Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-32462 (GCVE-0-2024-32462)
Vulnerability from cvelistv5 – Published: 2024-04-18 18:11 – Updated: 2025-12-16 18:13
VLAI
EPSS
Title
Flatpak vulnerable to a sandbox escape via RequestBackground portal due to bad argument parsing
Summary
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument of `flatpak run` expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. However it is possible to instead pass `bwrap` arguments to `--command=`, such as `--bind`. It's possible to pass an arbitrary `commandline` to the portal interface `org.freedesktop.portal.Background.RequestBackground` from within a Flatpak app. When this is converted into a `--command` and arguments, it achieves the same effect of passing arguments directly to `bwrap`, and thus can be used for a sandbox escape. The solution is to pass the `--` argument to `bwrap`, which makes it stop processing options. This has been supported since bubblewrap 0.3.0. All supported versions of Flatpak require at least that version of bubblewrap. xdg-desktop-portal version 1.18.4 will mitigate this vulnerability by only allowing Flatpak apps to create .desktop files for commands that do not start with --. The vulnerability is patched in 1.15.8, 1.10.9, 1.12.9, and 1.14.6.
Severity
8.4 (High)
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://github.com/flatpak/flatpak/security/advis… | x_refsource_CONFIRM |
| https://github.com/flatpak/flatpak/commit/72016e3… | x_refsource_MISC |
| https://github.com/flatpak/flatpak/commit/81abe2a… | x_refsource_MISC |
| https://github.com/flatpak/flatpak/commit/b7c1a55… | x_refsource_MISC |
| https://github.com/flatpak/flatpak/commit/bbab7ed… | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… | |
| https://lists.fedoraproject.org/archives/list/pac… | |
| http://www.openwall.com/lists/oss-security/2024/04/18/5 |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:flatpak:flatpak:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flatpak",
"vendor": "flatpak",
"versions": [
{
"lessThan": "1.15.8",
"status": "affected",
"version": "1.15.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32462",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-20T04:00:12.336436Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T18:13:22.363Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:13:39.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj"
},
{
"name": "https://github.com/flatpak/flatpak/commit/72016e3fce8fcbeab707daf4f1a02b931fcc004d",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/flatpak/flatpak/commit/72016e3fce8fcbeab707daf4f1a02b931fcc004d"
},
{
"name": "https://github.com/flatpak/flatpak/commit/81abe2a37d363f5099c3d0bdcd0caad6efc5bf97",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/flatpak/flatpak/commit/81abe2a37d363f5099c3d0bdcd0caad6efc5bf97"
},
{
"name": "https://github.com/flatpak/flatpak/commit/b7c1a558e58aaeb1d007d29529bbb270dc4ff11e",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/flatpak/flatpak/commit/b7c1a558e58aaeb1d007d29529bbb270dc4ff11e"
},
{
"name": "https://github.com/flatpak/flatpak/commit/bbab7ed1e672356d1a78b422462b210e8e875931",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/flatpak/flatpak/commit/bbab7ed1e672356d1a78b422462b210e8e875931"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFNSCFJVMAQK5AF55JBN7OSJP3CREDBD/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IB6VQAF5S2YOBULDHPUKPOEIKONOP5KO/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/18/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "flatpak",
"vendor": "flatpak",
"versions": [
{
"status": "affected",
"version": "\u003c 1.10.9"
},
{
"status": "affected",
"version": "\u003e= 1.12.0, \u003c 1.12.9"
},
{
"status": "affected",
"version": "\u003e= 1.14.0, \u003c 1.14.6"
},
{
"status": "affected",
"version": "\u003e= 1.15.0, \u003c 1.15.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument of `flatpak run` expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. However it is possible to instead pass `bwrap` arguments to `--command=`, such as `--bind`. It\u0027s possible to pass an arbitrary `commandline` to the portal interface `org.freedesktop.portal.Background.RequestBackground` from within a Flatpak app. When this is converted into a `--command` and arguments, it achieves the same effect of passing arguments directly to `bwrap`, and thus can be used for a sandbox escape. The solution is to pass the `--` argument to `bwrap`, which makes it stop processing options. This has been supported since bubblewrap 0.3.0. All supported versions of Flatpak require at least that version of bubblewrap. xdg-desktop-portal version 1.18.4 will mitigate this vulnerability by only allowing Flatpak apps to create .desktop files for commands that do not start with --. The vulnerability is patched in 1.15.8, 1.10.9, 1.12.9, and 1.14.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88: Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T18:07:39.466Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj"
},
{
"name": "https://github.com/flatpak/flatpak/commit/72016e3fce8fcbeab707daf4f1a02b931fcc004d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/flatpak/flatpak/commit/72016e3fce8fcbeab707daf4f1a02b931fcc004d"
},
{
"name": "https://github.com/flatpak/flatpak/commit/81abe2a37d363f5099c3d0bdcd0caad6efc5bf97",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/flatpak/flatpak/commit/81abe2a37d363f5099c3d0bdcd0caad6efc5bf97"
},
{
"name": "https://github.com/flatpak/flatpak/commit/b7c1a558e58aaeb1d007d29529bbb270dc4ff11e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/flatpak/flatpak/commit/b7c1a558e58aaeb1d007d29529bbb270dc4ff11e"
},
{
"name": "https://github.com/flatpak/flatpak/commit/bbab7ed1e672356d1a78b422462b210e8e875931",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/flatpak/flatpak/commit/bbab7ed1e672356d1a78b422462b210e8e875931"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFNSCFJVMAQK5AF55JBN7OSJP3CREDBD/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IB6VQAF5S2YOBULDHPUKPOEIKONOP5KO/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/04/18/5"
}
],
"source": {
"advisory": "GHSA-phv6-cpc2-2fgj",
"discovery": "UNKNOWN"
},
"title": "Flatpak vulnerable to a sandbox escape via RequestBackground portal due to bad argument parsing"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-32462",
"datePublished": "2024-04-18T18:11:27.680Z",
"dateReserved": "2024-04-12T19:41:51.164Z",
"dateUpdated": "2025-12-16T18:13:22.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-32462",
"date": "2026-05-31",
"epss": "0.00247",
"percentile": "0.48109"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-32462\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-04-18T18:15:09.313\",\"lastModified\":\"2025-08-21T00:43:47.783\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument of `flatpak run` expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. However it is possible to instead pass `bwrap` arguments to `--command=`, such as `--bind`. It\u0027s possible to pass an arbitrary `commandline` to the portal interface `org.freedesktop.portal.Background.RequestBackground` from within a Flatpak app. When this is converted into a `--command` and arguments, it achieves the same effect of passing arguments directly to `bwrap`, and thus can be used for a sandbox escape. The solution is to pass the `--` argument to `bwrap`, which makes it stop processing options. This has been supported since bubblewrap 0.3.0. All supported versions of Flatpak require at least that version of bubblewrap. xdg-desktop-portal version 1.18.4 will mitigate this vulnerability by only allowing Flatpak apps to create .desktop files for commands that do not start with --. The vulnerability is patched in 1.15.8, 1.10.9, 1.12.9, and 1.14.6.\"},{\"lang\":\"es\",\"value\":\"Flatpak es un sistema para crear, distribuir y ejecutar aplicaciones de escritorio en espacio aislado en Linux. en versiones anteriores a la 1.10.9, 1.12.9, 1.14.6 y 1.15.8, una aplicaci\u00f3n Flatpak maliciosa o comprometida podr\u00eda ejecutar c\u00f3digo arbitrario fuera de su zona de pruebas. Normalmente, el argumento `--command` de `flatpak run` espera recibir un comando para ejecutar en la aplicaci\u00f3n Flatpak especificada, opcionalmente junto con algunos argumentos. Sin embargo, es posible pasar argumentos `bwrap` a `--command=`, como `--bind`. Es posible pasar una \\\"l\u00ednea de comando\\\" arbitraria a la interfaz del portal \\\"org.freedesktop.portal.Background.RequestBackground\\\" desde una aplicaci\u00f3n Flatpak. Cuando esto se convierte en un `--command` y argumentos, logra el mismo efecto de pasar argumentos directamente a `bwrap` y, por lo tanto, puede usarse para un escape sandbox. La soluci\u00f3n es pasar el argumento `--` a `bwrap`, lo que hace que deje de procesar las opciones. Esto ha sido compatible desde bubblewrap 0.3.0. Todas las versiones compatibles de Flatpak requieren al menos esa versi\u00f3n de bubblewrap. xdg-desktop-portal versi\u00f3n 1.18.4 mitigar\u00e1 esta vulnerabilidad al permitir que las aplicaciones Flatpak solo creen archivos .desktop para comandos que no comiencen con --. La vulnerabilidad est\u00e1 parcheada en 1.15.8, 1.10.9, 1.12.9 y 1.14.6.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N\",\"baseScore\":8.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.0,\"impactScore\":5.8}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-88\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:flatpak:flatpak:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.10.9\",\"matchCriteriaId\":\"E60FCEB3-549B-4F83-8BF1-87B9AB1A4D91\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:flatpak:flatpak:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.12.0\",\"versionEndExcluding\":\"1.12.9\",\"matchCriteriaId\":\"B8FCD122-12F7-46AC-AFBA-45303E6F4761\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:flatpak:flatpak:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.14.0\",\"versionEndExcluding\":\"1.14.6\",\"matchCriteriaId\":\"E1CCDB8B-00D2-4C89-A148-DB50CC4A940A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:flatpak:flatpak:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.15.0\",\"versionEndExcluding\":\"1.15.8\",\"matchCriteriaId\":\"AC3F3728-D443-4387-B00E-A559883BBAF3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA277A6C-83EC-4536-9125-97B84C4FAF59\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2024/04/18/5\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/flatpak/flatpak/commit/72016e3fce8fcbeab707daf4f1a02b931fcc004d\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/flatpak/flatpak/commit/81abe2a37d363f5099c3d0bdcd0caad6efc5bf97\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/flatpak/flatpak/commit/b7c1a558e58aaeb1d007d29529bbb270dc4ff11e\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/flatpak/flatpak/commit/bbab7ed1e672356d1a78b422462b210e8e875931\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IB6VQAF5S2YOBULDHPUKPOEIKONOP5KO/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFNSCFJVMAQK5AF55JBN7OSJP3CREDBD/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/04/18/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/flatpak/flatpak/commit/72016e3fce8fcbeab707daf4f1a02b931fcc004d\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/flatpak/flatpak/commit/81abe2a37d363f5099c3d0bdcd0caad6efc5bf97\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/flatpak/flatpak/commit/b7c1a558e58aaeb1d007d29529bbb270dc4ff11e\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/flatpak/flatpak/commit/bbab7ed1e672356d1a78b422462b210e8e875931\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IB6VQAF5S2YOBULDHPUKPOEIKONOP5KO/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFNSCFJVMAQK5AF55JBN7OSJP3CREDBD/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj\", \"name\": \"https://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/flatpak/flatpak/commit/72016e3fce8fcbeab707daf4f1a02b931fcc004d\", \"name\": \"https://github.com/flatpak/flatpak/commit/72016e3fce8fcbeab707daf4f1a02b931fcc004d\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/flatpak/flatpak/commit/81abe2a37d363f5099c3d0bdcd0caad6efc5bf97\", \"name\": \"https://github.com/flatpak/flatpak/commit/81abe2a37d363f5099c3d0bdcd0caad6efc5bf97\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/flatpak/flatpak/commit/b7c1a558e58aaeb1d007d29529bbb270dc4ff11e\", \"name\": \"https://github.com/flatpak/flatpak/commit/b7c1a558e58aaeb1d007d29529bbb270dc4ff11e\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/flatpak/flatpak/commit/bbab7ed1e672356d1a78b422462b210e8e875931\", \"name\": \"https://github.com/flatpak/flatpak/commit/bbab7ed1e672356d1a78b422462b210e8e875931\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFNSCFJVMAQK5AF55JBN7OSJP3CREDBD/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IB6VQAF5S2YOBULDHPUKPOEIKONOP5KO/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/04/18/5\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T02:13:39.161Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-32462\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-04-20T04:00:12.336436Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:flatpak:flatpak:*:*:*:*:*:*:*:*\"], \"vendor\": \"flatpak\", \"product\": \"flatpak\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.15.0\", \"lessThan\": \"1.15.8\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-04-24T14:11:16.557Z\"}}], \"cna\": {\"title\": \"Flatpak vulnerable to a sandbox escape via RequestBackground portal due to bad argument parsing\", \"source\": {\"advisory\": \"GHSA-phv6-cpc2-2fgj\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.4, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"flatpak\", \"product\": \"flatpak\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.10.9\"}, {\"status\": \"affected\", \"version\": \"\u003e= 1.12.0, \u003c 1.12.9\"}, {\"status\": \"affected\", \"version\": \"\u003e= 1.14.0, \u003c 1.14.6\"}, {\"status\": \"affected\", \"version\": \"\u003e= 1.15.0, \u003c 1.15.8\"}]}], \"references\": [{\"url\": \"https://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj\", \"name\": \"https://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/flatpak/flatpak/commit/72016e3fce8fcbeab707daf4f1a02b931fcc004d\", \"name\": \"https://github.com/flatpak/flatpak/commit/72016e3fce8fcbeab707daf4f1a02b931fcc004d\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/flatpak/flatpak/commit/81abe2a37d363f5099c3d0bdcd0caad6efc5bf97\", \"name\": \"https://github.com/flatpak/flatpak/commit/81abe2a37d363f5099c3d0bdcd0caad6efc5bf97\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/flatpak/flatpak/commit/b7c1a558e58aaeb1d007d29529bbb270dc4ff11e\", \"name\": \"https://github.com/flatpak/flatpak/commit/b7c1a558e58aaeb1d007d29529bbb270dc4ff11e\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/flatpak/flatpak/commit/bbab7ed1e672356d1a78b422462b210e8e875931\", \"name\": \"https://github.com/flatpak/flatpak/commit/bbab7ed1e672356d1a78b422462b210e8e875931\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFNSCFJVMAQK5AF55JBN7OSJP3CREDBD/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IB6VQAF5S2YOBULDHPUKPOEIKONOP5KO/\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/04/18/5\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument of `flatpak run` expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. However it is possible to instead pass `bwrap` arguments to `--command=`, such as `--bind`. It\u0027s possible to pass an arbitrary `commandline` to the portal interface `org.freedesktop.portal.Background.RequestBackground` from within a Flatpak app. When this is converted into a `--command` and arguments, it achieves the same effect of passing arguments directly to `bwrap`, and thus can be used for a sandbox escape. The solution is to pass the `--` argument to `bwrap`, which makes it stop processing options. This has been supported since bubblewrap 0.3.0. All supported versions of Flatpak require at least that version of bubblewrap. xdg-desktop-portal version 1.18.4 will mitigate this vulnerability by only allowing Flatpak apps to create .desktop files for commands that do not start with --. The vulnerability is patched in 1.15.8, 1.10.9, 1.12.9, and 1.14.6.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-88\", \"description\": \"CWE-88: Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-05-01T18:07:39.466Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-32462\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-16T18:13:22.363Z\", \"dateReserved\": \"2024-04-12T19:41:51.164Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-04-18T18:11:27.680Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
alsa-2024:3959
Vulnerability from osv_almalinux
Published
2024-06-17 00:00
Modified
2024-06-19 09:13
Summary
Important: flatpak security update
Details
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.
