ALSA-2026:21757

[ALSA-2026:21757] Important: flatpak security update

Type:

security

Severity:

important

Release date:

2026-05-29

Description:

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.  

Security Fix(es):  

  * flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options (CVE-2026-34078)
  * flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation (CVE-2026-34079)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	flatpak-libs-1.16.0-9.el10_2.1.aarch64.rpm	ab47ee54e8bbb0727e9b8f9e36b1e7edcdb250c0c5ab9448682ae233947ab8e7
aarch64	flatpak-devel-1.16.0-9.el10_2.1.aarch64.rpm	b902ff54f1af13ed9d0a7c2263dc8242e09c13a3ca8c831b01682b5c4f833ad4
aarch64	flatpak-session-helper-1.16.0-9.el10_2.1.aarch64.rpm	beab4085aa5c4e9527b41ac5af5b3b42dcd64a1ffdfba7b8d8906bf41455c9c3
aarch64	flatpak-1.16.0-9.el10_2.1.aarch64.rpm	cfcb3c7fe3f1c47adcfcaeb3a71530ea886543cc6928a17a1de9ad74f0f69f59
noarch	flatpak-selinux-1.16.0-9.el10_2.1.noarch.rpm	22949ff4b832a5fbaf79d354cfc73af59a6746d662dcf4d0c294b24dcd69a9c7
ppc64le	flatpak-1.16.0-9.el10_2.1.ppc64le.rpm	57f2e34cc174f28edf4bee191b53740716ef5d70b73e90085258b2226953cfd4
ppc64le	flatpak-libs-1.16.0-9.el10_2.1.ppc64le.rpm	76672873c92cee5d9db4a3b67861b77559f6faa2ebb0f0331a39af2682e9d36b
ppc64le	flatpak-session-helper-1.16.0-9.el10_2.1.ppc64le.rpm	9292ba48312745ae7940a94ef6f685e1aea408a6deb3044c8d31bdc1a581086d
ppc64le	flatpak-devel-1.16.0-9.el10_2.1.ppc64le.rpm	ee94a4713fafaf770b1341f4076dc6cd15747072d87ccacab04726f1468ba967
s390x	flatpak-session-helper-1.16.0-9.el10_2.1.s390x.rpm	0a555a3e1c06fb69b9b9fb6417bbcd02eedc2f8234ff4567f58f8a066e0c75ac
s390x	flatpak-libs-1.16.0-9.el10_2.1.s390x.rpm	998ef1ea45ab9c894d9dcf41193d021d3de8440d3641ee42414854c18d4d5760
s390x	flatpak-1.16.0-9.el10_2.1.s390x.rpm	a180a0911c507de60e220aa731d78fb8615a1600506f3afd5716d063f5ac0411
s390x	flatpak-devel-1.16.0-9.el10_2.1.s390x.rpm	bca78d57aac3080074312d41b14c64fe47c106e612638582cfcd19f8308b6604
x86_64	flatpak-session-helper-1.16.0-9.el10_2.1.x86_64.rpm	009148cf7dace481fa7986da224b17ffa99787d388741a02f62ce50926b009ac
x86_64	flatpak-libs-1.16.0-9.el10_2.1.x86_64.rpm	89994cf375fae9ddab6a1a576062a3e0e12e51c53596300a73438b2fef47c918
x86_64	flatpak-1.16.0-9.el10_2.1.x86_64.rpm	96149e48e94da829daf167ad7f76f85ae02b6597b3d8e40d010448666736677e
x86_64	flatpak-devel-1.16.0-9.el10_2.1.x86_64.rpm	ea3b3f38fc530c4fe5232ccfbf19267b7645da3514ccffcb6ebecbe88bed893a
x86_64_v2	flatpak-1.16.0-9.el10_2.1.x86_64_v2.rpm	0c31d436b97831e787da899c9c572316bd531e098303548d91cdbbbd273944ac
x86_64_v2	flatpak-libs-1.16.0-9.el10_2.1.x86_64_v2.rpm	60d1d9f8bf0c9d8929a491dd9e93aa782ca90dce9d5cdcc1bc273b286662d0ea
x86_64_v2	flatpak-session-helper-1.16.0-9.el10_2.1.x86_64_v2.rpm	743d833aa29eba1625c8faf53e87297cce5ce176418548d7024bbcbb5212ed21
x86_64_v2	flatpak-devel-1.16.0-9.el10_2.1.x86_64_v2.rpm	9b6ed3c8d68f25b41a1a01043bb09d3cc6e443e0dbe492e063fc8abcea7e663f

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.