Iy7aoKNuwO1w6+R4SPNxdoC1L0X+pRS1f7e37JYldZd
SsnjXCVekgw=
=uECq
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

Top Authors In Last 30 Days

Red Hat 227 files
Ubuntu 96 files
Gentoo 33 files
Debian 23 files
Google Security Research 19 files
Mirabbas Agalarov 17 files
indoushka 15 files
Apple 9 files
CraCkEr 9 files
Ivan Fratric 8 files

File Archives

Systems

AIX (428)
Apple (1,979)
BSD (373)
CentOS (57)
Cisco (1,920)
Debian (6,753)
Fedora (1,691)
FreeBSD (1,244)
Gentoo (4,321)
HPUX (879)
iOS (344)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (45,776)
Mac OS X (685)
Mandriva (3,105)
NetBSD (256)
OpenBSD (482)
RedHat (13,311)
Slackware (941)
Solaris (1,610)
SUSE (1,444)
Ubuntu (8,626)
UNIX (9,236)
UnixWare (186)
Windows (6,555)
Other

Red Hat Security Advisory 2021-0306-01

Red Hat Security Advisory 2021-0306-01

File Archive:

June 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Red Hat Security Advisory 2021-0306-01

Share This

Red Hat Security Advisory 2021-0306-01

File Archive:

June 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems