Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1
allows a sandbox bypass. Flatpak versions since 0.8.1 address CVE-2017-5226
by using a seccomp filter to prevent sandboxed apps from using the TIOCSTI
ioctl, which could otherwise be used to inject commands into the
controlling terminal so that they would be executed outside the sandbox
after the sandboxed app exits. This fix was incomplete: on 64-bit
platforms, the seccomp filter could be bypassed by an ioctl request number
that has TIOCSTI in its 32 least significant bits and an arbitrary nonzero
value in its 32 most significant bits, which the Linux kernel would treat
as equivalent to TIOCSTI.
Upstream:released (1.2.3-2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):released (1.0.8-0ubuntu0.18.04.1)
Ubuntu 19.10 (Eoan Ermine):not-affected (1.2.4-1)
More Information

Updated: 2020-03-18 22:53:40 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)