Security Fix(es):
- flatpak: sandbox escape via RequestBackground portal (CVE-2024-32462)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "flatpak"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.12.9-1.el9_4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "flatpak-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.12.9-1.el9_4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "flatpak-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.12.9-1.el9_4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "flatpak-selinux"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.12.9-1.el9_4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "flatpak-session-helper"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.12.9-1.el9_4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.\n\nSecurity Fix(es):\n\n* flatpak: sandbox escape via RequestBackground portal (CVE-2024-32462)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.",
"id": "ALSA-2024:3959",
"modified": "2024-06-19T09:13:38Z",
"published": "2024-06-17T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2024:3959"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-32462"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2275981"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2024-3959.html"
}
],
"related": [
"CVE-2024-32462"
],
"summary": "Important: flatpak security update"
}
alsa-2024:3961
Vulnerability from osv_almalinux
Published
2024-06-17 00:00
Modified
2024-06-19 09:15
Summary
Important: flatpak security update
Details
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.
Security Fix(es):
- flatpak: sandbox escape via RequestBackground portal (CVE-2024-32462)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "flatpak"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.12.9-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "flatpak-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.12.9-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "flatpak-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.12.9-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "flatpak-selinux"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.12.9-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "flatpak-session-helper"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.12.9-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.\n\nSecurity Fix(es):\n\n* flatpak: sandbox escape via RequestBackground portal (CVE-2024-32462)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.",
"id": "ALSA-2024:3961",
"modified": "2024-06-19T09:15:05Z",
"published": "2024-06-17T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2024:3961"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-32462"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2275981"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2024-3961.html"
}
],
"related": [
"CVE-2024-32462"
],
"summary": "Important: flatpak security update"
}
Title
Уязвимость интерфейса xdg-desktop-portal инструмента для управления приложениями и средами Flatpak, позволяющая нарушителю выйти из изолированной программной среды и получить доступ к файлам в базовой системе
Description
Уязвимость интерфейса xdg-desktop-portal инструмента для управления приложениями и средами Flatpak связана с внедрением или модификацией аргументов. Эксплуатация уязвимости может позволить нарушителю выйти из изолированной программной среды и получить доступ к файлам в базовой системе
Severity
Vendor
ООО «Ред Софт», АО «НТЦ ИТ РОСА», Сообщество свободного программного обеспечения, АО "НППКТ"
Software Name
РЕД ОС (запись в едином реестре российских программ №3751), РОСА Кобальт (запись в едином реестре российских программ №1999), РОСА ХРОМ (запись в едином реестре российских программ №1607), Flatpak, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)
Software Version
7.3 (РЕД ОС), 7.9 (РОСА Кобальт), 12.4 (РОСА ХРОМ), до 1.10.9 (Flatpak), от 1.12.0 до 1.12.9 (Flatpak), от 1.14.0 до 1.14.6 (Flatpak), от 1.15.0 до 1.15.8 (Flatpak), до 2.14 (ОСОН ОСнова Оnyx)
Possible Mitigations
Установка обновлений из доверенных источников.
В связи со сложившейся обстановкой и введенными санкциями против Российской Федерации рекомендуется устанавливать обновления программного обеспечения только после оценки всех сопутствующих рисков.
Компенсирующие меры:
- использование при запуске нестатической команды bwrap «--»;
- минимизация пользовательских привилегий;
- отключение/удаление неиспользуемых учётных записей пользователей.
Использование рекомендаций производителя:
https://github.com/flatpak/flatpak/commit/72016e3fce8fcbeab707daf4f1a02b931fcc004d
https://github.com/flatpak/flatpak/commit/81abe2a37d363f5099c3d0bdcd0caad6efc5bf97
https://github.com/flatpak/flatpak/commit/b7c1a558e58aaeb1d007d29529bbb270dc4ff11e
https://github.com/flatpak/flatpak/commit/bbab7ed1e672356d1a78b422462b210e8e875931
https://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj
Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Для ОС РОСА "КОБАЛЬТ": https://abf.rosa.ru/advisories/ROSA-SA-2024-2487
Для ОС РОСА "КОБАЛЬТ": https://abf.rosa.ru/advisories/ROSA-SA-2024-2487
Для операционной системы РОСА ХРОМ: https://abf.rosa.ru/advisories/ROSA-SA-2025-3004
Обновление программного обеспечения flatpak до версии 1.10.8-0+deb11u3.osnova2u1
Reference
https://github.com/flatpak/flatpak/commit/72016e3fce8fcbeab707daf4f1a02b931fcc004d
https://github.com/flatpak/flatpak/commit/81abe2a37d363f5099c3d0bdcd0caad6efc5bf97
https://github.com/flatpak/flatpak/commit/b7c1a558e58aaeb1d007d29529bbb270dc4ff11e
https://github.com/flatpak/flatpak/commit/bbab7ed1e672356d1a78b422462b210e8e875931
https://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
https://abf.rosa.ru/advisories/ROSA-SA-2024-2487
https://abf.rosa.ru/advisories/ROSA-SA-2024-2487
https://abf.rosa.ru/advisories/ROSA-SA-2025-3004
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.14/
CWE
CWE-88
{
"CVSS 2.0": "AV:L/AC:L/Au:S/C:C/I:C/A:N",
"CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7.3 (\u0420\u0415\u0414 \u041e\u0421), 7.9 (\u0420\u041e\u0421\u0410 \u041a\u043e\u0431\u0430\u043b\u044c\u0442), 12.4 (\u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c), \u0434\u043e 1.10.9 (Flatpak), \u043e\u0442 1.12.0 \u0434\u043e 1.12.9 (Flatpak), \u043e\u0442 1.14.0 \u0434\u043e 1.14.6 (Flatpak), \u043e\u0442 1.15.0 \u0434\u043e 1.15.8 (Flatpak), \u0434\u043e 2.14 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0438\u0437 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432.\n\u0412 \u0441\u0432\u044f\u0437\u0438 \u0441\u043e \u0441\u043b\u043e\u0436\u0438\u0432\u0448\u0435\u0439\u0441\u044f \u043e\u0431\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u043e\u0439 \u0438 \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u043c\u0438 \u0441\u0430\u043d\u043a\u0446\u0438\u044f\u043c\u0438 \u043f\u0440\u043e\u0442\u0438\u0432 \u0420\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0439 \u0424\u0435\u0434\u0435\u0440\u0430\u0446\u0438\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u043e\u0446\u0435\u043d\u043a\u0438 \u0432\u0441\u0435\u0445 \u0441\u043e\u043f\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0440\u0438\u0441\u043a\u043e\u0432.\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u0440\u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0435 \u043d\u0435\u0441\u0442\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043a\u043e\u043c\u0430\u043d\u0434\u044b bwrap \u00ab--\u00bb;\n- \u043c\u0438\u043d\u0438\u043c\u0438\u0437\u0430\u0446\u0438\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0445 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439;\n- \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435/\u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u043d\u0435\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0443\u0447\u0451\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://github.com/flatpak/flatpak/commit/72016e3fce8fcbeab707daf4f1a02b931fcc004d\nhttps://github.com/flatpak/flatpak/commit/81abe2a37d363f5099c3d0bdcd0caad6efc5bf97\nhttps://github.com/flatpak/flatpak/commit/b7c1a558e58aaeb1d007d29529bbb270dc4ff11e\nhttps://github.com/flatpak/flatpak/commit/bbab7ed1e672356d1a78b422462b210e8e875931\nhttps://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f \u041e\u0421 \u0420\u041e\u0421\u0410 \"\u041a\u041e\u0411\u0410\u041b\u042c\u0422\": https://abf.rosa.ru/advisories/ROSA-SA-2024-2487\n\n\u0414\u043b\u044f \u041e\u0421 \u0420\u041e\u0421\u0410 \"\u041a\u041e\u0411\u0410\u041b\u042c\u0422\": https://abf.rosa.ru/advisories/ROSA-SA-2024-2487\n\n\u0414\u043b\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c: https://abf.rosa.ru/advisories/ROSA-SA-2025-3004\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f flatpak \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.10.8-0+deb11u3.osnova2u1",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "18.04.2024",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "24.10.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "19.04.2024",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-03113",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-32462",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "\u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u0420\u041e\u0421\u0410 \u041a\u043e\u0431\u0430\u043b\u044c\u0442 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161999), \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161607), Flatpak, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb \u0420\u041e\u0421\u0410 \u041a\u043e\u0431\u0430\u043b\u044c\u0442 7.9 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161999), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c 12.4 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161607), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.14 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 xdg-desktop-portal \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u043c\u0438 \u0438 \u0441\u0440\u0435\u0434\u0430\u043c\u0438 Flatpak, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0439\u0442\u0438 \u0438\u0437 \u0438\u0437\u043e\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u0441\u0440\u0435\u0434\u044b \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0444\u0430\u0439\u043b\u0430\u043c \u0432 \u0431\u0430\u0437\u043e\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0438\u043b\u0438 \u043c\u043e\u0434\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f \u0430\u0440\u0433\u0443\u043c\u0435\u043d\u0442\u0430 (CWE-88)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 xdg-desktop-portal \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u043c\u0438 \u0438 \u0441\u0440\u0435\u0434\u0430\u043c\u0438 Flatpak \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435\u043c \u0438\u043b\u0438 \u043c\u043e\u0434\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0435\u0439 \u0430\u0440\u0433\u0443\u043c\u0435\u043d\u0442\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0439\u0442\u0438 \u0438\u0437 \u0438\u0437\u043e\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u0441\u0440\u0435\u0434\u044b \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0444\u0430\u0439\u043b\u0430\u043c \u0432 \u0431\u0430\u0437\u043e\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/flatpak/flatpak/commit/72016e3fce8fcbeab707daf4f1a02b931fcc004d\nhttps://github.com/flatpak/flatpak/commit/81abe2a37d363f5099c3d0bdcd0caad6efc5bf97\nhttps://github.com/flatpak/flatpak/commit/b7c1a558e58aaeb1d007d29529bbb270dc4ff11e\nhttps://github.com/flatpak/flatpak/commit/bbab7ed1e672356d1a78b422462b210e8e875931\nhttps://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\nhttps://abf.rosa.ru/advisories/ROSA-SA-2024-2487\nhttps://abf.rosa.ru/advisories/ROSA-SA-2024-2487\nhttps://abf.rosa.ru/advisories/ROSA-SA-2025-3004\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.14/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438/\u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-88",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,2)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,4)"
}
CERTFR-2025-AVI-0018
Vulnerability from certfr_avis - Published: 2025-01-09 - Updated: 2025-01-09
De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS | Junos OS versions 22.4.x antérieures à 22.4R3-S5 | ||
| Juniper Networks | Junos Space | Junos Space versions antérieures à 24.1R2 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions antérieures à 21.2R3-S9-EVO | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 23.4.x-EVO antérieures à 23.4R2-S3-EVO | ||
| Juniper Networks | Junos OS | Junos OS versions 24.2.x antérieures à 24.2R1-S2 et 24.2R2 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 23.2.x-EVO antérieures à 23.2R2-S3-EVO | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 21.4.x-EVO antérieures à 21.4R3-S10-EVO | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 22.4.x-EVO antérieures à 22.4R3-S5-EVO | ||
| Juniper Networks | Junos OS | Junos OS versions 22.2.x antérieures à 22.2R3-S5 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 22.3.x-EVO antérieures à 22.3R3-S4-EVO | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 24.2.x-EVO antérieures à 24.2R1-S2-EVO et 24.2R2-EVO | ||
| Juniper Networks | Junos OS | Junos OS versions 22.3.x antérieures à 22.3R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS versions 23.4.x antérieures à 23.4R2-S3 | ||
| Juniper Networks | Junos OS | Junos OS versions 21.4.x antérieures à 21.4R3-S10 | ||
