ALSA-2026:21756

[ALSA-2026:21756] Important: flatpak security update

Type:

security

Severity:

important

Release date:

2026-05-28

Description:

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.  

Security Fix(es):  

  * flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options (CVE-2026-34078)
  * flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation (CVE-2026-34079)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	flatpak-libs-1.12.9-4.el8_10.aarch64.rpm	051254d1aa86fa1d0f080c83c4a4cdbd0b584344d03b151121229daf94a49d40
aarch64	flatpak-session-helper-1.12.9-4.el8_10.aarch64.rpm	14450d652a3b2a807280d5b8e9db483aebb06044a644550f6cdab706505a1758
aarch64	flatpak-1.12.9-4.el8_10.aarch64.rpm	79223e186a54d2b275c3019067814bdeeafb8153ef9807119ac42b076457e150
aarch64	flatpak-devel-1.12.9-4.el8_10.aarch64.rpm	a41595ba435244ba939dc8a077e3b20aea2af546b0cf4970bf5d746564513f7b
i686	flatpak-session-helper-1.12.9-4.el8_10.i686.rpm	218e9d8b0a93c5ff42e9edfa881bdf6534e778ca9198539798c0b02d6bd941c7
i686	flatpak-devel-1.12.9-4.el8_10.i686.rpm	3c27357e269104164456a6187f7541bf8b5661006bb2a177435c8f9f2cfb5aaf
i686	flatpak-libs-1.12.9-4.el8_10.i686.rpm	8a6bb0fe56a3a64dee4a03cf3ac2f829fd675ee28732fb26744753734126956e
i686	flatpak-1.12.9-4.el8_10.i686.rpm	e59d0e4e76ce789a302a04bf5451e10bf61222a8b574ae6a8ba7ad795bf2b059
noarch	flatpak-selinux-1.12.9-4.el8_10.noarch.rpm	4b8bb7d1e0af244fd94e08b4d37869a856106e8ec57caba97dc6bbbbd27c3274
ppc64le	flatpak-1.12.9-4.el8_10.ppc64le.rpm	0543e6407b53d7cc44341ff70615ad574d416e550a01ef232c88039feed129b9
ppc64le	flatpak-devel-1.12.9-4.el8_10.ppc64le.rpm	2e2cecceef6e2cea75f0a8770e11fb66c223370e7dd472ce80229ed46fc54d82
ppc64le	flatpak-session-helper-1.12.9-4.el8_10.ppc64le.rpm	88ec5e15661c61fdc99ef44689f6a252689ec9230009a049f69b936389aafccd
ppc64le	flatpak-libs-1.12.9-4.el8_10.ppc64le.rpm	de44fe4bbcce0211dadbe95ad592c049553319bdb5bd6e3def37ce8c2fe4a382
s390x	flatpak-devel-1.12.9-4.el8_10.s390x.rpm	2a965e478e89b7169d8ec63e22da17945eb219826909b17a0a12c66373096e1e
s390x	flatpak-1.12.9-4.el8_10.s390x.rpm	43d74f136750e13a253c4c8999141f87e91047441a859e285145ad8bda20e338
s390x	flatpak-session-helper-1.12.9-4.el8_10.s390x.rpm	ede8537c098116375e49fd2a4315b13b36cf5a50b42cc608a231640a4e0c8c11
s390x	flatpak-libs-1.12.9-4.el8_10.s390x.rpm	f32df5061b69b2af7728a4a08f22e6f339fba754e9aa411a6c040511b3b2d360
x86_64	flatpak-session-helper-1.12.9-4.el8_10.x86_64.rpm	39ba89a09561cc288538408463651600b3443f8047691ce2149b3d46d07072b3
x86_64	flatpak-1.12.9-4.el8_10.x86_64.rpm	57f65150bec732258898fff779b5df817c0e556d4f29e6c793975cb660f754cb
x86_64	flatpak-devel-1.12.9-4.el8_10.x86_64.rpm	5a33b33910bfaa6b96cdf31d32eaf7078ccc328f736e5f117411f5fa630f01d9
x86_64	flatpak-libs-1.12.9-4.el8_10.x86_64.rpm	c2a5204faf9bc00cbd703e35b6a0ee7bcafeb05bddf7d9c3c96eeee4217e0e4a

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.