Ubuntu Security Notice 4721-1 - Simon McVittieg discovered that flatpak-portal service allowed sandboxed applications to execute arbitrary code on the host system. A malicious user could create a Flatpak application that set environment variables, trusted by the Flatpak "run" command, and use it to execute arbitrary code outside the sandbox.
1e6437de8d13696893e975c8a53710c37dbc427fe3f6d15e6d18215b3f05ce89
Red Hat Security Advisory 2021-0411-01 - Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.
edc1a8643870b12d2d3ed8e9669e1738b60d533d54f9a826eb7f595576781ec0
Red Hat Security Advisory 2021-0307-01 - Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.
88d7bcf1bbc67ce845486499df0172b230e20c04b5b62166c1b883f143280773
Red Hat Security Advisory 2021-0306-01 - Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.
8a4a7ef0ec0ebaf1a12ebc008878b3fca2bdeb22a85a1b3cafc67e5ab79ebe00
Red Hat Security Advisory 2021-0304-01 - Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.
596de21560caf6ac72b3d603bdbc0d3c46886ab55bd640bdf3847356a796ffe4
Gentoo Linux Security Advisory 202101-21 - A vulnerability was discovered in Flatpak which could allow a remote attacker to execute arbitrary code. Versions less than 1.10.0 are affected.
0f52f21604dd7699a13ff158d15c36ff328cdf5dd109074a48b60ae127bfac04
Gentoo Linux Security Advisory 202101-15 - Multiple vulnerabilities have been found in VirtualBox, the worst of which could result in privilege escalation. Versions prior to 6.1.18 are affected.
5053623f21273f99393a766764d03e8ae442ebc46b5716edc0b44203cfe03c3f