{"id":"ALSA-2021:4042","summary":"Important: flatpak security update","details":"Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.\n\nSecurity Fix(es):\n\n* flatpak: Sandbox bypass via recent VFS-manipulating syscalls (CVE-2021-41133)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","modified":"2026-01-30T01:01:16.895736Z","published":"2021-11-01T13:11:58Z","related":["CVE-2021-41133"],"references":[{"type":"REPORT","url":"https://vulners.com/cve/CVE-2021-41133"}],"affected":[{"package":{"name":"flatpak","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/flatpak"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.8.5-4.el8_4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4042.json"}},{"package":{"name":"flatpak-libs","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/flatpak-libs"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.8.5-4.el8_4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4042.json"}},{"package":{"name":"flatpak-selinux","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/flatpak-selinux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.8.5-4.el8_4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4042.json"}},{"package":{"name":"flatpak-session-helper","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/flatpak-session-helper"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.8.5-4.el8_4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4042.json"}}],"schema_version":"1.7.3"}