Oval Definition:oval:org.opensuse.security:def:20179780
Revision Date:2022-05-20Version:1
Title:CVE-2017-9780
Description:

In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the world-writable location. In the case of the "system helper" component, files deployed as part of the app are owned by root, so in the worst case they could be setuid root.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2017-9780
Mitre CVE-2017-9780
SUSE CVE-2017-9780
openSUSE-SU-2018:0389-1
Platform(s):openSUSE Leap 42.3
SUSE Linux Enterprise Desktop 15
SUSE Linux Enterprise High Performance Computing 15
SUSE Linux Enterprise Module for Desktop Applications 15
SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server for SAP Applications 15
Product(s):
Definition Synopsis
  • openSUSE Leap 42.3 is installed
  • AND Package Information
  • flatpak-0.8.9-3 is installed
  • AND flatpak is signed with openSUSE key
  • OR
  • flatpak-builder-0.8.9-3 is installed
  • AND flatpak-builder is signed with openSUSE key
  • OR
  • flatpak-devel-0.8.9-3 is installed
  • AND flatpak-devel is signed with openSUSE key
  • OR
  • libflatpak0-0.8.9-3 is installed
  • AND libflatpak0 is signed with openSUSE key
  • OR
  • typelib-1_0-Flatpak-1_0-0.8.9-3 is installed
  • AND typelib-1_0-Flatpak-1_0 is signed with openSUSE key
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 15 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 is installed
  • OR SUSE Linux Enterprise Module for Desktop Applications 15 is installed
  • OR SUSE Linux Enterprise Server 15 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 is installed
  • AND flatpak is not affected
    • BACK