ALAS2-2018-1096


Amazon Linux 2 Security Advisory: ALAS-2018-1096
Advisory Release Date: 2018-10-25 23:04 Pacific
Severity: Medium
References: CVE-2018-6560 

Issue Overview:

It was found that flatpak's D-Bus proxy did not properly filter the access to D-Bus during the authentication protocol. A specially crafted flatpak application could use this flaw to bypass all restrictions imposed by flatpak and have full access to the D-BUS interface.(CVE-2018-6560 )


Affected Packages:

flatpak


Issue Correction:
Run yum update flatpak to update your system.

New Packages:
i686:
    flatpak-0.8.8-4.amzn2.i686
    flatpak-builder-0.8.8-4.amzn2.i686
    flatpak-devel-0.8.8-4.amzn2.i686
    flatpak-libs-0.8.8-4.amzn2.i686
    flatpak-debuginfo-0.8.8-4.amzn2.i686

src:
    flatpak-0.8.8-4.amzn2.src

x86_64:
    flatpak-0.8.8-4.amzn2.x86_64
    flatpak-builder-0.8.8-4.amzn2.x86_64
    flatpak-devel-0.8.8-4.amzn2.x86_64
    flatpak-libs-0.8.8-4.amzn2.x86_64
    flatpak-debuginfo-0.8.8-4.amzn2.x86_64