| Juniper Networks | Junos OS | Junos OS versions 23.2.x antérieures à 23.2R2-S3 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 21.2R3-S9 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 22.2.x-EVO antérieures à 22.2R3-S5-EVO |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Junos OS versions 22.4.x ant\u00e9rieures \u00e0 22.4R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space versions ant\u00e9rieures \u00e0 24.1R2",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 21.2R3-S9-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.4.x-EVO ant\u00e9rieures \u00e0 23.4R2-S3-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 24.2.x ant\u00e9rieures \u00e0 24.2R1-S2 et 24.2R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.2.x-EVO ant\u00e9rieures \u00e0 23.2R2-S3-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.4.x-EVO ant\u00e9rieures \u00e0 21.4R3-S10-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.4.x-EVO ant\u00e9rieures \u00e0 22.4R3-S5-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.2.x ant\u00e9rieures \u00e0 22.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.3.x-EVO ant\u00e9rieures \u00e0 22.3R3-S4-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 24.2.x-EVO ant\u00e9rieures \u00e0 24.2R1-S2-EVO et 24.2R2-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.3.x ant\u00e9rieures \u00e0 22.3R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.4.x ant\u00e9rieures \u00e0 23.4R2-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.4.x ant\u00e9rieures \u00e0 21.4R3-S10",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.2.x ant\u00e9rieures \u00e0 23.2R2-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 21.2R3-S9",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.2.x-EVO ant\u00e9rieures \u00e0 22.2R3-S5-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-35875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35875"
},
{
"name": "CVE-2024-35797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35797"
},
{
"name": "CVE-2024-26886",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26886"
},
{
"name": "CVE-2023-52801",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52801"
},
{
"name": "CVE-2024-28834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28834"
},
{
"name": "CVE-2024-26629",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26629"
},
{
"name": "CVE-2025-21592",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21592"
},
{
"name": "CVE-2022-24809",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24809"
},
{
"name": "CVE-2025-21599",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21599"
},
{
"name": "CVE-2024-35791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35791"
},
{
"name": "CVE-2023-3019",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3019"
},
{
"name": "CVE-2022-24805",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24805"
},
{
"name": "CVE-2023-50868",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50868"
},
{
"name": "CVE-2024-45492",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45492"
},
{
"name": "CVE-2024-36883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36883"
},
{
"name": "CVE-2023-3255",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3255"
},
{
"name": "CVE-2024-26946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26946"
},
{
"name": "CVE-2024-26720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26720"
},
{
"name": "CVE-2023-4408",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4408"
},
{
"name": "CVE-2024-45490",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45490"
},
{
"name": "CVE-2024-45491",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45491"
},
{
"name": "CVE-2022-24807",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24807"
},
{
"name": "CVE-2024-39894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39894"
},
{
"name": "CVE-2023-6240",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6240"
},
{
"name": "CVE-2023-6683",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6683"
},
{
"name": "CVE-2024-42131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42131"
},
{
"name": "CVE-2024-1488",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1488"
},
{
"name": "CVE-2022-24810",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24810"
},
{
"name": "CVE-2024-26630",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26630"
},
{
"name": "CVE-2023-5517",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5517"
},
{
"name": "CVE-2024-41073",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41073"
},
{
"name": "CVE-2025-21600",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21600"
},
{
"name": "CVE-2024-42082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42082"
},
{
"name": "CVE-2025-21596",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21596"
},
{
"name": "CVE-2024-32462",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32462"
},
{
"name": "CVE-2016-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
},
{
"name": "CVE-2025-21602",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21602"
},
{
"name": "CVE-2024-25742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25742"
},
{
"name": "CVE-2024-25743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25743"
},
{
"name": "CVE-2024-42096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42096"
},
{
"name": "CVE-2024-38619",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38619"
},
{
"name": "CVE-2025-21593",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21593"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2024-36019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36019"
},
{
"name": "CVE-2024-41040",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41040"
},
{
"name": "CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"name": "CVE-2023-7008",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7008"
},
{
"name": "CVE-2024-40927",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40927"
},
{
"name": "CVE-2024-41055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41055"
},
{
"name": "CVE-2023-50387",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50387"
},
{
"name": "CVE-2024-42102",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42102"
},
{
"name": "CVE-2025-21598",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21598"
},
{
"name": "CVE-2024-40936",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40936"
},
{
"name": "CVE-2006-5051",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-5051"
},
{
"name": "CVE-2024-41096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41096"
},
{
"name": "CVE-2023-6516",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6516"
},
{
"name": "CVE-2024-28835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28835"
},
{
"name": "CVE-2024-41044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41044"
},
{
"name": "CVE-2024-38559",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38559"
},
{
"name": "CVE-2024-6387",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6387"
},
{
"name": "CVE-2022-24806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24806"
},
{
"name": "CVE-2024-36979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36979"
},
{
"name": "CVE-2023-52463",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52463"
},
{
"name": "CVE-2024-36000",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36000"
},
{
"name": "CVE-2023-5679",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5679"
},
{
"name": "CVE-2023-5088",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5088"
},
{
"name": "CVE-2023-42467",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42467"
},
{
"name": "CVE-2022-24808",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24808"
}
],
"initial_release_date": "2025-01-09T00:00:00",
"last_revision_date": "2025-01-09T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0018",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-01-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks",
"vendor_advisories": [
{
"published_at": "2025-01-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-21593",
"url": "https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-On-SRv6-enabled-devices-an-attacker-sending-a-malformed-BGP-update-can-cause-the-rpd-to-crash-CVE-2025-21593"
},
{
"published_at": "2025-01-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-21602",
"url": "https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-specially-crafted-BGP-update-packet-causes-RPD-crash-CVE-2025-21602"
},
{
"published_at": "2025-01-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks 2025-01-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R2-release",
"url": "https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R2-release"
},
{
"published_at": "2025-01-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks 2025-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Multiple-vulnerabilities-resolved-in-OpenSSH",
"url": "https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Multiple-vulnerabilities-resolved-in-OpenSSH"
},
{
"published_at": "2025-01-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-21598",
"url": "https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-BGP-traceoptions-are-configured-receipt-of-malformed-BGP-packets-causes-RPD-to-crash-CVE-2025-21598"
},
{
"published_at": "2025-01-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-21592",
"url": "https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-OS-SRX-Series-Low-privileged-user-able-to-access-highly-sensitive-information-on-file-system-CVE-2025-21592"
},
{
"published_at": "2025-01-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-21599",
"url": "https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-OS-Evolved-Receipt-of-specifically-malformed-IPv6-packets-causes-kernel-memory-exhaustion-leading-to-Denial-of-Service-CVE-2025-21599"
},
{
"published_at": "2025-01-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-21600",
"url": "https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-With-certain-BGP-options-enabled-receipt-of-specifically-malformed-BGP-update-causes-RPD-crash-CVE-2025-21600"
},
{
"published_at": "2025-01-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-21596",
"url": "https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-OS-SRX1500-SRX4100-SRX4200-Execution-of-low-privileged-CLI-command-results-in-chassisd-crash-CVE-2025-21596"
}
]
}
FKIE_CVE-2024-32462
Vulnerability from fkie_nvd - Published: 2024-04-18 18:15 - Updated: 2025-08-21 00:43
Severity
Summary
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument of `flatpak run` expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. However it is possible to instead pass `bwrap` arguments to `--command=`, such as `--bind`. It's possible to pass an arbitrary `commandline` to the portal interface `org.freedesktop.portal.Background.RequestBackground` from within a Flatpak app. When this is converted into a `--command` and arguments, it achieves the same effect of passing arguments directly to `bwrap`, and thus can be used for a sandbox escape. The solution is to pass the `--` argument to `bwrap`, which makes it stop processing options. This has been supported since bubblewrap 0.3.0. All supported versions of Flatpak require at least that version of bubblewrap. xdg-desktop-portal version 1.18.4 will mitigate this vulnerability by only allowing Flatpak apps to create .desktop files for commands that do not start with --. The vulnerability is patched in 1.15.8, 1.10.9, 1.12.9, and 1.14.6.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:flatpak:flatpak:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E60FCEB3-549B-4F83-8BF1-87B9AB1A4D91",
"versionEndExcluding": "1.10.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:flatpak:flatpak:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8FCD122-12F7-46AC-AFBA-45303E6F4761",
"versionEndExcluding": "1.12.9",
"versionStartIncluding": "1.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:flatpak:flatpak:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1CCDB8B-00D2-4C89-A148-DB50CC4A940A",
"versionEndExcluding": "1.14.6",
"versionStartIncluding": "1.14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:flatpak:flatpak:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC3F3728-D443-4387-B00E-A559883BBAF3",
"versionEndExcluding": "1.15.8",
"versionStartIncluding": "1.15.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*",
"matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument of `flatpak run` expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. However it is possible to instead pass `bwrap` arguments to `--command=`, such as `--bind`. It\u0027s possible to pass an arbitrary `commandline` to the portal interface `org.freedesktop.portal.Background.RequestBackground` from within a Flatpak app. When this is converted into a `--command` and arguments, it achieves the same effect of passing arguments directly to `bwrap`, and thus can be used for a sandbox escape. The solution is to pass the `--` argument to `bwrap`, which makes it stop processing options. This has been supported since bubblewrap 0.3.0. All supported versions of Flatpak require at least that version of bubblewrap. xdg-desktop-portal version 1.18.4 will mitigate this vulnerability by only allowing Flatpak apps to create .desktop files for commands that do not start with --. The vulnerability is patched in 1.15.8, 1.10.9, 1.12.9, and 1.14.6."
