Sabunta gyara ga kayan aikin kayan aiki don ƙirƙirar fakitin da ke ƙunshe da kai Flatpak 1.10.2 yana samuwa, wanda ke kawar da rauni (CVE-2021-21381) wanda ke ba da damar marubucin fakiti tare da aikace-aikacen don ketare yanayin keɓewar akwatin sandbox kuma samun damar shiga. fayiloli akan babban tsarin. Matsalar tana bayyana tun lokacin da aka saki 0.9.4.
Rashin lahani yana haifar da kuskuren aiwatar da aikin isar da fayil ɗin, wanda ya sa ya yiwu, ta hanyar yin amfani da fayil na .desktop, don samun damar albarkatu a cikin tsarin fayil na waje wanda aka hana samun damar yin amfani da aikace-aikacen da ke gudana. Lokacin ƙara fayiloli tare da alamun "@@" da "@@u" a cikin filin Exec, flatpak zai ɗauka cewa an ƙayyade takamaiman fayilolin da aka yi niyya ta mai amfani kuma za su sami damar shiga cikin waɗannan fayilolin ta atomatik. Marubutan fakitin ƙeta na iya amfani da raunin don tsara damar yin amfani da fayilolin waje, duk da bayyanar da ke gudana a cikin keɓewa.
source: budenet.ru