Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2019-8308

Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.

Related bugs and status

CVE-2019-8308 (Candidate) is related to these bugs:

Bug #1815528: New upstream microrelease flatpak 1.0.7

		In	Importance	Status
1815528	New upstream microrelease flatpak 1.0.7	flatpak (Ubuntu)	Undecided	Fix Released
1815528	New upstream microrelease flatpak 1.0.7	flatpak (Ubuntu Cosmic)	Undecided	Fix Released
1815528	New upstream microrelease flatpak 1.0.7	flatpak (Ubuntu Bionic)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugs.debian.or...
MISC: https://github.com/fla...
MISC: https://github.com/fla...
REDHAT: RHSA-2019:0375
SUSE: openSUSE-SU-2019:2038