Amazon Linux 2 Security Advisory: ALAS-2018-1096
Advisory Release Date: 2018-10-24 16:37 Pacific
Advisory Updated Date: 2018-10-25 23:04 Pacific
Severity:
Medium
Issue Overview:
It was found that flatpak's D-Bus proxy did not properly filter the access to D-Bus during the authentication protocol. A specially crafted flatpak application could use this flaw to bypass all restrictions imposed by flatpak and have full access to the D-BUS interface.(CVE-2018-6560)
Affected Packages:
flatpak
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update flatpak to update your system.
New Packages:
i686:
flatpak-0.8.8-4.amzn2.i686
flatpak-builder-0.8.8-4.amzn2.i686
flatpak-devel-0.8.8-4.amzn2.i686
flatpak-libs-0.8.8-4.amzn2.i686
flatpak-debuginfo-0.8.8-4.amzn2.i686
src:
flatpak-0.8.8-4.amzn2.src
x86_64:
flatpak-0.8.8-4.amzn2.x86_64
flatpak-builder-0.8.8-4.amzn2.x86_64
flatpak-devel-0.8.8-4.amzn2.x86_64
flatpak-libs-0.8.8-4.amzn2.x86_64
flatpak-debuginfo-0.8.8-4.amzn2.x86_64