ALSA-2023:7038

[ALSA-2023:7038] Moderate: flatpak security, bug fix, and enhancement update

Type:

security

Severity:

moderate

Release date:

2023-11-23

Description:

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.

The following packages have been upgraded to a later upstream version: flatpak (1.10.8). (BZ#2222103)

Security Fix(es):

* flatpak: TIOCLINUX can send commands outside sandbox if running on a virtual console (CVE-2023-28100)
* flatpak: Metadata with ANSI control codes can cause misleading terminal output (CVE-2023-28101)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	flatpak-libs-1.10.8-1.el8.aarch64.rpm	ba94a6ff8cf4f845d0ab9312114f18c20892bbcd80dd9252752eeb80db53b082
aarch64	flatpak-session-helper-1.10.8-1.el8.aarch64.rpm	cd03199d113d6dc4ed6ec650bab8ff7a029ed1ae1d80cf02245b4e6ddb14bef5
aarch64	flatpak-1.10.8-1.el8.aarch64.rpm	e211a3def64d4220666f4d68d56903cf4539929e88b08109957cecae55fff7f1
aarch64	flatpak-devel-1.10.8-1.el8.aarch64.rpm	ef4f163ce8055f500dcaf6cbf80642f850351411468525aef98a2292a6d16019
i686	flatpak-session-helper-1.10.8-1.el8.i686.rpm	2d4d831e22aa66da05a3233fa48ddc90157c576b0b70301e091fa106bab6d810
i686	flatpak-1.10.8-1.el8.i686.rpm	3aef17900e09793ceacf2ce358146dcf2c2ecf4bf64a2f413ca896c6c10e0c54
i686	flatpak-devel-1.10.8-1.el8.i686.rpm	3d93a18a7e67ded7b492961d7f8554fa729619f89a39b0e2d7e5de700ce67c61
i686	flatpak-libs-1.10.8-1.el8.i686.rpm	84c065905ef252947ecd455c8910d7ea9f4447242f0b8d988b94f3db683f28c0
noarch	flatpak-selinux-1.10.8-1.el8.noarch.rpm	4a6db6de6306547611a6fb68e8ea023fa3321bca8e6d69e3f446fee107122255
ppc64le	flatpak-devel-1.10.8-1.el8.ppc64le.rpm	0faf52c6a5bc9d43d2e03f0981a01639b244453d37d62949594b8f58a20b5e8b
ppc64le	flatpak-1.10.8-1.el8.ppc64le.rpm	658a0c41b240379c9cc3e47cd41a70b132b0dab582ce949abb44efbbb2793f79
ppc64le	flatpak-libs-1.10.8-1.el8.ppc64le.rpm	a8050aaed43299b5c788b4b8cc58b30c9165f7c9b40861a9699427b989e9893f
ppc64le	flatpak-session-helper-1.10.8-1.el8.ppc64le.rpm	bc3c7558438c4980e4a529e842d857216e602b8fecf5ac5eff57829ebf1e8389
s390x	flatpak-libs-1.10.8-1.el8.s390x.rpm	2dc47c0d22ae304f5d0cbd3ba2c9f6d03b56f53544e93851d14575cc395455c3
s390x	flatpak-devel-1.10.8-1.el8.s390x.rpm	c55a1d20fde2791366905f7d682ca52f170e66426f5a9ebce46e41f9a44618b6
s390x	flatpak-session-helper-1.10.8-1.el8.s390x.rpm	c8225e62fabf6f683a3225768d61c0f85734b03651a9c654663947649922c4b6
s390x	flatpak-1.10.8-1.el8.s390x.rpm	dee42be2aa07bdebbe250aff0ebf80e7f07a88366ab07220a6eacbe90a7846c7
x86_64	flatpak-libs-1.10.8-1.el8.x86_64.rpm	43a6b914455e8efd12a7efb9d4ca63461911b4ecf87a2d14b28da228c8dd0145
x86_64	flatpak-devel-1.10.8-1.el8.x86_64.rpm	ba0d82f508558d6fcf0ddd174171f0e08c1fb343e974ce154ccff51d5472b843
x86_64	flatpak-1.10.8-1.el8.x86_64.rpm	c9a20a17bd66c53e234bd48de5fe43b3a2d6f934f164c5598e416955645b540f
x86_64	flatpak-session-helper-1.10.8-1.el8.x86_64.rpm	f5fec9049404ddb0628f05e790a316a80a5adfce7772c7dcd61a3aca253e8517

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.