Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2021.0143
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2021-0143)
Zusammenfassung:	The remote host is missing an update for the 'appstream-glib, bubblewrap, flatpak, gnome-software, libglib-testing, malcontent, ostree' package(s) announced via the MGASA-2021-0143 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'appstream-glib, bubblewrap, flatpak, gnome-software, libglib-testing, malcontent, ostree' package(s) announced via the MGASA-2021-0143 advisory. Vulnerability Insight: Sandbox escape where a malicious application can execute code outside the sandbox by controlling the environment of the 'flatpak run' command when spawning a sub-sandbox (CVE-2021-21261). A potential attack where a flatpak application could use custom formatted .desktop files to gain access to files on the host system (CVE-2021-21381). The update also removes the unnecessary flatpak-tests subpackage. Affected Software/OS: 'appstream-glib, bubblewrap, flatpak, gnome-software, libglib-testing, malcontent, ostree' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2021-21261 https://github.com/flatpak/flatpak/security/advisories/GHSA-4ppf-fxf6-vxg2 Debian Security Information: DSA-4830 (Google Search) https://www.debian.org/security/2021/dsa-4830 https://security.gentoo.org/glsa/202101-21 https://github.com/flatpak/flatpak/commit/6d1773d2a54dde9b099043f07a2094a4f1c2f486 https://github.com/flatpak/flatpak/commit/6e5ae7a109cdfa9735ea7ccbd8cb79f9e8d3ae8b https://github.com/flatpak/flatpak/commit/aeb6a7ab0abaac4a8f4ad98b3df476d9de6b8bd4 https://github.com/flatpak/flatpak/commit/cc1401043c075268ecc652eac557ef8076b5eaba https://github.com/flatpak/flatpak/releases/tag/1.8.5 Common Vulnerability Exposure (CVE) ID: CVE-2021-21381 https://github.com/flatpak/flatpak/security/advisories/GHSA-xgh4-387p-hqpp Debian Security Information: DSA-4868 (Google Search) https://www.debian.org/security/2021/dsa-4868 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WXNVFOIB6ZP4DGOVKAM25T6OIEP3YLGV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MXXLXC2DPJ45HSMTI5MZYHMYEGQN6AA/ https://security.gentoo.org/glsa/202312-12 https://github.com/flatpak/flatpak/commit/8279c5818425b6812523e3805bbe242fb6a5d961 https://github.com/flatpak/flatpak/commit/a7401e638bf0c03102039e216ab1081922f140ae https://github.com/flatpak/flatpak/commit/eb7946bb6248923d8c90fe9b84425fef97ae580d https://github.com/flatpak/flatpak/pull/4156 https://github.com/flatpak/flatpak/releases/tag/1.10.2
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.