Candidate: CVE-2019-10063
PublicDate: 2019-03-26 14:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10063
 https://github.com/flatpak/flatpak/issues/2782
 https://github.com/flatpak/flatpak/commit/a9107feeb4b8275b78965b36bf21b92d5724699e
Description:
 Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1
 allows a sandbox bypass. Flatpak versions since 0.8.1 address CVE-2017-5226
 by using a seccomp filter to prevent sandboxed apps from using the TIOCSTI
 ioctl, which could otherwise be used to inject commands into the
 controlling terminal so that they would be executed outside the sandbox
 after the sandboxed app exits. This fix was incomplete: on 64-bit
 platforms, the seccomp filter could be bypassed by an ioctl request number
 that has TIOCSTI in its 32 least significant bits and an arbitrary nonzero
 value in its 32 most significant bits, which the Linux kernel would treat
 as equivalent to TIOCSTI.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925541
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H [9.0 CRITICAL]


Patches_flatpak:
upstream_flatpak: released (1.2.3-2)
precise/esm_flatpak: DNE
trusty_flatpak: DNE
trusty/esm_flatpak: DNE
xenial_flatpak: DNE
bionic_flatpak: released (1.0.8-0ubuntu0.18.04.1)
cosmic_flatpak: released (1.0.8-0ubuntu0.18.10.1)
disco_flatpak: not-affected (1.2.4-1)
devel_flatpak: not-affected (1.2.4-1)