ALSA-2024:9449

[ALSA-2024:9449] Important: bubblewrap and flatpak security update

Type:

security

Severity:

important

Release date:

2024-11-18

Description:

Bubblewrap (/usr/bin/bwrap) is a core execution engine for unprivileged containers that works as a setuid binary on kernels without user namespaces.  

Security Fix(es):  

  * flatpak: Access to files outside sandbox for apps using persistent= (--persist) (CVE-2024-42472)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	flatpak-libs-1.12.9-3.el9_5.aarch64.rpm	038f775c8d6a44e4ff79bdccd1d99417be816bc0166f7ecd7b085f096d9f3011
aarch64	flatpak-session-helper-1.12.9-3.el9_5.aarch64.rpm	a5297d3e53305fd570fc7ef980b2e023de9326432ce6ace223edb69ac09da4bf
aarch64	flatpak-1.12.9-3.el9_5.aarch64.rpm	c2d70677b9990096beca2610aa02298cabdcaaa9f733068c93604c6965841ad9
aarch64	flatpak-devel-1.12.9-3.el9_5.aarch64.rpm	c526204d51da945dcb36ae1b1d37742bbdc9cc959fb6cba9ee289bb425455a8d
aarch64	bubblewrap-0.4.1-8.el9_5.aarch64.rpm	e92adf2b4ae78bfbce0f3ec2d1deadd7023eb255c6c1e220bd5bef748598ae3b
i686	flatpak-libs-1.12.9-3.el9_5.i686.rpm	08575b4212a629120f781158202929d26387eb5d3eeb4661e8db369ab4701bda
i686	flatpak-1.12.9-3.el9_5.i686.rpm	667f5ea851e8479f059ae437c659eea3f9a928f313cdb7f8013b8602bb81962b
i686	flatpak-devel-1.12.9-3.el9_5.i686.rpm	a3e0537fd2b66e1e926832ec889d576cc6998b35ad15e71f3b3f76bbe2417d3e
i686	flatpak-session-helper-1.12.9-3.el9_5.i686.rpm	e8217b6734d752463c00d8b0bbc2d9675fe120d895b1b725ec306d26031f4e79
noarch	flatpak-selinux-1.12.9-3.el9_5.noarch.rpm	d9f29fcb044c065b28d63428e0b95b09bce1f9a812c2363d25add0dfca286f4a
ppc64le	flatpak-devel-1.12.9-3.el9_5.ppc64le.rpm	384d74397e4e229574b1297943f2b255e11a00622c64b4adb03d2e3d8d59d59e
ppc64le	bubblewrap-0.4.1-8.el9_5.ppc64le.rpm	43d8e1c7de05ed1d6440c0d404602f8bf9f7f781ea030e1dd28c18a35208c6dc
ppc64le	flatpak-libs-1.12.9-3.el9_5.ppc64le.rpm	4ed7dc937acc93ac374d1c7d8b1bb783a5ce3448cadb07c063400dea991a77f7
ppc64le	flatpak-1.12.9-3.el9_5.ppc64le.rpm	8b88fc2a1c034cdc7a7ee1c08b02804a30f2d037cbd1e18d77bf724297cd776c
ppc64le	flatpak-session-helper-1.12.9-3.el9_5.ppc64le.rpm	aee1dc3d0c794dddccbb4f1e15ae9e1b5440dfc24c9b1ed08ccc212da41273c2
s390x	flatpak-libs-1.12.9-3.el9_5.s390x.rpm	3afcbcff041d52f66273037a400eb9af43c579a14a9fd80b4fc51c96a948b258
s390x	flatpak-session-helper-1.12.9-3.el9_5.s390x.rpm	669288996a627a266b1a797a503ad64de7f766376c8181e64b451ade97e108aa
s390x	bubblewrap-0.4.1-8.el9_5.s390x.rpm	75d55ed4baf36f93e32f70939c811d17db688efad2eac42596583636c69e513b
s390x	flatpak-devel-1.12.9-3.el9_5.s390x.rpm	9e985726a1f0d54568495fa4ec69f3f5f08a5517d2b30daba97a847081c18f77
s390x	flatpak-1.12.9-3.el9_5.s390x.rpm	a75586628cbdca427a24837ebbd2f8161ef94a02fd1736176eed3a54f70bf204
x86_64	flatpak-libs-1.12.9-3.el9_5.x86_64.rpm	008ed562c082fc9385f6891d6394e35c82f40a7d93b927fc8f9f2093250c500e
x86_64	flatpak-session-helper-1.12.9-3.el9_5.x86_64.rpm	6332e580f9f25743881307b27569e30de563fed54e228669a2998b802ac32a76
x86_64	flatpak-devel-1.12.9-3.el9_5.x86_64.rpm	8caf3d648227725096cb8d85e158b3edc6fa0d3d5309a060ec7eb86b4865fd6e
x86_64	flatpak-1.12.9-3.el9_5.x86_64.rpm	b4aa84355f1cfd3e980e36f75b019341f23063083eccebe4d174fac2f5f069c7
x86_64	bubblewrap-0.4.1-8.el9_5.x86_64.rpm	e7aa3d43f61e3e1d58942a530dff2f86c1e32848705711334f3ad434dcb705aa

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.