This is a security update that fixes a sandbox escape where a malicious application can execute code outside the sandbox by controlling the environment of the "flatpak run" command when spawning a sub-sandbox.
See the advisory for details: https://github.com/flatpak/flatpak/security/advisories/GHSA-4ppf-fxf6-vxg2
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2021-f807eb480a
Please log in to add feedback.
This update has been submitted for testing by kalev.
This update's test gating status has been changed to 'ignored'.
This update's test gating status has been changed to 'waiting'.
kalev edited this update.
This update's test gating status has been changed to 'ignored'.
This update has been pushed to testing.
Works
This update has been submitted for stable by bodhi.
This update has been pushed to stable.