Oval Definition:oval:org.opensuse.security:def:202328101
Revision Date:2023-06-22Version:1
Title:CVE-2023-28101
Description:

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the `flatpak(1)` command-line interface by setting other permissions to crafted values that contain non-printable control characters such as `ESC`. A fix is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, use a GUI like GNOME Software rather than the command-line interface, or only install apps whose maintainers you trust.
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2023-28101
SUSE CVE-2023-28101
SUSE-SU-2023:1712-1
SUSE-SU-2023:1713-1
SUSE-SU-2023:1714-1
SUSE-SU-2023:1715-1
Platform(s):SUSE Linux Enterprise Desktop 15 SP5
SUSE Linux Enterprise High Performance Computing 15 SP5
SUSE Linux Enterprise Module for Desktop Applications 15 SP5
SUSE Linux Enterprise Server 15 SP5
SUSE Linux Enterprise Server for SAP Applications 15 SP5
Product(s):
Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 15 SP5 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP5 is installed
  • OR SUSE Linux Enterprise Module for Desktop Applications 15 SP5 is installed
  • OR SUSE Linux Enterprise Server 15 SP5 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP5 is installed
  • AND Package Information
  • flatpak-1.14.4-150500.1.3 is installed
  • OR flatpak-devel-1.14.4-150500.1.3 is installed
  • OR flatpak-remote-flathub-1.14.4-150500.1.3 is installed
  • OR flatpak-zsh-completion-1.14.4-150500.1.3 is installed
  • OR libflatpak0-1.14.4-150500.1.3 is installed
  • OR system-user-flatpak-1.14.4-150500.1.3 is installed
  • OR typelib-1_0-Flatpak-1_0-1.14.4-150500.1.3 is installed
    • BACK