•

CVE-2024-42472 - 10.0 - Flatpack < 1.14.10 , >= 1.15.0, < 1.15.10 sandbox escape

CVE Website

https://www.cve.org/CVERecord?id=CVE-2024-42472

I haven't seen it yet, and this one is near and dear to my heart.

Update your stuff -- this one's been affecting Enterprise Linux for maybe 12 years, versions the distros have long since grown bored of supporting, so essentially every EL install out there. So great.

1 comments

possiblylinux127

•

Flatpak has never been considered secure from a sandboxing perspective. If an app wants to cause harm it can do so with or without Flatpak. Do not rely on Flatpak as part of your security model.

Also Flatpak isn't really heavily used in the enterprise. The vast majority of Linux machines are servers.