Groups | Search | Server Info | Login | Register

Groups > linux.debian.announce.security > #4789

[SECURITY] [DSA 6223-1] flatpak security update

From Moritz Muehlenhoff <jmm@debian.org>
Newsgroups linux.debian.announce.security
Subject [SECURITY] [DSA 6223-1] flatpak security update
Date 2026-04-22 10:50 +0200
Message-ID <MMBrs-h5z1-43@gated-at.bofh.it> (permalink)
Organization linux.* mail to news gateway

Show all headers | View raw

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6223-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
April 22, 2026                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : flatpak
CVE ID         : CVE-2026-34078 CVE-2026-34079

Multiple security vulnerabilities were discovered in Flatpak, an
application deployment framework for desktop apps, which could allow a
Flatpak app to delete arbitrary hosts on the host or break out of the
sandbox resulting in code execution in the host context.

For the oldstable distribution (bookworm), these problems have been fixed
in version 1.14.10-1~deb12u2.

We recommend that you upgrade your flatpak packages.

For the detailed security status of flatpak please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/flatpak

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmnoiDkACgkQEMKTtsN8
TjauqhAAoDeD7cTvwSgToGICI5PvZpK54Z/2is0xb6FDInSOYAfmvRCw7aAjAHEE
dzT5rGiMacgQPAGM6l3AQQiF3ekppy0F9Nt5UzwP4O+yxPCHqIpT+jV3K5yE3Fha
tNtXeBV5B+iLDbtI3Uxern81diPIWvqe7eH8f+JEXgB2dRH4BHqwpVPZtP27xtPe
+qAxuM0XoFPIXodKvnbG5x53qailca1qE+7bt1uNSxm/8pa24SxQ58lS6MSL/2tX
tt28Qba0ehp11HFXCE69oqE0l3WqRBJiG70OoALyiYp6ODMfoBPdf103SYreToWp
t28HGJpwTG1o/qH5zrzgFjdXrR9RlMds2GRx6Clm4vEgZ70eW6L3J1KCPlM1/N34
W0R13mpLnjZeXbXJbRRKYhvi3+9DAwZIHuiwGfpyzuH2asRpkk50mo4tTB+QwPCv
bUdfje5dWqnDbrBXJ/SVND0OpH5ZCpPunjCjtAZ3FwqD/zVaHrTK8ujMuZG3lVxj
Mqg3e0LXLwgeP9Aa8N5dpYshhnY6Mfn1MHPmvMByzhDKEF5xKhFfuX8XQ+wZfyAP
MN0CMks+xHGdy3ItnccD/0e3vxhGfy7+KggwHwMYdc4GrztG7mBJs5bW+HBQhRh0
ivi+PEChbT22WI9ffR05Z8WoXieCAOpGIU4pOz+itlGEHf/op7A=
=1JY4
-----END PGP SIGNATURE-----

Back to linux.debian.announce.security | Previous | Next | Find similar

Thread

[SECURITY] [DSA 6223-1] flatpak security update Moritz Muehlenhoff <jmm@debian.org> - 2026-04-22 10:50 +0200

csiph-web