Flatpak Security Update Advisory (CVE-2024-42472)

Sep 27 2024

Overview

An update has been released to address vulnerabilities in Flatpak. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-42472

Flatpak versions: ~ 1.14.8 (inclusive)
Flatpak versions: 1.15.x (inclusive) ~ 1.15.9 (inclusive)

Resolved Vulnerabilities

Vulnerability that allows malicious apps to access and write files outside the home directory via persistent directories (CVE-2024-42472)

Vulnerability Patches

The following product-specific vulnerability patches have been made available with the latest update. If you are using an affected version, Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-42472

Flatpak version: 1.14.10 or later version
Flatpak version: 1.15.10 or later version

References

[1] CVE-2024-42472 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-42472

[2] CVE-2024-42472: Access to files outside sandbox for apps using persistent= (–persist)

https://github.com/flatpak/flatpak/security/advisories/GHSA-7hgv-f2j8-xw87

Flatpak Security Update Advisory (CVE-2024-42472)

Navidrome Security Update Advisory (CVE-2024-47062)

TeamViewer Product Security Update Advisory

Tags:

Navidrome Security Update Advisory (CVE-2024-47062)

TeamViewer Product Security Update Advisory