},
{
"lang": "es",
"value": "Flatpak es un sistema para crear, distribuir y ejecutar aplicaciones de escritorio en espacio aislado en Linux. en versiones anteriores a la 1.10.9, 1.12.9, 1.14.6 y 1.15.8, una aplicaci\u00f3n Flatpak maliciosa o comprometida podr\u00eda ejecutar c\u00f3digo arbitrario fuera de su zona de pruebas. Normalmente, el argumento `--command` de `flatpak run` espera recibir un comando para ejecutar en la aplicaci\u00f3n Flatpak especificada, opcionalmente junto con algunos argumentos. Sin embargo, es posible pasar argumentos `bwrap` a `--command=`, como `--bind`. Es posible pasar una \"l\u00ednea de comando\" arbitraria a la interfaz del portal \"org.freedesktop.portal.Background.RequestBackground\" desde una aplicaci\u00f3n Flatpak. Cuando esto se convierte en un `--command` y argumentos, logra el mismo efecto de pasar argumentos directamente a `bwrap` y, por lo tanto, puede usarse para un escape sandbox. La soluci\u00f3n es pasar el argumento `--` a `bwrap`, lo que hace que deje de procesar las opciones. Esto ha sido compatible desde bubblewrap 0.3.0. Todas las versiones compatibles de Flatpak requieren al menos esa versi\u00f3n de bubblewrap. xdg-desktop-portal versi\u00f3n 1.18.4 mitigar\u00e1 esta vulnerabilidad al permitir que las aplicaciones Flatpak solo creen archivos .desktop para comandos que no comiencen con --. La vulnerabilidad est\u00e1 parcheada en 1.15.8, 1.10.9, 1.12.9 y 1.14.6."
}
],
"id": "CVE-2024-32462",
"lastModified": "2025-08-21T00:43:47.783",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 5.8,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2024-04-18T18:15:09.313",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/18/5"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/flatpak/flatpak/commit/72016e3fce8fcbeab707daf4f1a02b931fcc004d"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/flatpak/flatpak/commit/81abe2a37d363f5099c3d0bdcd0caad6efc5bf97"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/flatpak/flatpak/commit/b7c1a558e58aaeb1d007d29529bbb270dc4ff11e"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/flatpak/flatpak/commit/bbab7ed1e672356d1a78b422462b210e8e875931"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IB6VQAF5S2YOBULDHPUKPOEIKONOP5KO/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFNSCFJVMAQK5AF55JBN7OSJP3CREDBD/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/18/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/flatpak/flatpak/commit/72016e3fce8fcbeab707daf4f1a02b931fcc004d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/flatpak/flatpak/commit/81abe2a37d363f5099c3d0bdcd0caad6efc5bf97"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/flatpak/flatpak/commit/b7c1a558e58aaeb1d007d29529bbb270dc4ff11e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/flatpak/flatpak/commit/bbab7ed1e672356d1a78b422462b210e8e875931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IB6VQAF5S2YOBULDHPUKPOEIKONOP5KO/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFNSCFJVMAQK5AF55JBN7OSJP3CREDBD/"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-88"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
GSD-2024-32462
Vulnerability from gsd - Updated: 2024-04-13 05:02Details
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument of `flatpak run` expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. However it is possible to instead pass `bwrap` arguments to `--command=`, such as `--bind`. It's possible to pass an arbitrary `commandline` to the portal interface `org.freedesktop.portal.Background.RequestBackground` from within a Flatpak app. When this is converted into a `--command` and arguments, it achieves the same effect of passing arguments directly to `bwrap`, and thus can be used for a sandbox escape. The solution is to pass the `--` argument to `bwrap`, which makes it stop processing options. This has been supported since bubblewrap 0.3.0. All supported versions of Flatpak require at least that version of bubblewrap. xdg-desktop-portal version 1.18.4 will mitigate this vulnerability by only allowing Flatpak apps to create .desktop files for commands that do not start with --. The vulnerability is patched in 1.15.8, 1.10.9, 1.12.9, and 1.14.6.
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-32462"
],
"details": "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument of `flatpak run` expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. However it is possible to instead pass `bwrap` arguments to `--command=`, such as `--bind`. It\u0027s possible to pass an arbitrary `commandline` to the portal interface `org.freedesktop.portal.Background.RequestBackground` from within a Flatpak app. When this is converted into a `--command` and arguments, it achieves the same effect of passing arguments directly to `bwrap`, and thus can be used for a sandbox escape. The solution is to pass the `--` argument to `bwrap`, which makes it stop processing options. This has been supported since bubblewrap 0.3.0. All supported versions of Flatpak require at least that version of bubblewrap. xdg-desktop-portal version 1.18.4 will mitigate this vulnerability by only allowing Flatpak apps to create .desktop files for commands that do not start with --. The vulnerability is patched in 1.15.8, 1.10.9, 1.12.9, and 1.14.6.",
"id": "GSD-2024-32462",
"modified": "2024-04-13T05:02:29.046935Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2024-32462",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "flatpak",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "\u003c 1.10.9"
},
{
"version_affected": "=",
"version_value": "\u003e= 1.12.0, \u003c 1.12.9"
},
{
"version_affected": "=",
"version_value": "\u003e= 1.14.0, \u003c 1.14.6"
},
{
"version_affected": "=",
"version_value": "\u003e= 1.15.0, \u003c 1.15.8"
}
]
}
}
]
},
"vendor_name": "flatpak"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument of `flatpak run` expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. However it is possible to instead pass `bwrap` arguments to `--command=`, such as `--bind`. It\u0027s possible to pass an arbitrary `commandline` to the portal interface `org.freedesktop.portal.Background.RequestBackground` from within a Flatpak app. When this is converted into a `--command` and arguments, it achieves the same effect of passing arguments directly to `bwrap`, and thus can be used for a sandbox escape. The solution is to pass the `--` argument to `bwrap`, which makes it stop processing options. This has been supported since bubblewrap 0.3.0. All supported versions of Flatpak require at least that version of bubblewrap. xdg-desktop-portal version 1.18.4 will mitigate this vulnerability by only allowing Flatpak apps to create .desktop files for commands that do not start with --. The vulnerability is patched in 1.15.8, 1.10.9, 1.12.9, and 1.14.6."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-88",
"lang": "eng",
"value": "CWE-88: Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj",
"refsource": "MISC",
"url": "https://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj"
},
{
"name": "https://github.com/flatpak/flatpak/commit/72016e3fce8fcbeab707daf4f1a02b931fcc004d",
"refsource": "MISC",
"url": "https://github.com/flatpak/flatpak/commit/72016e3fce8fcbeab707daf4f1a02b931fcc004d"
},
{
"name": "https://github.com/flatpak/flatpak/commit/81abe2a37d363f5099c3d0bdcd0caad6efc5bf97",
"refsource": "MISC",
"url": "https://github.com/flatpak/flatpak/commit/81abe2a37d363f5099c3d0bdcd0caad6efc5bf97"
},
{
"name": "https://github.com/flatpak/flatpak/commit/b7c1a558e58aaeb1d007d29529bbb270dc4ff11e",
"refsource": "MISC",
"url": "https://github.com/flatpak/flatpak/commit/b7c1a558e58aaeb1d007d29529bbb270dc4ff11e"
},
{
"name": "https://github.com/flatpak/flatpak/commit/bbab7ed1e672356d1a78b422462b210e8e875931",
"refsource": "MISC",
"url": "https://github.com/flatpak/flatpak/commit/bbab7ed1e672356d1a78b422462b210e8e875931"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFNSCFJVMAQK5AF55JBN7OSJP3CREDBD/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFNSCFJVMAQK5AF55JBN7OSJP3CREDBD/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IB6VQAF5S2YOBULDHPUKPOEIKONOP5KO/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IB6VQAF5S2YOBULDHPUKPOEIKONOP5KO/"
}
]
},
"source": {
"advisory": "GHSA-phv6-cpc2-2fgj",
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"cve": {
"descriptions": [
{
"lang": "en",
"value": "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument of `flatpak run` expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. However it is possible to instead pass `bwrap` arguments to `--command=`, such as `--bind`. It\u0027s possible to pass an arbitrary `commandline` to the portal interface `org.freedesktop.portal.Background.RequestBackground` from within a Flatpak app. When this is converted into a `--command` and arguments, it achieves the same effect of passing arguments directly to `bwrap`, and thus can be used for a sandbox escape. The solution is to pass the `--` argument to `bwrap`, which makes it stop processing options. This has been supported since bubblewrap 0.3.0. All supported versions of Flatpak require at least that version of bubblewrap. xdg-desktop-portal version 1.18.4 will mitigate this vulnerability by only allowing Flatpak apps to create .desktop files for commands that do not start with --. The vulnerability is patched in 1.15.8, 1.10.9, 1.12.9, and 1.14.6."
},
{
"lang": "es",
"value": "Flatpak es un sistema para crear, distribuir y ejecutar aplicaciones de escritorio en espacio aislado en Linux. en versiones anteriores a la 1.10.9, 1.12.9, 1.14.6 y 1.15.8, una aplicaci\u00f3n Flatpak maliciosa o comprometida podr\u00eda ejecutar c\u00f3digo arbitrario fuera de su zona de pruebas. Normalmente, el argumento `--command` de `flatpak run` espera recibir un comando para ejecutar en la aplicaci\u00f3n Flatpak especificada, opcionalmente junto con algunos argumentos. Sin embargo, es posible pasar argumentos `bwrap` a `--command=`, como `--bind`. Es posible pasar una \"l\u00ednea de comando\" arbitraria a la interfaz del portal \"org.freedesktop.portal.Background.RequestBackground\" desde una aplicaci\u00f3n Flatpak. Cuando esto se convierte en un `--command` y argumentos, logra el mismo efecto de pasar argumentos directamente a `bwrap` y, por lo tanto, puede usarse para un escape sandbox. La soluci\u00f3n es pasar el argumento `--` a `bwrap`, lo que hace que deje de procesar las opciones. Esto ha sido compatible desde bubblewrap 0.3.0. Todas las versiones compatibles de Flatpak requieren al menos esa versi\u00f3n de bubblewrap. xdg-desktop-portal versi\u00f3n 1.18.4 mitigar\u00e1 esta vulnerabilidad al permitir que las aplicaciones Flatpak solo creen archivos .desktop para comandos que no comiencen con --. La vulnerabilidad est\u00e1 parcheada en 1.15.8, 1.10.9, 1.12.9 y 1.14.6."
