ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2022.0131
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2022-0131)
Resumen:	The remote host is missing an update for the 'discover, flatpak, gnome-software, xdg-desktop-portal-kde' package(s) announced via the MGASA-2022-0131 advisory.
Descripción:	Summary: The remote host is missing an update for the 'discover, flatpak, gnome-software, xdg-desktop-portal-kde' package(s) announced via the MGASA-2022-0131 advisory. Vulnerability Insight: Flatpak doesn't properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to the app at runtime, in the case that there's a null byte in the metadata file of an app. (CVE-2021-43860) Path traversal vulnerability (CVE-2022-21682) Various other fixes and enhancements included in update to version 1.12.7. Affected Software/OS: 'discover, flatpak, gnome-software, xdg-desktop-portal-kde' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2021-43860 https://github.com/flatpak/flatpak/security/advisories/GHSA-qpjc-vq3c-572j Debian Security Information: DSA-5049 (Google Search) https://www.debian.org/security/2022/dsa-5049 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APFTBYGJJVJPFVHRXUW5PII5XOAFI4KH/ https://security.gentoo.org/glsa/202312-12 https://github.com/flatpak/flatpak/commit/54ec1a482dfc668127eaae57f135e6a8e0bc52da https://github.com/flatpak/flatpak/commit/65cbfac982cb1c83993a9e19aa424daee8e9f042 https://github.com/flatpak/flatpak/commit/93357d357119093804df05acc32ff335839c6451 https://github.com/flatpak/flatpak/commit/ba818f504c926baaf6e362be8159cfacf994310e https://github.com/flatpak/flatpak/commit/d9a8f9d8ccc0b7c1135d0ecde006a75d25f66aee https://github.com/flatpak/flatpak/releases/tag/1.10.6 https://github.com/flatpak/flatpak/releases/tag/1.12.3 Common Vulnerability Exposure (CVE) ID: CVE-2022-21682 https://github.com/flatpak/flatpak/security/advisories/GHSA-8ch7-5j3h-g4fx https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXKBERLJRYV7KXKGXOLI6IOXVBQNN4DP/ https://github.com/flatpak/flatpak/commit/445bddeee657fdc8d2a0a1f0de12975400d4fc1a https://github.com/flatpak/flatpak/commit/4d11f77aa7fd3e64cfa80af89d92567ab9e8e6fa
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.