SUSE update for flatpak
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Code Injection
EUVDB-ID: #VU49587
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-21261
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a local application to elevate privileges on the system.
The vulnerability exists due to improper input validation when processing environment variables, passed from a sandboxed process to a non-sandboxed process on the host system, and in particular to the `flatpak run` command that is used to launch the new sandbox instance. A malicious or compromised Flatpak app can set environment variables that are trusted by the `flatpak run` command, and use them to execute arbitrary code that is not in a sandbox.
MitigationUpdate the affected package flatpak to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1
SUSE Linux Enterprise High Performance Computing: 15-SP1-ESPOS - 15-SP1-LTSS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-SP1-BCL - 15-SP1-LTSS
typelib-1_0-Flatpak-1_0: before 1.2.3-150100.4.8.1
libflatpak0-debuginfo: before 1.2.3-150100.4.8.1
libflatpak0: before 1.2.3-150100.4.8.1
flatpak-zsh-completion: before 1.2.3-150100.4.8.1
flatpak-devel: before 1.2.3-150100.4.8.1
flatpak-debugsource: before 1.2.3-150100.4.8.1
flatpak-debuginfo: before 1.2.3-150100.4.8.1
flatpak: before 1.2.3-150100.4.8.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20223284-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Security restrictins bypass
EUVDB-ID: #VU57176
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-41133
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to an error in the VFS-manipulating syscalls implementation. A local user can bypass sandbox restrictions and escalate privileges on the system.
Update the affected package flatpak to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1
SUSE Linux Enterprise High Performance Computing: 15-SP1-ESPOS - 15-SP1-LTSS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-SP1-BCL - 15-SP1-LTSS
typelib-1_0-Flatpak-1_0: before 1.2.3-150100.4.8.1
libflatpak0-debuginfo: before 1.2.3-150100.4.8.1
libflatpak0: before 1.2.3-150100.4.8.1
flatpak-zsh-completion: before 1.2.3-150100.4.8.1
flatpak-devel: before 1.2.3-150100.4.8.1
flatpak-debugsource: before 1.2.3-150100.4.8.1
flatpak-debuginfo: before 1.2.3-150100.4.8.1
flatpak: before 1.2.3-150100.4.8.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20223284-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU59654
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-43860
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to application does not properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to the app at runtime, which leads to security restrictions bypass and privilege escalation.
MitigationUpdate the affected package flatpak to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1
SUSE Linux Enterprise High Performance Computing: 15-SP1-ESPOS - 15-SP1-LTSS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-SP1-BCL - 15-SP1-LTSS
typelib-1_0-Flatpak-1_0: before 1.2.3-150100.4.8.1
libflatpak0-debuginfo: before 1.2.3-150100.4.8.1
libflatpak0: before 1.2.3-150100.4.8.1
flatpak-zsh-completion: before 1.2.3-150100.4.8.1
flatpak-devel: before 1.2.3-150100.4.8.1
flatpak-debugsource: before 1.2.3-150100.4.8.1
flatpak-debuginfo: before 1.2.3-150100.4.8.1
flatpak: before 1.2.3-150100.4.8.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20223284-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
