Oval Definition:oval:org.opensuse.security:def:20186560
Revision Date:2022-05-20Version:1
Title:CVE-2018-6560
Description:

In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2018-6560
Mitre CVE-2018-6560
SUSE CVE-2018-6560
openSUSE-SU-2018:0389-1
Platform(s):openSUSE Leap 42.3
SUSE Linux Enterprise Desktop 15
SUSE Linux Enterprise High Performance Computing 15
SUSE Linux Enterprise Module for Desktop Applications 15
SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server for SAP Applications 15
Product(s):
Definition Synopsis
  • openSUSE Leap 42.3 is installed
  • AND Package Information
  • flatpak-0.8.9-3 is installed
  • AND flatpak is signed with openSUSE key
  • OR
  • flatpak-builder-0.8.9-3 is installed
  • AND flatpak-builder is signed with openSUSE key
  • OR
  • flatpak-devel-0.8.9-3 is installed
  • AND flatpak-devel is signed with openSUSE key
  • OR
  • libflatpak0-0.8.9-3 is installed
  • AND libflatpak0 is signed with openSUSE key
  • OR
  • typelib-1_0-Flatpak-1_0-0.8.9-3 is installed
  • AND typelib-1_0-Flatpak-1_0 is signed with openSUSE key
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 15 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 is installed
  • OR SUSE Linux Enterprise Module for Desktop Applications 15 is installed
  • OR SUSE Linux Enterprise Server 15 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 is installed
  • AND flatpak is not affected
    • BACK