{"id":"MGASA-2018-0143","summary":"Updated flatpak packages fix security vulnerability","details":"Updated flatpak packages fix security vulnerability:\n\nA sandbox escape in the flatpak dbus proxy in the authentication phase\n(CVE-2018-6560).\n\nThe flatpak has been upgraded to the latest stable version, 0.10.3, which fixes\nthis issue.  The bubblewrap, ostree, flatpak-builder, xdg-desktop-portal,\nxdg-desktop-portal-gtk, and appstream-glib packages have also been upgraded to\nsupport this updated.\n","modified":"2026-04-16T06:23:19.920045778Z","published":"2018-02-26T16:23:22Z","upstream":["CVE-2018-6560"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0143.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=22562"},{"type":"WEB","url":"https://lists.opensuse.org/opensuse-updates/2018-02/msg00019.html"}],"affected":[{"package":{"name":"bubblewrap","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/bubblewrap?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.2.0-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0143.json"}},{"package":{"name":"ostree","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/ostree?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2018.1-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0143.json"}},{"package":{"name":"flatpak","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/flatpak?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.10.3-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0143.json"}},{"package":{"name":"flatpak-builder","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/flatpak-builder?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.10.6-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0143.json"}},{"package":{"name":"xdg-desktop-portal","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/xdg-desktop-portal?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.9-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0143.json"}},{"package":{"name":"xdg-desktop-portal-gtk","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/xdg-desktop-portal-gtk?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.9-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0143.json"}},{"package":{"name":"appstream-glib","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/appstream-glib?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.7.6-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0143.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}