漏洞信息详情
Flatpak 输入验证错误漏洞
- CNNVD编号:CNNVD-202110-480 <!--
- 危害等级: 高危-->
- 危害等级: 高危
- CVE编号: CVE-2021-41133
- 漏洞类型: 输入验证错误
- 发布时间: 2021-10-08
- 威胁类型: 本地
- 更新时间: 2021-11-18
- 厂 商:
- 漏洞来源:
-
漏洞简介
Flatpak是一套用于Linux桌面应用计算机环境的应用程序虚拟化系统。
Flatpak 1.12.0和1.10.4之前版本存在输入验证错误漏洞,该漏洞源于可直接访问AF_UNIX套接字(如Wayland、Pipewire或Pipewire pulse使用的套接字)的Flatpak应用程序可以欺骗门户和其他主机操作系统服务,使其将Flatpak应用程序视为普通的、非沙盒主机操作系统进程。1.10.4版和1.12.0版都有补丁,正在计划1.8.2版的补丁。除了升级到修补版本外,没有其他解决办法。
漏洞公告
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q
参考网址
来源:MLIST
链接:http://www.openwall.com/lists/oss-security/2021/10/26/9
来源:MISC
链接:https://github.com/flatpak/flatpak/commit/9766ee05b1425db397d2cf23afd24c7f6146a69f
来源:MISC
链接:https://github.com/flatpak/flatpak/commit/a10f52a7565c549612c92b8e736a6698a53db330
来源:MISC
链接:https://github.com/flatpak/flatpak/commit/e26ac7586c392b5eb35ff4609fe232c52523b2cf
来源:CONFIRM
链接:https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/R5656ONDP2MGKIJMKEC7N2NXCV27WGTC/
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/T5DKCYRC6MFSTFCUP4DELCOUUP3SFEFX/
来源:MISC
链接:https://github.com/flatpak/flatpak/commit/89ae9fe74c6d445bb1b3a40e568d77cf5de47e48
来源:DEBIAN
链接:https://www.debian.org/security/2021/dsa-4984
来源:MISC
链接:https://github.com/flatpak/flatpak/commit/462fca2c666e0cd2b60d6d2593a7216a83047aaf
来源:MISC
链接:https://github.com/flatpak/flatpak/commit/26b12484eb8a6219b9e7aa287b298a894b2f34ca
来源:MISC
链接:https://github.com/flatpak/flatpak/commit/1330662f33a55e88bfe18e76de28b7922d91a999
来源:MISC
链接:https://github.com/flatpak/flatpak/commit/4c34815784e9ffda5733225c7d95824f96375e36
来源:access.redhat.com
链接:https://access.redhat.com/security/cve/cve-2021-41133
来源:nvd.nist.gov
链接:https://nvd.nist.gov/vuln/detail/CVE-2021-41133
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021110212
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.3648
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021111728
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.3635
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021110504
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021110318
来源:vigilance.fr
链接:https://vigilance.fr/vulnerability/Flatpak-privilege-escalation-via-AF-UNIX-Sockets-36652
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.3496
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021101417
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/164728/Red-Hat-Security-Advisory-2021-4042-01.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/164732/Red-Hat-Security-Advisory-2021-4044-01.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.3379
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021100815
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/164757/Red-Hat-Security-Advisory-2021-4106-01.html
受影响实体
暂无
补丁
- Flatpak 输入验证错误漏洞的修复措施<!--2021-10-8-->
还没有评论,来说两句吧...