Flatpak 1.10.2 Security Update Fixes Vulnerability That Lets Flatpak Apps Access Host OS Files

Flatpak 1.10

Flatpak developer Alexander Larsson announced today the release of Flatpak 1.10.2 as the second maintenance update in the latest Flatpak 1.10 stable series and an important security patch.

Flatpak 1.10.2 isn’t a big update, but it’s here to address a security vulnerability that could lead to potential attacks where a Flatpak app could gain access to files on the host operating system via a custom formatted .desktop file.

This release also fixes some memory leaks and includes various test fixes, and includes a fix for an issue with X11 cookies on the openSUSE Linux operating system. Therefore, it is highly recommended that you update your Flatpak installations to version 1.10.2 as soon as it lands in the your distro’s stable repositories.

In addition to these bug and security fixes, the Flatpak 1.10.2 point release adds the G_BEGIN and END_DECLS variables to the library headers for C++ use, improves the spawn portal to better handle non-UTF8 file names, and updates the documentation.

Linux OS maintainers and experienced Linux users who want to compile Flatpak from sources can download the tarball right now from GitHub.

Flatpak is one of the most used Linux application sandboxing and distribution frameworks for GNU/Linux distributions. It lets you install apps that aren’t available in your distro’s repositories or are available from third-party vendors with a few clicks.

For more details about Flatpak, which is supported on many popular Linux distros these days, you can visit the official website. Also, if you’re interested in installing Flatpak apps, go ahead and browse the Flathub portal.

Last updated 3 years ago

Buy Me a Coffee at ko-fi.com