}
],
"id": "CVE-2024-32462",
"lastModified": "2024-04-25T06:15:59.887",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 5.8,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2024-04-18T18:15:09.313",
"references": [
{
"source": "security-advisories@github.com",
"url": "https://github.com/flatpak/flatpak/commit/72016e3fce8fcbeab707daf4f1a02b931fcc004d"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/flatpak/flatpak/commit/81abe2a37d363f5099c3d0bdcd0caad6efc5bf97"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/flatpak/flatpak/commit/b7c1a558e58aaeb1d007d29529bbb270dc4ff11e"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/flatpak/flatpak/commit/bbab7ed1e672356d1a78b422462b210e8e875931"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IB6VQAF5S2YOBULDHPUKPOEIKONOP5KO/"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFNSCFJVMAQK5AF55JBN7OSJP3CREDBD/"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-88"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
}
}
}
OPENSUSE-SU-2024:13899-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
flatpak-1.15.8-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: flatpak-1.15.8-1.1 on GA media
Description of the patch: These are all security issues fixed in the flatpak-1.15.8-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-13899
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.4 (High)
Affected products
Recommended
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:flatpak-1.15.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:flatpak-1.15.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:flatpak-1.15.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:flatpak-1.15.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:flatpak-devel-1.15.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:flatpak-devel-1.15.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:flatpak-devel-1.15.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:flatpak-devel-1.15.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:flatpak-remote-flathub-1.15.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:flatpak-remote-flathub-1.15.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:flatpak-remote-flathub-1.15.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:flatpak-remote-flathub-1.15.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:flatpak-selinux-1.15.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:flatpak-selinux-1.15.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:flatpak-selinux-1.15.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:flatpak-selinux-1.15.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:flatpak-zsh-completion-1.15.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:flatpak-zsh-completion-1.15.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:flatpak-zsh-completion-1.15.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:flatpak-zsh-completion-1.15.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libflatpak0-1.15.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libflatpak0-1.15.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libflatpak0-1.15.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libflatpak0-1.15.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:system-user-flatpak-1.15.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:system-user-flatpak-1.15.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:system-user-flatpak-1.15.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:system-user-flatpak-1.15.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.15.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.15.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.15.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.15.8-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
5 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "flatpak-1.15.8-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the flatpak-1.15.8-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13899",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13899-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-32462 page",
"url": "https://www.suse.com/security/cve/CVE-2024-32462/"
}
],
"title": "flatpak-1.15.8-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13899-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "flatpak-1.15.8-1.1.aarch64",
"product": {
"name": "flatpak-1.15.8-1.1.aarch64",
"product_id": "flatpak-1.15.8-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "flatpak-devel-1.15.8-1.1.aarch64",
"product": {
"name": "flatpak-devel-1.15.8-1.1.aarch64",
"product_id": "flatpak-devel-1.15.8-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "flatpak-remote-flathub-1.15.8-1.1.aarch64",
"product": {
"name": "flatpak-remote-flathub-1.15.8-1.1.aarch64",
"product_id": "flatpak-remote-flathub-1.15.8-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "flatpak-selinux-1.15.8-1.1.aarch64",
"product": {
"name": "flatpak-selinux-1.15.8-1.1.aarch64",
"product_id": "flatpak-selinux-1.15.8-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "flatpak-zsh-completion-1.15.8-1.1.aarch64",
"product": {
"name": "flatpak-zsh-completion-1.15.8-1.1.aarch64",
"product_id": "flatpak-zsh-completion-1.15.8-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libflatpak0-1.15.8-1.1.aarch64",
"product": {
"name": "libflatpak0-1.15.8-1.1.aarch64",
"product_id": "libflatpak0-1.15.8-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "system-user-flatpak-1.15.8-1.1.aarch64",
"product": {
"name": "system-user-flatpak-1.15.8-1.1.aarch64",
"product_id": "system-user-flatpak-1.15.8-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Flatpak-1_0-1.15.8-1.1.aarch64",
"product": {
"name": "typelib-1_0-Flatpak-1_0-1.15.8-1.1.aarch64",
"product_id": "typelib-1_0-Flatpak-1_0-1.15.8-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "flatpak-1.15.8-1.1.ppc64le",
"product": {
"name": "flatpak-1.15.8-1.1.ppc64le",
"product_id": "flatpak-1.15.8-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "flatpak-devel-1.15.8-1.1.ppc64le",
"product": {
"name": "flatpak-devel-1.15.8-1.1.ppc64le",
"product_id": "flatpak-devel-1.15.8-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "flatpak-remote-flathub-1.15.8-1.1.ppc64le",
"product": {
"name": "flatpak-remote-flathub-1.15.8-1.1.ppc64le",
"product_id": "flatpak-remote-flathub-1.15.8-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "flatpak-selinux-1.15.8-1.1.ppc64le",
"product": {
"name": "flatpak-selinux-1.15.8-1.1.ppc64le",
"product_id": "flatpak-selinux-1.15.8-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "flatpak-zsh-completion-1.15.8-1.1.ppc64le",
"product": {
"name": "flatpak-zsh-completion-1.15.8-1.1.ppc64le",
"product_id": "flatpak-zsh-completion-1.15.8-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libflatpak0-1.15.8-1.1.ppc64le",
"product": {
"name": "libflatpak0-1.15.8-1.1.ppc64le",
"product_id": "libflatpak0-1.15.8-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "system-user-flatpak-1.15.8-1.1.ppc64le",
"product": {
"name": "system-user-flatpak-1.15.8-1.1.ppc64le",
"product_id": "system-user-flatpak-1.15.8-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Flatpak-1_0-1.15.8-1.1.ppc64le",
"product": {
"name": "typelib-1_0-Flatpak-1_0-1.15.8-1.1.ppc64le",
"product_id": "typelib-1_0-Flatpak-1_0-1.15.8-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "flatpak-1.15.8-1.1.s390x",
"product": {
"name": "flatpak-1.15.8-1.1.s390x",
"product_id": "flatpak-1.15.8-1.1.s390x"
}
},
{
"category": "product_version",
"name": "flatpak-devel-1.15.8-1.1.s390x",
"product": {
"name": "flatpak-devel-1.15.8-1.1.s390x",
"product_id": "flatpak-devel-1.15.8-1.1.s390x"
}
},
{
"category": "product_version",
"name": "flatpak-remote-flathub-1.15.8-1.1.s390x",
"product": {
"name": "flatpak-remote-flathub-1.15.8-1.1.s390x",
"product_id": "flatpak-remote-flathub-1.15.8-1.1.s390x"
}
},
{
"category": "product_version",
"name": "flatpak-selinux-1.15.8-1.1.s390x",
"product": {
"name": "flatpak-selinux-1.15.8-1.1.s390x",
"product_id": "flatpak-selinux-1.15.8-1.1.s390x"
}
},
{
"category": "product_version",
"name": "flatpak-zsh-completion-1.15.8-1.1.s390x",
"product": {
"name": "flatpak-zsh-completion-1.15.8-1.1.s390x",
"product_id": "flatpak-zsh-completion-1.15.8-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libflatpak0-1.15.8-1.1.s390x",
"product": {
"name": "libflatpak0-1.15.8-1.1.s390x",
"product_id": "libflatpak0-1.15.8-1.1.s390x"
}
},
{
"category": "product_version",
"name": "system-user-flatpak-1.15.8-1.1.s390x",
"product": {
"name": "system-user-flatpak-1.15.8-1.1.s390x",
"product_id": "system-user-flatpak-1.15.8-1.1.s390x"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Flatpak-1_0-1.15.8-1.1.s390x",
"product": {
"name": "typelib-1_0-Flatpak-1_0-1.15.8-1.1.s390x",
"product_id": "typelib-1_0-Flatpak-1_0-1.15.8-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "flatpak-1.15.8-1.1.x86_64",
"product": {
"name": "flatpak-1.15.8-1.1.x86_64",
"product_id": "flatpak-1.15.8-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "flatpak-devel-1.15.8-1.1.x86_64",
"product": {
"name": "flatpak-devel-1.15.8-1.1.x86_64",
"product_id": "flatpak-devel-1.15.8-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "flatpak-remote-flathub-1.15.8-1.1.x86_64",
"product": {
"name": "flatpak-remote-flathub-1.15.8-1.1.x86_64",
"product_id": "flatpak-remote-flathub-1.15.8-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "flatpak-selinux-1.15.8-1.1.x86_64",
"product": {
"name": "flatpak-selinux-1.15.8-1.1.x86_64",
"product_id": "flatpak-selinux-1.15.8-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "flatpak-zsh-completion-1.15.8-1.1.x86_64",
"product": {
"name": "flatpak-zsh-completion-1.15.8-1.1.x86_64",
"product_id": "flatpak-zsh-completion-1.15.8-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libflatpak0-1.15.8-1.1.x86_64",
"product": {
"name": "libflatpak0-1.15.8-1.1.x86_64",
"product_id": "libflatpak0-1.15.8-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "system-user-flatpak-1.15.8-1.1.x86_64",
"product": {
"name": "system-user-flatpak-1.15.8-1.1.x86_64",
"product_id": "system-user-flatpak-1.15.8-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Flatpak-1_0-1.15.8-1.1.x86_64",
"product": {
"name": "typelib-1_0-Flatpak-1_0-1.15.8-1.1.x86_64",
"product_id": "typelib-1_0-Flatpak-1_0-1.15.8-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-1.15.8-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:flatpak-1.15.8-1.1.aarch64"
},
"product_reference": "flatpak-1.15.8-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-1.15.8-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:flatpak-1.15.8-1.1.ppc64le"
},
"product_reference": "flatpak-1.15.8-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-1.15.8-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:flatpak-1.15.8-1.1.s390x"
},
"product_reference": "flatpak-1.15.8-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-1.15.8-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:flatpak-1.15.8-1.1.x86_64"
},
"product_reference": "flatpak-1.15.8-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-1.15.8-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:flatpak-devel-1.15.8-1.1.aarch64"
},
"product_reference": "flatpak-devel-1.15.8-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-1.15.8-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:flatpak-devel-1.15.8-1.1.ppc64le"
},
"product_reference": "flatpak-devel-1.15.8-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-1.15.8-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:flatpak-devel-1.15.8-1.1.s390x"
},
"product_reference": "flatpak-devel-1.15.8-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-1.15.8-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:flatpak-devel-1.15.8-1.1.x86_64"
},
"product_reference": "flatpak-devel-1.15.8-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-remote-flathub-1.15.8-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:flatpak-remote-flathub-1.15.8-1.1.aarch64"
