Flatpak developer Alex Larsson is announcing the release of the second bugfix and security update to the Flatpak 0.8 stable series, an open-source project that provides a Linux application sandboxing and distribution framework, formerly XDG-App.Flatpak 0.8.2 is a security fix release that needs to be installed on your computer immediately, as it addresses a critical bug where various of the bind-mounts the framework implements on your system could have been modified. These include system fonts, extensions, machine-id, localtime, and resolv.conf.
"Some of the bind-mounts that flatpak sets up were not read-only as they should have. This includes: extensions, system fonts, resolv.conf, localtime, and machine-id. Many of these are typically only writable by root, but some, like the user-specific fonts and user-installed extensions could be modified from the sandbox," said Alex Larsson.
DRI ac... (read more)
from Softpedia News / Linux http://ift.tt/2jHtx2u
via IFTTT
No comments:
Post a Comment