[USN-5191-1] Flatpak vulnerability

========================================================================== Ubuntu Security Notice USN-5191-1 December 14, 2021
flatpak vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 21.10 – Ubuntu 21.04 – Ubuntu 20.04 LTS – Ubuntu 18.04 LTS
A system hardening measure could be bypassed.
Software Description: – flatpak: Application deployment framework for desktop apps
It was discovered that Flatpak incorrectly handled certain AF_UNIX sockets. An attacker could use this to specially craft a Flatpak application that could escape sandbox confinement.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.10: flatpak 1.10.2-3ubuntu0.1 libflatpak0 1.10.2-3ubuntu0.1
Ubuntu 21.04: flatpak 1.10.2-1ubuntu1.1 libflatpak0 1.10.2-1ubuntu1.1
Ubuntu 20.04 LTS: flatpak 1.6.5-0ubuntu0.4 libflatpak0 1.6.5-0ubuntu0.4
Ubuntu 18.04 LTS: flatpak 1.0.9-0ubuntu0.4 libflatpak0 1.0.9-0ubuntu0.4
In general, a standard system update will make all the necessary changes.
References: ubuntu.com/security/notices/USN-5191-1 CVE-2021-41133
Package Information: launchpad.net/ubuntu/+source/flatpak/1.10.2-3ubuntu0.1 launchpad.net/ubuntu/+source/flatpak/1.10.2-1ubuntu1.1 launchpad.net/ubuntu/+source/flatpak/1.6.5-0ubuntu0.4 launchpad.net/ubuntu/+source/flatpak/1.0.9-0ubuntu0.4