},
"product_reference": "flatpak-remote-flathub-1.15.8-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-remote-flathub-1.15.8-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:flatpak-remote-flathub-1.15.8-1.1.ppc64le"
},
"product_reference": "flatpak-remote-flathub-1.15.8-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-remote-flathub-1.15.8-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:flatpak-remote-flathub-1.15.8-1.1.s390x"
},
"product_reference": "flatpak-remote-flathub-1.15.8-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-remote-flathub-1.15.8-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:flatpak-remote-flathub-1.15.8-1.1.x86_64"
},
"product_reference": "flatpak-remote-flathub-1.15.8-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-selinux-1.15.8-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:flatpak-selinux-1.15.8-1.1.aarch64"
},
"product_reference": "flatpak-selinux-1.15.8-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-selinux-1.15.8-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:flatpak-selinux-1.15.8-1.1.ppc64le"
},
"product_reference": "flatpak-selinux-1.15.8-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-selinux-1.15.8-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:flatpak-selinux-1.15.8-1.1.s390x"
},
"product_reference": "flatpak-selinux-1.15.8-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-selinux-1.15.8-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:flatpak-selinux-1.15.8-1.1.x86_64"
},
"product_reference": "flatpak-selinux-1.15.8-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-zsh-completion-1.15.8-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:flatpak-zsh-completion-1.15.8-1.1.aarch64"
},
"product_reference": "flatpak-zsh-completion-1.15.8-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-zsh-completion-1.15.8-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:flatpak-zsh-completion-1.15.8-1.1.ppc64le"
},
"product_reference": "flatpak-zsh-completion-1.15.8-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-zsh-completion-1.15.8-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:flatpak-zsh-completion-1.15.8-1.1.s390x"
},
"product_reference": "flatpak-zsh-completion-1.15.8-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-zsh-completion-1.15.8-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:flatpak-zsh-completion-1.15.8-1.1.x86_64"
},
"product_reference": "flatpak-zsh-completion-1.15.8-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libflatpak0-1.15.8-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libflatpak0-1.15.8-1.1.aarch64"
},
"product_reference": "libflatpak0-1.15.8-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libflatpak0-1.15.8-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libflatpak0-1.15.8-1.1.ppc64le"
},
"product_reference": "libflatpak0-1.15.8-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libflatpak0-1.15.8-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libflatpak0-1.15.8-1.1.s390x"
},
"product_reference": "libflatpak0-1.15.8-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libflatpak0-1.15.8-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libflatpak0-1.15.8-1.1.x86_64"
},
"product_reference": "libflatpak0-1.15.8-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-user-flatpak-1.15.8-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:system-user-flatpak-1.15.8-1.1.aarch64"
},
"product_reference": "system-user-flatpak-1.15.8-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-user-flatpak-1.15.8-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:system-user-flatpak-1.15.8-1.1.ppc64le"
},
"product_reference": "system-user-flatpak-1.15.8-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-user-flatpak-1.15.8-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:system-user-flatpak-1.15.8-1.1.s390x"
},
"product_reference": "system-user-flatpak-1.15.8-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-user-flatpak-1.15.8-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:system-user-flatpak-1.15.8-1.1.x86_64"
},
"product_reference": "system-user-flatpak-1.15.8-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Flatpak-1_0-1.15.8-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.15.8-1.1.aarch64"
},
"product_reference": "typelib-1_0-Flatpak-1_0-1.15.8-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Flatpak-1_0-1.15.8-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.15.8-1.1.ppc64le"
},
"product_reference": "typelib-1_0-Flatpak-1_0-1.15.8-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Flatpak-1_0-1.15.8-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.15.8-1.1.s390x"
},
"product_reference": "typelib-1_0-Flatpak-1_0-1.15.8-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Flatpak-1_0-1.15.8-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.15.8-1.1.x86_64"
},
"product_reference": "typelib-1_0-Flatpak-1_0-1.15.8-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-32462",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-32462"
}
],
"notes": [
{
"category": "general",
"text": "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument of `flatpak run` expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. However it is possible to instead pass `bwrap` arguments to `--command=`, such as `--bind`. It\u0027s possible to pass an arbitrary `commandline` to the portal interface `org.freedesktop.portal.Background.RequestBackground` from within a Flatpak app. When this is converted into a `--command` and arguments, it achieves the same effect of passing arguments directly to `bwrap`, and thus can be used for a sandbox escape. The solution is to pass the `--` argument to `bwrap`, which makes it stop processing options. This has been supported since bubblewrap 0.3.0. All supported versions of Flatpak require at least that version of bubblewrap. xdg-desktop-portal version 1.18.4 will mitigate this vulnerability by only allowing Flatpak apps to create .desktop files for commands that do not start with --. The vulnerability is patched in 1.15.8, 1.10.9, 1.12.9, and 1.14.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:flatpak-1.15.8-1.1.aarch64",
"openSUSE Tumbleweed:flatpak-1.15.8-1.1.ppc64le",
"openSUSE Tumbleweed:flatpak-1.15.8-1.1.s390x",
"openSUSE Tumbleweed:flatpak-1.15.8-1.1.x86_64",
"openSUSE Tumbleweed:flatpak-devel-1.15.8-1.1.aarch64",
"openSUSE Tumbleweed:flatpak-devel-1.15.8-1.1.ppc64le",
"openSUSE Tumbleweed:flatpak-devel-1.15.8-1.1.s390x",
"openSUSE Tumbleweed:flatpak-devel-1.15.8-1.1.x86_64",
"openSUSE Tumbleweed:flatpak-remote-flathub-1.15.8-1.1.aarch64",
"openSUSE Tumbleweed:flatpak-remote-flathub-1.15.8-1.1.ppc64le",
"openSUSE Tumbleweed:flatpak-remote-flathub-1.15.8-1.1.s390x",
"openSUSE Tumbleweed:flatpak-remote-flathub-1.15.8-1.1.x86_64",
"openSUSE Tumbleweed:flatpak-selinux-1.15.8-1.1.aarch64",
"openSUSE Tumbleweed:flatpak-selinux-1.15.8-1.1.ppc64le",
"openSUSE Tumbleweed:flatpak-selinux-1.15.8-1.1.s390x",
"openSUSE Tumbleweed:flatpak-selinux-1.15.8-1.1.x86_64",
"openSUSE Tumbleweed:flatpak-zsh-completion-1.15.8-1.1.aarch64",
"openSUSE Tumbleweed:flatpak-zsh-completion-1.15.8-1.1.ppc64le",
"openSUSE Tumbleweed:flatpak-zsh-completion-1.15.8-1.1.s390x",
"openSUSE Tumbleweed:flatpak-zsh-completion-1.15.8-1.1.x86_64",
"openSUSE Tumbleweed:libflatpak0-1.15.8-1.1.aarch64",
"openSUSE Tumbleweed:libflatpak0-1.15.8-1.1.ppc64le",
"openSUSE Tumbleweed:libflatpak0-1.15.8-1.1.s390x",
"openSUSE Tumbleweed:libflatpak0-1.15.8-1.1.x86_64",
"openSUSE Tumbleweed:system-user-flatpak-1.15.8-1.1.aarch64",
"openSUSE Tumbleweed:system-user-flatpak-1.15.8-1.1.ppc64le",
"openSUSE Tumbleweed:system-user-flatpak-1.15.8-1.1.s390x",
"openSUSE Tumbleweed:system-user-flatpak-1.15.8-1.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.15.8-1.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.15.8-1.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.15.8-1.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.15.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-32462",
"url": "https://www.suse.com/security/cve/CVE-2024-32462"
},
{
"category": "external",
"summary": "SUSE Bug 1223110 for CVE-2024-32462",
"url": "https://bugzilla.suse.com/1223110"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:flatpak-1.15.8-1.1.aarch64",
"openSUSE Tumbleweed:flatpak-1.15.8-1.1.ppc64le",
"openSUSE Tumbleweed:flatpak-1.15.8-1.1.s390x",
"openSUSE Tumbleweed:flatpak-1.15.8-1.1.x86_64",
"openSUSE Tumbleweed:flatpak-devel-1.15.8-1.1.aarch64",
"openSUSE Tumbleweed:flatpak-devel-1.15.8-1.1.ppc64le",
"openSUSE Tumbleweed:flatpak-devel-1.15.8-1.1.s390x",
"openSUSE Tumbleweed:flatpak-devel-1.15.8-1.1.x86_64",
"openSUSE Tumbleweed:flatpak-remote-flathub-1.15.8-1.1.aarch64",
"openSUSE Tumbleweed:flatpak-remote-flathub-1.15.8-1.1.ppc64le",
"openSUSE Tumbleweed:flatpak-remote-flathub-1.15.8-1.1.s390x",
"openSUSE Tumbleweed:flatpak-remote-flathub-1.15.8-1.1.x86_64",
"openSUSE Tumbleweed:flatpak-selinux-1.15.8-1.1.aarch64",
"openSUSE Tumbleweed:flatpak-selinux-1.15.8-1.1.ppc64le",
"openSUSE Tumbleweed:flatpak-selinux-1.15.8-1.1.s390x",
"openSUSE Tumbleweed:flatpak-selinux-1.15.8-1.1.x86_64",
"openSUSE Tumbleweed:flatpak-zsh-completion-1.15.8-1.1.aarch64",
"openSUSE Tumbleweed:flatpak-zsh-completion-1.15.8-1.1.ppc64le",
"openSUSE Tumbleweed:flatpak-zsh-completion-1.15.8-1.1.s390x",
"openSUSE Tumbleweed:flatpak-zsh-completion-1.15.8-1.1.x86_64",
"openSUSE Tumbleweed:libflatpak0-1.15.8-1.1.aarch64",
"openSUSE Tumbleweed:libflatpak0-1.15.8-1.1.ppc64le",
"openSUSE Tumbleweed:libflatpak0-1.15.8-1.1.s390x",
"openSUSE Tumbleweed:libflatpak0-1.15.8-1.1.x86_64",
"openSUSE Tumbleweed:system-user-flatpak-1.15.8-1.1.aarch64",
"openSUSE Tumbleweed:system-user-flatpak-1.15.8-1.1.ppc64le",
"openSUSE Tumbleweed:system-user-flatpak-1.15.8-1.1.s390x",
"openSUSE Tumbleweed:system-user-flatpak-1.15.8-1.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.15.8-1.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.15.8-1.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.15.8-1.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.15.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:flatpak-1.15.8-1.1.aarch64",
"openSUSE Tumbleweed:flatpak-1.15.8-1.1.ppc64le",
"openSUSE Tumbleweed:flatpak-1.15.8-1.1.s390x",
"openSUSE Tumbleweed:flatpak-1.15.8-1.1.x86_64",
"openSUSE Tumbleweed:flatpak-devel-1.15.8-1.1.aarch64",
"openSUSE Tumbleweed:flatpak-devel-1.15.8-1.1.ppc64le",
"openSUSE Tumbleweed:flatpak-devel-1.15.8-1.1.s390x",
"openSUSE Tumbleweed:flatpak-devel-1.15.8-1.1.x86_64",
"openSUSE Tumbleweed:flatpak-remote-flathub-1.15.8-1.1.aarch64",
"openSUSE Tumbleweed:flatpak-remote-flathub-1.15.8-1.1.ppc64le",
"openSUSE Tumbleweed:flatpak-remote-flathub-1.15.8-1.1.s390x",
"openSUSE Tumbleweed:flatpak-remote-flathub-1.15.8-1.1.x86_64",
"openSUSE Tumbleweed:flatpak-selinux-1.15.8-1.1.aarch64",
"openSUSE Tumbleweed:flatpak-selinux-1.15.8-1.1.ppc64le",
"openSUSE Tumbleweed:flatpak-selinux-1.15.8-1.1.s390x",
"openSUSE Tumbleweed:flatpak-selinux-1.15.8-1.1.x86_64",
"openSUSE Tumbleweed:flatpak-zsh-completion-1.15.8-1.1.aarch64",
"openSUSE Tumbleweed:flatpak-zsh-completion-1.15.8-1.1.ppc64le",
"openSUSE Tumbleweed:flatpak-zsh-completion-1.15.8-1.1.s390x",
"openSUSE Tumbleweed:flatpak-zsh-completion-1.15.8-1.1.x86_64",
"openSUSE Tumbleweed:libflatpak0-1.15.8-1.1.aarch64",
"openSUSE Tumbleweed:libflatpak0-1.15.8-1.1.ppc64le",
"openSUSE Tumbleweed:libflatpak0-1.15.8-1.1.s390x",
"openSUSE Tumbleweed:libflatpak0-1.15.8-1.1.x86_64",
"openSUSE Tumbleweed:system-user-flatpak-1.15.8-1.1.aarch64",
"openSUSE Tumbleweed:system-user-flatpak-1.15.8-1.1.ppc64le",
"openSUSE Tumbleweed:system-user-flatpak-1.15.8-1.1.s390x",
"openSUSE Tumbleweed:system-user-flatpak-1.15.8-1.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.15.8-1.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.15.8-1.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.15.8-1.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.15.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-32462"
