Articles & Reviews
News Archive
Forums
Premium
Contact
Categories

Computers Display Drivers Graphics Cards Linux Gaming Memory Motherboards Processors Software Storage Operating Systems Peripherals

Flatpak 1.6.1 Released Due To Security Issue - Special Case Of Getting Access Outside Home

Written by Michael Larabel in GNOME on 23 January 2020 at 08:10 AM EST. 1 Comment

GNOME

Flatpak 1.6 was an exciting update for this Linux application sandboxing/distribution tech in that it started laying the foundation to support a paid app store but elsewhere in the code-base a security issue came about.

Red Hat developer and Flatpak leader Alexander Larsson described this new security issue, which comes down to in certain circumstances apps could access files outside of the home directory. He explained, "This is a (mild) security update. Flatpak 1.6.0 added the ability for an application to request it to be updated, as long as the new version doesn't require new permissions. Unfortunately in some special cases, if an app had access to the home directory, but not the rest of the filesystem it would still allow a self-update where the new version could access some files outside the home directory.."

Flatpak 1.6.1 also adds a new permission for accessing the host /dev/shm as needed by JACK, a crash fix, and various other fixes. More details on GitHub.

1 Comment

Related News

GNOME 48 Mutter To Enjoy Improved Cursor Scaling For Wine Wayland & More

Resources System Monitoring App For GNOME Now Displays NPU Usage

GNOME Mutter Switches To High Priority KMS Thread To Avoid Crashes

GNOME Mutter Lands Improved GPU Selection Logic For Laptops

GNOME Making Progress On Full-Featured USB Portal For Flatpaks

GNOME Triple Buffering May Need To Be Re-Engineered - Helping NVIDIA Performance

About The Author

Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week

OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts

Linus Torvalds Comes Out Against "Completely Broken" x86_64 Feature Levels

How AMD Is Taking Standard C/C++ Code To Run Directly On GPUs

Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd

Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal

COSMIC Alpha 4 Released For System76's Rust-Based Desktop

GNU Shepherd 1.0 Service Manager Released As "Solid Tool" Alternative To systemd

KDE Starts December By Landing A Number Of New Features