Yekugadzirisa gadziriso kune kit chekushandisa chekugadzira-ega mapakeji Flatpak 1.10.2 inowanikwa, iyo inobvisa kusagadzikana (CVE-2021-21381) iyo inobvumira munyori wepasuru ine application yekupfuura iyo sandbox yekuzviparadzanisa nzira uye kuwana mukana kune. mafaira pane main system. Dambudziko rave kuoneka kubva pakuburitswa 0.9.4.
Kusagadzikana kunokonzerwa nekukanganisa mukushandiswa kwefaira rekufambisa basa, izvo zvinoita kuti zvikwanisike, kuburikidza nekugadzirisa .desktop file, kuwana zvigadziro mune imwe kunze kwefaira system iyo inorambidzwa kuwanikwa nekushanda kwekushanda. Paunenge uchiwedzera mafaera ane ma tag "@@" uye "@@u" mundima yeExec, flatpak inofungidzira kuti mafaera akatarwa akatsanangurwa zvakajeka nemushandisi uye anozozviitira sandbox kuwana mafaera aya. Kusagadzikana kunogona kushandiswa nevanyori vepakeji yakaipa kuronga kuwana mafaera ekunze, kunyangwe kutaridzika kwekumhanya mukuzviparadzanisa nevamwe.
Source: opennet.ru