}
]
}
OPENSUSE-SU-2024:13985-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
xdg-desktop-portal-1.18.4-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: xdg-desktop-portal-1.18.4-1.1 on GA media
Description of the patch: These are all security issues fixed in the xdg-desktop-portal-1.18.4-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-13985
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.4 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:xdg-desktop-portal-1.18.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xdg-desktop-portal-1.18.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xdg-desktop-portal-1.18.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xdg-desktop-portal-1.18.4-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xdg-desktop-portal-devel-1.18.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xdg-desktop-portal-devel-1.18.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xdg-desktop-portal-devel-1.18.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xdg-desktop-portal-devel-1.18.4-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xdg-desktop-portal-lang-1.18.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xdg-desktop-portal-lang-1.18.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xdg-desktop-portal-lang-1.18.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xdg-desktop-portal-lang-1.18.4-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
5 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "xdg-desktop-portal-1.18.4-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the xdg-desktop-portal-1.18.4-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13985",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13985-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-32462 page",
"url": "https://www.suse.com/security/cve/CVE-2024-32462/"
}
],
"title": "xdg-desktop-portal-1.18.4-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13985-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xdg-desktop-portal-1.18.4-1.1.aarch64",
"product": {
"name": "xdg-desktop-portal-1.18.4-1.1.aarch64",
"product_id": "xdg-desktop-portal-1.18.4-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "xdg-desktop-portal-devel-1.18.4-1.1.aarch64",
"product": {
"name": "xdg-desktop-portal-devel-1.18.4-1.1.aarch64",
"product_id": "xdg-desktop-portal-devel-1.18.4-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "xdg-desktop-portal-lang-1.18.4-1.1.aarch64",
"product": {
"name": "xdg-desktop-portal-lang-1.18.4-1.1.aarch64",
"product_id": "xdg-desktop-portal-lang-1.18.4-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xdg-desktop-portal-1.18.4-1.1.ppc64le",
"product": {
"name": "xdg-desktop-portal-1.18.4-1.1.ppc64le",
"product_id": "xdg-desktop-portal-1.18.4-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "xdg-desktop-portal-devel-1.18.4-1.1.ppc64le",
"product": {
"name": "xdg-desktop-portal-devel-1.18.4-1.1.ppc64le",
"product_id": "xdg-desktop-portal-devel-1.18.4-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "xdg-desktop-portal-lang-1.18.4-1.1.ppc64le",
"product": {
"name": "xdg-desktop-portal-lang-1.18.4-1.1.ppc64le",
"product_id": "xdg-desktop-portal-lang-1.18.4-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "xdg-desktop-portal-1.18.4-1.1.s390x",
"product": {
"name": "xdg-desktop-portal-1.18.4-1.1.s390x",
"product_id": "xdg-desktop-portal-1.18.4-1.1.s390x"
}
},
{
"category": "product_version",
"name": "xdg-desktop-portal-devel-1.18.4-1.1.s390x",
"product": {
"name": "xdg-desktop-portal-devel-1.18.4-1.1.s390x",
"product_id": "xdg-desktop-portal-devel-1.18.4-1.1.s390x"
}
},
{
"category": "product_version",
"name": "xdg-desktop-portal-lang-1.18.4-1.1.s390x",
"product": {
"name": "xdg-desktop-portal-lang-1.18.4-1.1.s390x",
"product_id": "xdg-desktop-portal-lang-1.18.4-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "xdg-desktop-portal-1.18.4-1.1.x86_64",
"product": {
"name": "xdg-desktop-portal-1.18.4-1.1.x86_64",
"product_id": "xdg-desktop-portal-1.18.4-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "xdg-desktop-portal-devel-1.18.4-1.1.x86_64",
"product": {
"name": "xdg-desktop-portal-devel-1.18.4-1.1.x86_64",
"product_id": "xdg-desktop-portal-devel-1.18.4-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "xdg-desktop-portal-lang-1.18.4-1.1.x86_64",
"product": {
"name": "xdg-desktop-portal-lang-1.18.4-1.1.x86_64",
"product_id": "xdg-desktop-portal-lang-1.18.4-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.18.4-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xdg-desktop-portal-1.18.4-1.1.aarch64"
},
"product_reference": "xdg-desktop-portal-1.18.4-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.18.4-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xdg-desktop-portal-1.18.4-1.1.ppc64le"
},
"product_reference": "xdg-desktop-portal-1.18.4-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.18.4-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xdg-desktop-portal-1.18.4-1.1.s390x"
},
"product_reference": "xdg-desktop-portal-1.18.4-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.18.4-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xdg-desktop-portal-1.18.4-1.1.x86_64"
},
"product_reference": "xdg-desktop-portal-1.18.4-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-devel-1.18.4-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xdg-desktop-portal-devel-1.18.4-1.1.aarch64"
},
"product_reference": "xdg-desktop-portal-devel-1.18.4-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-devel-1.18.4-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xdg-desktop-portal-devel-1.18.4-1.1.ppc64le"
},
"product_reference": "xdg-desktop-portal-devel-1.18.4-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-devel-1.18.4-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xdg-desktop-portal-devel-1.18.4-1.1.s390x"
},
"product_reference": "xdg-desktop-portal-devel-1.18.4-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-devel-1.18.4-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xdg-desktop-portal-devel-1.18.4-1.1.x86_64"
},
"product_reference": "xdg-desktop-portal-devel-1.18.4-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-lang-1.18.4-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xdg-desktop-portal-lang-1.18.4-1.1.aarch64"
},
"product_reference": "xdg-desktop-portal-lang-1.18.4-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-lang-1.18.4-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xdg-desktop-portal-lang-1.18.4-1.1.ppc64le"
},
"product_reference": "xdg-desktop-portal-lang-1.18.4-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-lang-1.18.4-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xdg-desktop-portal-lang-1.18.4-1.1.s390x"
},
"product_reference": "xdg-desktop-portal-lang-1.18.4-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-lang-1.18.4-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xdg-desktop-portal-lang-1.18.4-1.1.x86_64"
},
"product_reference": "xdg-desktop-portal-lang-1.18.4-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-32462",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-32462"
}
],
"notes": [
{
"category": "general",
"text": "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument of `flatpak run` expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. However it is possible to instead pass `bwrap` arguments to `--command=`, such as `--bind`. It\u0027s possible to pass an arbitrary `commandline` to the portal interface `org.freedesktop.portal.Background.RequestBackground` from within a Flatpak app. When this is converted into a `--command` and arguments, it achieves the same effect of passing arguments directly to `bwrap`, and thus can be used for a sandbox escape. The solution is to pass the `--` argument to `bwrap`, which makes it stop processing options. This has been supported since bubblewrap 0.3.0. All supported versions of Flatpak require at least that version of bubblewrap. xdg-desktop-portal version 1.18.4 will mitigate this vulnerability by only allowing Flatpak apps to create .desktop files for commands that do not start with --. The vulnerability is patched in 1.15.8, 1.10.9, 1.12.9, and 1.14.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:xdg-desktop-portal-1.18.4-1.1.aarch64",
"openSUSE Tumbleweed:xdg-desktop-portal-1.18.4-1.1.ppc64le",
"openSUSE Tumbleweed:xdg-desktop-portal-1.18.4-1.1.s390x",
"openSUSE Tumbleweed:xdg-desktop-portal-1.18.4-1.1.x86_64",
"openSUSE Tumbleweed:xdg-desktop-portal-devel-1.18.4-1.1.aarch64",
"openSUSE Tumbleweed:xdg-desktop-portal-devel-1.18.4-1.1.ppc64le",
"openSUSE Tumbleweed:xdg-desktop-portal-devel-1.18.4-1.1.s390x",
"openSUSE Tumbleweed:xdg-desktop-portal-devel-1.18.4-1.1.x86_64",
"openSUSE Tumbleweed:xdg-desktop-portal-lang-1.18.4-1.1.aarch64",
"openSUSE Tumbleweed:xdg-desktop-portal-lang-1.18.4-1.1.ppc64le",
"openSUSE Tumbleweed:xdg-desktop-portal-lang-1.18.4-1.1.s390x",
"openSUSE Tumbleweed:xdg-desktop-portal-lang-1.18.4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-32462",
"url": "https://www.suse.com/security/cve/CVE-2024-32462"
},
{
"category": "external",
"summary": "SUSE Bug 1223110 for CVE-2024-32462",
"url": "https://bugzilla.suse.com/1223110"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:xdg-desktop-portal-1.18.4-1.1.aarch64",
"openSUSE Tumbleweed:xdg-desktop-portal-1.18.4-1.1.ppc64le",
"openSUSE Tumbleweed:xdg-desktop-portal-1.18.4-1.1.s390x",
"openSUSE Tumbleweed:xdg-desktop-portal-1.18.4-1.1.x86_64",
"openSUSE Tumbleweed:xdg-desktop-portal-devel-1.18.4-1.1.aarch64",
"openSUSE Tumbleweed:xdg-desktop-portal-devel-1.18.4-1.1.ppc64le",
"openSUSE Tumbleweed:xdg-desktop-portal-devel-1.18.4-1.1.s390x",
"openSUSE Tumbleweed:xdg-desktop-portal-devel-1.18.4-1.1.x86_64",
"openSUSE Tumbleweed:xdg-desktop-portal-lang-1.18.4-1.1.aarch64",
"openSUSE Tumbleweed:xdg-desktop-portal-lang-1.18.4-1.1.ppc64le",
"openSUSE Tumbleweed:xdg-desktop-portal-lang-1.18.4-1.1.s390x",
"openSUSE Tumbleweed:xdg-desktop-portal-lang-1.18.4-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:xdg-desktop-portal-1.18.4-1.1.aarch64",
"openSUSE Tumbleweed:xdg-desktop-portal-1.18.4-1.1.ppc64le",
"openSUSE Tumbleweed:xdg-desktop-portal-1.18.4-1.1.s390x",
"openSUSE Tumbleweed:xdg-desktop-portal-1.18.4-1.1.x86_64",
"openSUSE Tumbleweed:xdg-desktop-portal-devel-1.18.4-1.1.aarch64",
"openSUSE Tumbleweed:xdg-desktop-portal-devel-1.18.4-1.1.ppc64le",
"openSUSE Tumbleweed:xdg-desktop-portal-devel-1.18.4-1.1.s390x",
"openSUSE Tumbleweed:xdg-desktop-portal-devel-1.18.4-1.1.x86_64",
"openSUSE Tumbleweed:xdg-desktop-portal-lang-1.18.4-1.1.aarch64",
"openSUSE Tumbleweed:xdg-desktop-portal-lang-1.18.4-1.1.ppc64le",
"openSUSE Tumbleweed:xdg-desktop-portal-lang-1.18.4-1.1.s390x",
"openSUSE Tumbleweed:xdg-desktop-portal-lang-1.18.4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-32462"
}
]
}
RHSA-2024:3959
Vulnerability from csaf_redhat - Published: 2024-06-17 16:24 - Updated: 2026-03-18 02:40Summary
Red Hat Security Advisory: flatpak security update
Severity
Important
Notes
Topic: An update for flatpak is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.
Security Fix(es):
* flatpak: sandbox escape via RequestBackground portal (CVE-2024-32462)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Flatpak, a system for building, distributing, and running sandboxed desktop applications on Linux. Normally, the "--command" argument of "flatpak run" expects being given a command to run in the specified Flatpak app, along with optional arguments. However, it is possible to pass bwrap arguments to "--command=" instead, such as "--bind". It is possible to pass an arbitrary "commandline" to the portal interface "org.freedesktop.portal.Background.RequestBackground" within the Flatpak app. This is normally safe because it can only specify a command that exists inside the sandbox. When a crafted "commandline" is converted into a "--command" and arguments, the app could achieve the same effect of passing arguments directly to bwrap to achieve sandbox escape.
