Red Hat Security Advisory 2019-1143-01

Red Hat Security Advisory 2019-1143-01: Posted May 13, 2019; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2019-1143-01 - Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Issues addressed include a bypass vulnerability.; tags | advisory, bypass; systems | linux, redhat; advisories | CVE-2019-10063; SHA-256 | 0ac4258563db38006217aeddf30e4d8d552f7e3bd5179ecdb5952a281e5d87ec; Download | Favorite | View

Red Hat Security Advisory 2019-1143-01

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   
Red Hat Security Advisory

Synopsis:          Important: flatpak security update
Advisory ID:       RHSA-2019:1143-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2019:1143
Issue date:        2019-05-13
CVE Names:         CVE-2019-10063
====================================================================
1. Summary:

An update for flatpak is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

Flatpak is a system for building, distributing, and running sandboxed
desktop applications on Linux.

Security Fix(es):

* flatpak: Sandbox bypass via IOCSTI (incomplete fix for CVE-2017-5226)
(CVE-2019-10063)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1695973 - CVE-2019-10063 flatpak: Sandbox bypass via IOCSTI (incomplete fix for CVE-2017-5226)

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
flatpak-1.0.6-3.el8_0.src.rpm

aarch64:
flatpak-1.0.6-3.el8_0.aarch64.rpm
flatpak-debuginfo-1.0.6-3.el8_0.aarch64.rpm
flatpak-debugsource-1.0.6-3.el8_0.aarch64.rpm
flatpak-libs-1.0.6-3.el8_0.aarch64.rpm
flatpak-libs-debuginfo-1.0.6-3.el8_0.aarch64.rpm

ppc64le:
flatpak-1.0.6-3.el8_0.ppc64le.rpm
flatpak-debuginfo-1.0.6-3.el8_0.ppc64le.rpm
flatpak-debugsource-1.0.6-3.el8_0.ppc64le.rpm
flatpak-libs-1.0.6-3.el8_0.ppc64le.rpm
flatpak-libs-debuginfo-1.0.6-3.el8_0.ppc64le.rpm

s390x:
flatpak-1.0.6-3.el8_0.s390x.rpm
flatpak-debuginfo-1.0.6-3.el8_0.s390x.rpm
flatpak-debugsource-1.0.6-3.el8_0.s390x.rpm
flatpak-libs-1.0.6-3.el8_0.s390x.rpm
flatpak-libs-debuginfo-1.0.6-3.el8_0.s390x.rpm

x86_64:
flatpak-1.0.6-3.el8_0.x86_64.rpm
flatpak-debuginfo-1.0.6-3.el8_0.i686.rpm
flatpak-debuginfo-1.0.6-3.el8_0.x86_64.rpm
flatpak-debugsource-1.0.6-3.el8_0.i686.rpm
flatpak-debugsource-1.0.6-3.el8_0.x86_64.rpm
flatpak-libs-1.0.6-3.el8_0.i686.rpm
flatpak-libs-1.0.6-3.el8_0.x86_64.rpm
flatpak-libs-debuginfo-1.0.6-3.el8_0.i686.rpm
flatpak-libs-debuginfo-1.0.6-3.el8_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-10063
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXNj60dzjgjWX9erEAQjjRw/+IVcn0Pb0BZvOWRb4BL949s8RczbsOuZC
BeWxhC4XkYF/WCaRVSw7U6o4keXActLUU9VQGysnxlMi7yBMg3rSoxTDYAAXdHTF
DpbKboue9FFcCAMAIQGURlfl110rztDlEZvdPcFIxYzN2neI6DhBBW0QXF1ltR+i
1YacL7w7Iyj5mEjmPvCr9nziXU4CU8mMDIXifYIdm5xqyRCWPzYW0pbmB0VRjD58
kUS4jWWN5/VhdK2blW4ujE8VDwuKusiPzNrdZelSTp6UloH7oRz/QUkCWBy2NONP
qcuApc7BikcJghoebKfsV3s5rK9hAKh065EAfTCXkflNmHvmyqdhVgf5U9PzzUkK
iEhuYWgdmGJDUOBz7Q4Dxvk5+rTdG8hv4sSRqijYjvBX1ZFLI717xL9kSwzR+PJ5
tumu4gnmWCDyBS5dFitsyalr76d0j8Flmi+reLew97pQv92ye0Hh1RQGtwjM8W01
YKe7FBY9qKVG+ujPoaNitX5xyxpabVcArTE+yx28FZHrt5OvPrx1yzkfvctrCrGm
hAKN7eWXCrKQTHJowQlVIFflwxCzQlsk3t0WQ+bvVrl6Ef9pEdraROwcOkOC7Bsq
sRJ3IROJ2uq4JwWcPUCGiOafXptGZbB0SZGxMrL8yBqQp9zcGah0WcwBqGpKeyEH
grkTXGhxrDc=L621
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

Top Authors In Last 30 Days

Red Hat 300 files
Ubuntu 63 files
Debian 20 files
LiquidWorm 19 files
Apple 9 files
Gentoo 5 files
Google Security Research 4 files
Alter Prime 3 files
Chokri Hammedi 3 files
nu11secur1ty 2 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,163)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,928)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,326)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,981)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

Red Hat Security Advisory 2019-1143-01

Red Hat Security Advisory 2019-1143-01

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Red Hat Security Advisory 2019-1143-01

Share This

Red Hat Security Advisory 2019-1143-01

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems