Back to bug 2179220
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Sandipan Roy | 2023-03-17 05:05:20 UTC | Blocks | 2179174 | |
| Sandipan Roy | 2023-03-17 05:06:37 UTC | Depends On | 2179221, 2179222 | |
| Sandipan Roy | 2023-03-21 06:57:10 UTC | Depends On | 2180312, 2180311 | |
| Sandipan Roy | 2023-03-22 04:06:08 UTC | Doc Text | Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. And its contain a vulnerability similar to CVE-2017-5226, but using the `TIOCLINUX` ioctl command instead of `TIOCSTI`. If a Flatpak app is run on a Linux virtual console such as `/dev/tty1`, it can copy text from the virtual console and paste it into the command buffer, from which the command might be run after the Flatpak app has exited. Ordinary graphical terminal emulators like xterm, gnome-terminal and Konsole are unaffected. This vulnerability is specific to the Linux virtual consoles `/dev/tty1`, `/dev/tty2` and so on. | |
| RaTasha Tillery-Smith | 2023-03-22 11:37:04 UTC | Doc Text | Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. And its contain a vulnerability similar to CVE-2017-5226, but using the `TIOCLINUX` ioctl command instead of `TIOCSTI`. If a Flatpak app is run on a Linux virtual console such as `/dev/tty1`, it can copy text from the virtual console and paste it into the command buffer, from which the command might be run after the Flatpak app has exited. Ordinary graphical terminal emulators like xterm, gnome-terminal and Konsole are unaffected. This vulnerability is specific to the Linux virtual consoles `/dev/tty1`, `/dev/tty2` and so on. | A flaw was found in Flatpak, a system for building, distributing, and running sandboxed desktop applications on Linux. It contains a vulnerability similar to CVE-2017-5226 but using the `TIOCLINUX` ioctl command instead of `TIOCSTI.` If a Flatpak app is run on a Linux virtual console such as `/dev/tty1`, it can copy text from the virtual console and paste it into the command buffer, from which the command might be run after the Flatpak app has exited. Ordinary graphical terminal emulators like xterm, gnome-terminal, and Konsole are unaffected. This vulnerability is specific to the Linux virtual consoles `/dev/tty1`, `/dev/tty2`, and others. |
| Red Hat Bugzilla | 2023-07-07 08:30:24 UTC | Assignee | security-response-team | nobody |
Back to bug 2179220