ALSA-2026:21755

[ALSA-2026:21755] Important: flatpak security update

Type:

security

Severity:

important

Release date:

2026-05-29

Description:

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.  

Security Fix(es):  

  * flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options (CVE-2026-34078)
  * flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation (CVE-2026-34079)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	flatpak-1.12.9-4.el9_8.1.aarch64.rpm	2bcc488d53efafe0770d95d9cb6b972203c53323892da527a47357dfed6cd13a
aarch64	flatpak-session-helper-1.12.9-4.el9_8.1.aarch64.rpm	2eb72343bb67c34d3044342f7afa05a10a6961ea40bab7f4f372eab52f57a54f
aarch64	flatpak-libs-1.12.9-4.el9_8.1.aarch64.rpm	a9f73d576c352b6399e2f059ce91cac515186ddd30c91ad3cfd7dbd2d870d642
aarch64	flatpak-devel-1.12.9-4.el9_8.1.aarch64.rpm	ad2e1c16ac8b9bcff6773541c9efad6888c3554c8bae64feda364176e5b19bc1
i686	flatpak-devel-1.12.9-4.el9_8.1.i686.rpm	1174f389eccd85436dc8940a458c2075227e2f149bcd2d9dd484070f4704202d
i686	flatpak-libs-1.12.9-4.el9_8.1.i686.rpm	1f09d300e92f5cc58c3b2296be56aedf1c8ae095e4b01afb421cdc501d6d50d8
i686	flatpak-1.12.9-4.el9_8.1.i686.rpm	6a66da68efcb9e6f79643e9ead12b6668310efee8713ae2d949bc2bf035274b4
i686	flatpak-session-helper-1.12.9-4.el9_8.1.i686.rpm	cd01d8a06b1b08a7847e4745d3a776b358a7ecd8159860417bc41d0933e495e8
noarch	flatpak-selinux-1.12.9-4.el9_8.1.noarch.rpm	3a8c3e535452a1a754a11152933374d7b9278500b066e6fefbf5d5bd4b5c314e
ppc64le	flatpak-libs-1.12.9-4.el9_8.1.ppc64le.rpm	4c138d08422ebfce47f957c5101522e7c492b9b1b7b6c89cf96aec1fb74346a5
ppc64le	flatpak-1.12.9-4.el9_8.1.ppc64le.rpm	5a06695d1489592820f3801248bfea7f4ce14c6d23a10598ca434fe7d6b6b98e
ppc64le	flatpak-devel-1.12.9-4.el9_8.1.ppc64le.rpm	a4b2312f8638077d6ca23273af55db2c2739093210d9e8b5b7eb137a7a15766a
ppc64le	flatpak-session-helper-1.12.9-4.el9_8.1.ppc64le.rpm	fcc6c40a5fe17aaaa4496436c4307c781c61a7d03cad982dce511a5a2aae7bd8
s390x	flatpak-devel-1.12.9-4.el9_8.1.s390x.rpm	6ff49228d0de9a7699a2a9ae25bcf4388d965789bbab852e32946bd538723369
s390x	flatpak-libs-1.12.9-4.el9_8.1.s390x.rpm	87c20c58bd44f6ae6e7d9119e89bace74c7861b3852cdc5edd51b313355606a3
s390x	flatpak-session-helper-1.12.9-4.el9_8.1.s390x.rpm	aeaa499d05dbd8ddea09b94bf61df3a3e4bc6033cc9bae17766d5786690938d3
s390x	flatpak-1.12.9-4.el9_8.1.s390x.rpm	ca30a11c278bfbf508581d054988eacd58a2cbcf259d25902965a419550ebb9d
x86_64	flatpak-session-helper-1.12.9-4.el9_8.1.x86_64.rpm	29fa2ed3916718d07210bc86b6d9dcc47e61e08df1fc281f96d3c4bd0134ebb6
x86_64	flatpak-libs-1.12.9-4.el9_8.1.x86_64.rpm	48971bd4a6c39493d27bffcdd5bfacc39c3f1366ccb081438d0cc157a620752c
x86_64	flatpak-1.12.9-4.el9_8.1.x86_64.rpm	cf6764206001b307e8738021df70ac0d89df11d5547201cbf631f9f52b0393eb
x86_64	flatpak-devel-1.12.9-4.el9_8.1.x86_64.rpm	d700fcddc9e2eed17f1690d8faf99ce09351eab2e8eaeb22c66efc7d11bb1284

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.