Hi there!
We released an important security fix a few hours ago and advise to upgrade your system as soon as possible
The fix is available in version 4.1.8 (stable) and 4.2.1 (testing). It also got backported to 3.8.6.
10 Likes
More information:
Multiple issues were found in directory permissions that were too broad, and may be used by malicious yunohost users to access other local yunohost users’s data (privacy violation) or to access system secrets (which may be used for privilege escalation).
The fix restricts permissions on the appropriate directories using ACL (which is a more flexible extension to the classical UNIX permission system)
7 Likes