CVE-2019-10063 (retired)

Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1
allows a sandbox bypass. Flatpak versions since 0.8.1 address CVE-2017-5226
by using a seccomp filter to prevent sandboxed apps from using the TIOCSTI
ioctl, which could otherwise be used to inject commands into the
controlling terminal so that they would be executed outside the sandbox
after the sandboxed app exits. This fix was incomplete: on 64-bit
platforms, the seccomp filter could be bypassed by an ioctl request number
that has TIOCSTI in its 32 least significant bits and an arbitrary nonzero
value in its 32 most significant bits, which the Linux kernel would treat
as equivalent to TIOCSTI.
Upstream:released (1.2.3-2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):released (1.0.8-0ubuntu0.18.04.1)
Ubuntu 18.10 (Cosmic Cuttlefish):released (1.0.8-0ubuntu0.18.10.1)
Ubuntu 19.04 (Disco Dingo):not-affected (1.2.4-1)
Ubuntu 19.10 (Eoan):not-affected (1.2.4-1)
More Information

Updated: 2019-05-10 15:14:51 UTC (commit 3c00b0ed9466e443831508364cb19328f87345f9)