exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 11 of 11 RSS Feed

CVE-2024-32462

Status Candidate

Overview

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument of `flatpak run` expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. However it is possible to instead pass `bwrap` arguments to `--command=`, such as `--bind`. It's possible to pass an arbitrary `commandline` to the portal interface `org.freedesktop.portal.Background.RequestBackground` from within a Flatpak app. When this is converted into a `--command` and arguments, it achieves the same effect of passing arguments directly to `bwrap`, and thus can be used for a sandbox escape. The solution is to pass the `--` argument to `bwrap`, which makes it stop processing options. This has been supported since bubblewrap 0.3.0. All supported versions of Flatpak require at least that version of bubblewrap. xdg-desktop-portal version 1.18.4 will mitigate this vulnerability by only allowing Flatpak apps to create .desktop files for commands that do not start with --. The vulnerability is patched in 1.15.8, 1.10.9, 1.12.9, and 1.14.6.

Related Files

Gentoo Linux Security Advisory 202406-02
Posted Jun 24, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202406-2 - A vulnerability has been discovered in Flatpak, which can lead to a sandbox escape. Versions greater than or equal to 1.14.6 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2024-32462
SHA-256 | 20c3c2efefe645abf80b458098c6f027b1f50f0c373d76fad628647b587e7eb6
Download | Favorite | View
Red Hat Security Advisory 2024-3980-03
Posted Jun 19, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-3980-03 - An update for flatpak is now available for Red Hat Enterprise Linux 7.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-32462
SHA-256 | e39ba33f3a209e0e5252b6130325f42b3610bcb538338bba9251672662516669
Download | Favorite | View
Red Hat Security Advisory 2024-3979-03
Posted Jun 19, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-3979-03 - An update for flatpak is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-32462
SHA-256 | eddda7dbdedb94fb871006765f0d0ebdedb19936f3bd26d6dfa4ff0e44771b70
Download | Favorite | View
Red Hat Security Advisory 2024-3970-03
Posted Jun 18, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-3970-03 - An update for flatpak is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-32462
SHA-256 | 23d10c9838b1396db6283efd14691dbd1a04e264085c3ead66231fba4a4d2adf
Download | Favorite | View
Red Hat Security Advisory 2024-3969-03
Posted Jun 18, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-3969-03 - An update for flatpak is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-32462
SHA-256 | 971d5a4c3548e61710901adaba7e539cf264bf0b2249deb6e3a19c6638558eea
Download | Favorite | View
Red Hat Security Advisory 2024-3963-03
Posted Jun 18, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-3963-03 - An update for flatpak is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-32462
SHA-256 | 86892dea649ff290d4df23e11ce8a927801bf117f650b5eb823de0af1c57e2b4
Download | Favorite | View
Red Hat Security Advisory 2024-3962-03
Posted Jun 18, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-3962-03 - An update for flatpak is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-32462
SHA-256 | 1e57f6bb3e4a5c5ac8be8e1af8203d43e8ad984d2720488ae1526399083ad8b3
Download | Favorite | View
Red Hat Security Advisory 2024-3961-03
Posted Jun 18, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-3961-03 - An update for flatpak is now available for Red Hat Enterprise Linux 8.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-32462
SHA-256 | 89ca92c08699f70ff0ae992feca16d0d83f1233f59e7d26318313dc4d06d79a6
Download | Favorite | View
Red Hat Security Advisory 2024-3960-03
Posted Jun 18, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-3960-03 - An update for flatpak is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-32462
SHA-256 | 928d03d2fe4a1b1ebbee18bf25d4448c032074315a5355ecd192ccde0099bc0c
Download | Favorite | View
Red Hat Security Advisory 2024-3959-03
Posted Jun 18, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-3959-03 - An update for flatpak is now available for Red Hat Enterprise Linux 9.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-32462
SHA-256 | 3a7e495acde2c195388aaabb0055aa3f4e15135c8a4102a3e3ca7bbd42776c95
Download | Favorite | View
Debian Security Advisory 5666-1
Posted Apr 22, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5666-1 - Gergo Koteles discovered that sandbox restrictions in Flatpak, an application deployment framework for desktop apps, could by bypassed in combination with xdg-desktop-portal.

tags | advisory
systems | linux, debian
advisories | CVE-2024-32462
SHA-256 | d4f8e7d8fdbaa5f16964c5a67372ac10c12ec22b2f4145483f1b0040d1910fd8
Download | Favorite | View
Page 1 of 1
Back1Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close