Uhlaziyo oluchanekileyo kwi-toolkit yokudala iipakethe ezizimeleyo I-Flatpak 1.10.2 iyafumaneka, ephelisa ubuthathaka (CVE-2021-21381) evumela ukuba umbhali wepakethi kunye nesicelo ukuba adlule imowudi ye-sandbox yodwa kwaye ufumane ukufikelela iifayile kwindlela engundoqo. Ingxaki ibonakala ukususela oko kukhululwe ngo-0.9.4.
Ukuba sesichengeni kubangelwa yimpazamo ekuphunyezweni komsebenzi wokuthunyelwa kwefayile, okwenza kube lula, ngokuguqulwa kwefayile ye-.desktop, ukufikelela kwimithombo yendlela yefayile yangaphandle engavumelekanga ukuba ifumaneke ngokusetyenziswa kwesicelo. Xa isongeza iifayile ezineethegi ezithi "@@" no-"@@u" kwi-Exec field, i-flatpak iya kucinga ukuba iifayili ekujoliswe kuzo zichazwe ngokucacileyo ngumsebenzisi kwaye ziya kuzifumana ngokuzenzekela i-sandbox kwezi fayile. Ubuthathaka bunokusetyenziswa ngababhali beepakethe ezikhohlakeleyo ukulungiselela ukufikelela kwiifayile zangaphandle, nangona kubonakala kusebenza kwimodi yokuhlukanisa.
umthombo: opennet.ru