(Advisory created in 2023 to clarify the handling of a security issue in much older versions.)
Impact
If Flatpak is run from a terminal emulator containing an interactive shell, a malicious Flatpak app could inject input into the interactive shell by using the TIOCSTI
ioctl due to an incomplete solution for CVE-2017-5226.
Patches
a9107fe
Workarounds
Don't run Flatpak apps with a controlling terminal, or don't use Flatpak versions from 2019.
References
#2782
(Advisory created in 2023 to clarify the handling of a security issue in much older versions.)
Impact
If Flatpak is run from a terminal emulator containing an interactive shell, a malicious Flatpak app could inject input into the interactive shell by using the
TIOCSTI
ioctl due to an incomplete solution for CVE-2017-5226.Patches
a9107fe
Workarounds
Don't run Flatpak apps with a controlling terminal, or don't use Flatpak versions from 2019.
References
#2782