ALAS2-2021-1625


Amazon Linux 2 Security Advisory: ALAS-2021-1625
Advisory Release Date: 2021-04-02 01:53 Pacific
Advisory Updated Date: 2021-04-06 16:58 Pacific
Severity: Important
References: CVE-2021-21381 

Issue Overview:

A sandbox escape flaw was found in the way flatpak handled special tokens in ".desktop" files. This flaw allows an attacker to gain access to files that are not ordinarily allowed by the app's permissions. The highest threat from this vulnerability is to confidentiality and integrity. (CVE-2021-21381 )


Affected Packages:

flatpak


Issue Correction:
Run yum update flatpak to update your system.

New Packages:
aarch64:
    flatpak-1.0.9-10.amzn2.0.1.aarch64
    flatpak-builder-1.0.0-10.amzn2.0.1.aarch64
    flatpak-devel-1.0.9-10.amzn2.0.1.aarch64
    flatpak-libs-1.0.9-10.amzn2.0.1.aarch64
    flatpak-debuginfo-1.0.9-10.amzn2.0.1.aarch64

i686:
    flatpak-1.0.9-10.amzn2.0.1.i686
    flatpak-builder-1.0.0-10.amzn2.0.1.i686
    flatpak-devel-1.0.9-10.amzn2.0.1.i686
    flatpak-libs-1.0.9-10.amzn2.0.1.i686
    flatpak-debuginfo-1.0.9-10.amzn2.0.1.i686

src:
    flatpak-1.0.9-10.amzn2.0.1.src

x86_64:
    flatpak-1.0.9-10.amzn2.0.1.x86_64
    flatpak-builder-1.0.0-10.amzn2.0.1.x86_64
    flatpak-devel-1.0.9-10.amzn2.0.1.x86_64
    flatpak-libs-1.0.9-10.amzn2.0.1.x86_64
    flatpak-debuginfo-1.0.9-10.amzn2.0.1.x86_64