Chris Williams discovered a flaw in the handling of mounts for persistent directories in Flatpak, an application deployment framework for desktop apps. A malicious or compromised Flatpak app using persistent directories could take advantage of this flaw to access files outside of the sandbox.
Details can be found in the upstream advisory at https://github.com/flatpak/flatpak/security/advisories/GHSA-7hgv-f2j8-xw87
https://security-tracker.debian.org/tracker/DSA-5749-1
Continue reading...
Details can be found in the upstream advisory at https://github.com/flatpak/flatpak/security/advisories/GHSA-7hgv-f2j8-xw87
https://security-tracker.debian.org/tracker/DSA-5749-1
Continue reading...