Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2018-6560

In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon.

Related bugs and status

CVE-2018-6560 (Candidate) is related to these bugs:

Bug #1811824: [MIR] xdg-dbus-proxy

Summary				In	Importance	Status
	1811824	[MIR] xdg-dbus-proxy		xdg-dbus-proxy (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://github.com/fla...
CONFIRM: https://github.com/fla...
CONFIRM: https://github.com/fla...
REDHAT: RHSA-2018:2766