8.4 (High)
Affected products
Fixed
94 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:flatpak-selinux-0:1.12.9-1.el9_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.MAIN.EUS:flatpak-selinux-0:1.12.9-1.el9_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for flatpak is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.\n\nSecurity Fix(es):\n\n* flatpak: sandbox escape via RequestBackground portal (CVE-2024-32462)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:3959",
"url": "https://access.redhat.com/errata/RHSA-2024:3959"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2275981",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275981"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3959.json"
}
],
"title": "Red Hat Security Advisory: flatpak security update",
"tracking": {
"current_release_date": "2026-03-18T02:40:23+00:00",
"generator": {
"date": "2026-03-18T02:40:23+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2024:3959",
"initial_release_date": "2024-06-17T16:24:07+00:00",
"revision_history": [
{
"date": "2024-06-17T16:24:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-06-17T16:24:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T02:40:23+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux CRB (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "flatpak-0:1.12.9-1.el9_4.src",
"product": {
"name": "flatpak-0:1.12.9-1.el9_4.src",
"product_id": "flatpak-0:1.12.9-1.el9_4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak@1.12.9-1.el9_4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "flatpak-0:1.12.9-1.el9_4.aarch64",
"product": {
"name": "flatpak-0:1.12.9-1.el9_4.aarch64",
"product_id": "flatpak-0:1.12.9-1.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak@1.12.9-1.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "flatpak-libs-0:1.12.9-1.el9_4.aarch64",
"product": {
"name": "flatpak-libs-0:1.12.9-1.el9_4.aarch64",
"product_id": "flatpak-libs-0:1.12.9-1.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-libs@1.12.9-1.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "flatpak-session-helper-0:1.12.9-1.el9_4.aarch64",
"product": {
"name": "flatpak-session-helper-0:1.12.9-1.el9_4.aarch64",
"product_id": "flatpak-session-helper-0:1.12.9-1.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-session-helper@1.12.9-1.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "flatpak-debugsource-0:1.12.9-1.el9_4.aarch64",
"product": {
"name": "flatpak-debugsource-0:1.12.9-1.el9_4.aarch64",
"product_id": "flatpak-debugsource-0:1.12.9-1.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-debugsource@1.12.9-1.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "flatpak-debuginfo-0:1.12.9-1.el9_4.aarch64",
"product": {
"name": "flatpak-debuginfo-0:1.12.9-1.el9_4.aarch64",
"product_id": "flatpak-debuginfo-0:1.12.9-1.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-debuginfo@1.12.9-1.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "flatpak-libs-debuginfo-0:1.12.9-1.el9_4.aarch64",
"product": {
"name": "flatpak-libs-debuginfo-0:1.12.9-1.el9_4.aarch64",
"product_id": "flatpak-libs-debuginfo-0:1.12.9-1.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-libs-debuginfo@1.12.9-1.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.aarch64",
"product": {
"name": "flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.aarch64",
"product_id": "flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-session-helper-debuginfo@1.12.9-1.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "flatpak-tests-debuginfo-0:1.12.9-1.el9_4.aarch64",
"product": {
"name": "flatpak-tests-debuginfo-0:1.12.9-1.el9_4.aarch64",
"product_id": "flatpak-tests-debuginfo-0:1.12.9-1.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-tests-debuginfo@1.12.9-1.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "flatpak-devel-0:1.12.9-1.el9_4.aarch64",
"product": {
"name": "flatpak-devel-0:1.12.9-1.el9_4.aarch64",
"product_id": "flatpak-devel-0:1.12.9-1.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-devel@1.12.9-1.el9_4?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "flatpak-0:1.12.9-1.el9_4.ppc64le",
"product": {
"name": "flatpak-0:1.12.9-1.el9_4.ppc64le",
"product_id": "flatpak-0:1.12.9-1.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak@1.12.9-1.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "flatpak-libs-0:1.12.9-1.el9_4.ppc64le",
"product": {
"name": "flatpak-libs-0:1.12.9-1.el9_4.ppc64le",
"product_id": "flatpak-libs-0:1.12.9-1.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-libs@1.12.9-1.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "flatpak-session-helper-0:1.12.9-1.el9_4.ppc64le",
"product": {
"name": "flatpak-session-helper-0:1.12.9-1.el9_4.ppc64le",
"product_id": "flatpak-session-helper-0:1.12.9-1.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-session-helper@1.12.9-1.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "flatpak-debugsource-0:1.12.9-1.el9_4.ppc64le",
"product": {
"name": "flatpak-debugsource-0:1.12.9-1.el9_4.ppc64le",
"product_id": "flatpak-debugsource-0:1.12.9-1.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-debugsource@1.12.9-1.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "flatpak-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"product": {
"name": "flatpak-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"product_id": "flatpak-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-debuginfo@1.12.9-1.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "flatpak-libs-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"product": {
"name": "flatpak-libs-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"product_id": "flatpak-libs-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-libs-debuginfo@1.12.9-1.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"product": {
"name": "flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"product_id": "flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-session-helper-debuginfo@1.12.9-1.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "flatpak-tests-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"product": {
"name": "flatpak-tests-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"product_id": "flatpak-tests-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-tests-debuginfo@1.12.9-1.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "flatpak-devel-0:1.12.9-1.el9_4.ppc64le",
"product": {
"name": "flatpak-devel-0:1.12.9-1.el9_4.ppc64le",
"product_id": "flatpak-devel-0:1.12.9-1.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-devel@1.12.9-1.el9_4?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "flatpak-0:1.12.9-1.el9_4.x86_64",
"product": {
"name": "flatpak-0:1.12.9-1.el9_4.x86_64",
"product_id": "flatpak-0:1.12.9-1.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak@1.12.9-1.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "flatpak-libs-0:1.12.9-1.el9_4.x86_64",
"product": {
"name": "flatpak-libs-0:1.12.9-1.el9_4.x86_64",
"product_id": "flatpak-libs-0:1.12.9-1.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-libs@1.12.9-1.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "flatpak-session-helper-0:1.12.9-1.el9_4.x86_64",
"product": {
"name": "flatpak-session-helper-0:1.12.9-1.el9_4.x86_64",
"product_id": "flatpak-session-helper-0:1.12.9-1.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-session-helper@1.12.9-1.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "flatpak-debugsource-0:1.12.9-1.el9_4.x86_64",
"product": {
"name": "flatpak-debugsource-0:1.12.9-1.el9_4.x86_64",
"product_id": "flatpak-debugsource-0:1.12.9-1.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-debugsource@1.12.9-1.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "flatpak-debuginfo-0:1.12.9-1.el9_4.x86_64",
"product": {
"name": "flatpak-debuginfo-0:1.12.9-1.el9_4.x86_64",
"product_id": "flatpak-debuginfo-0:1.12.9-1.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-debuginfo@1.12.9-1.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "flatpak-libs-debuginfo-0:1.12.9-1.el9_4.x86_64",
"product": {
"name": "flatpak-libs-debuginfo-0:1.12.9-1.el9_4.x86_64",
"product_id": "flatpak-libs-debuginfo-0:1.12.9-1.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-libs-debuginfo@1.12.9-1.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.x86_64",
"product": {
"name": "flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.x86_64",
"product_id": "flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-session-helper-debuginfo@1.12.9-1.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "flatpak-tests-debuginfo-0:1.12.9-1.el9_4.x86_64",
"product": {
"name": "flatpak-tests-debuginfo-0:1.12.9-1.el9_4.x86_64",
"product_id": "flatpak-tests-debuginfo-0:1.12.9-1.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-tests-debuginfo@1.12.9-1.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "flatpak-devel-0:1.12.9-1.el9_4.x86_64",
"product": {
"name": "flatpak-devel-0:1.12.9-1.el9_4.x86_64",
"product_id": "flatpak-devel-0:1.12.9-1.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-devel@1.12.9-1.el9_4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "flatpak-libs-0:1.12.9-1.el9_4.i686",
"product": {
"name": "flatpak-libs-0:1.12.9-1.el9_4.i686",
"product_id": "flatpak-libs-0:1.12.9-1.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-libs@1.12.9-1.el9_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "flatpak-debugsource-0:1.12.9-1.el9_4.i686",
"product": {
"name": "flatpak-debugsource-0:1.12.9-1.el9_4.i686",
"product_id": "flatpak-debugsource-0:1.12.9-1.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-debugsource@1.12.9-1.el9_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "flatpak-debuginfo-0:1.12.9-1.el9_4.i686",
"product": {
"name": "flatpak-debuginfo-0:1.12.9-1.el9_4.i686",
"product_id": "flatpak-debuginfo-0:1.12.9-1.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-debuginfo@1.12.9-1.el9_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "flatpak-libs-debuginfo-0:1.12.9-1.el9_4.i686",
"product": {
"name": "flatpak-libs-debuginfo-0:1.12.9-1.el9_4.i686",
"product_id": "flatpak-libs-debuginfo-0:1.12.9-1.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-libs-debuginfo@1.12.9-1.el9_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.i686",
"product": {
"name": "flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.i686",
"product_id": "flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-session-helper-debuginfo@1.12.9-1.el9_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "flatpak-tests-debuginfo-0:1.12.9-1.el9_4.i686",
"product": {
"name": "flatpak-tests-debuginfo-0:1.12.9-1.el9_4.i686",
"product_id": "flatpak-tests-debuginfo-0:1.12.9-1.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-tests-debuginfo@1.12.9-1.el9_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "flatpak-0:1.12.9-1.el9_4.i686",
"product": {
"name": "flatpak-0:1.12.9-1.el9_4.i686",
"product_id": "flatpak-0:1.12.9-1.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak@1.12.9-1.el9_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "flatpak-devel-0:1.12.9-1.el9_4.i686",
"product": {
"name": "flatpak-devel-0:1.12.9-1.el9_4.i686",
"product_id": "flatpak-devel-0:1.12.9-1.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-devel@1.12.9-1.el9_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "flatpak-session-helper-0:1.12.9-1.el9_4.i686",
"product": {
"name": "flatpak-session-helper-0:1.12.9-1.el9_4.i686",
"product_id": "flatpak-session-helper-0:1.12.9-1.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-session-helper@1.12.9-1.el9_4?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "flatpak-0:1.12.9-1.el9_4.s390x",
"product": {
"name": "flatpak-0:1.12.9-1.el9_4.s390x",
"product_id": "flatpak-0:1.12.9-1.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak@1.12.9-1.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "flatpak-libs-0:1.12.9-1.el9_4.s390x",
"product": {
"name": "flatpak-libs-0:1.12.9-1.el9_4.s390x",
"product_id": "flatpak-libs-0:1.12.9-1.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-libs@1.12.9-1.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "flatpak-session-helper-0:1.12.9-1.el9_4.s390x",
"product": {
"name": "flatpak-session-helper-0:1.12.9-1.el9_4.s390x",
"product_id": "flatpak-session-helper-0:1.12.9-1.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-session-helper@1.12.9-1.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "flatpak-debugsource-0:1.12.9-1.el9_4.s390x",
"product": {
"name": "flatpak-debugsource-0:1.12.9-1.el9_4.s390x",
"product_id": "flatpak-debugsource-0:1.12.9-1.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-debugsource@1.12.9-1.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "flatpak-debuginfo-0:1.12.9-1.el9_4.s390x",
"product": {
"name": "flatpak-debuginfo-0:1.12.9-1.el9_4.s390x",
"product_id": "flatpak-debuginfo-0:1.12.9-1.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-debuginfo@1.12.9-1.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "flatpak-libs-debuginfo-0:1.12.9-1.el9_4.s390x",
"product": {
"name": "flatpak-libs-debuginfo-0:1.12.9-1.el9_4.s390x",
"product_id": "flatpak-libs-debuginfo-0:1.12.9-1.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-libs-debuginfo@1.12.9-1.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.s390x",
"product": {
"name": "flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.s390x",
"product_id": "flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-session-helper-debuginfo@1.12.9-1.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "flatpak-tests-debuginfo-0:1.12.9-1.el9_4.s390x",
"product": {
"name": "flatpak-tests-debuginfo-0:1.12.9-1.el9_4.s390x",
"product_id": "flatpak-tests-debuginfo-0:1.12.9-1.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-tests-debuginfo@1.12.9-1.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "flatpak-devel-0:1.12.9-1.el9_4.s390x",
"product": {
"name": "flatpak-devel-0:1.12.9-1.el9_4.s390x",
"product_id": "flatpak-devel-0:1.12.9-1.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-devel@1.12.9-1.el9_4?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "flatpak-selinux-0:1.12.9-1.el9_4.noarch",
"product": {
"name": "flatpak-selinux-0:1.12.9-1.el9_4.noarch",
"product_id": "flatpak-selinux-0:1.12.9-1.el9_4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-selinux@1.12.9-1.el9_4?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-0:1.12.9-1.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.aarch64"
},
"product_reference": "flatpak-0:1.12.9-1.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-0:1.12.9-1.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.i686"
},
"product_reference": "flatpak-0:1.12.9-1.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-0:1.12.9-1.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.ppc64le"
},
"product_reference": "flatpak-0:1.12.9-1.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-0:1.12.9-1.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.s390x"
},
"product_reference": "flatpak-0:1.12.9-1.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-0:1.12.9-1.el9_4.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.src"
},
"product_reference": "flatpak-0:1.12.9-1.el9_4.src",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-0:1.12.9-1.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.x86_64"
},
"product_reference": "flatpak-0:1.12.9-1.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debuginfo-0:1.12.9-1.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.aarch64"
},
"product_reference": "flatpak-debuginfo-0:1.12.9-1.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debuginfo-0:1.12.9-1.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.i686"
},
"product_reference": "flatpak-debuginfo-0:1.12.9-1.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debuginfo-0:1.12.9-1.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.ppc64le"
},
"product_reference": "flatpak-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debuginfo-0:1.12.9-1.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.s390x"
},
"product_reference": "flatpak-debuginfo-0:1.12.9-1.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debuginfo-0:1.12.9-1.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.x86_64"
},
"product_reference": "flatpak-debuginfo-0:1.12.9-1.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debugsource-0:1.12.9-1.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.aarch64"
},
"product_reference": "flatpak-debugsource-0:1.12.9-1.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debugsource-0:1.12.9-1.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.i686"
},
"product_reference": "flatpak-debugsource-0:1.12.9-1.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debugsource-0:1.12.9-1.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.ppc64le"
},
"product_reference": "flatpak-debugsource-0:1.12.9-1.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debugsource-0:1.12.9-1.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.s390x"
},
"product_reference": "flatpak-debugsource-0:1.12.9-1.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debugsource-0:1.12.9-1.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.x86_64"
},
"product_reference": "flatpak-debugsource-0:1.12.9-1.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-0:1.12.9-1.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.aarch64"
},
"product_reference": "flatpak-devel-0:1.12.9-1.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-0:1.12.9-1.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.i686"
},
"product_reference": "flatpak-devel-0:1.12.9-1.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-0:1.12.9-1.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.ppc64le"
},
"product_reference": "flatpak-devel-0:1.12.9-1.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-0:1.12.9-1.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.s390x"
},
"product_reference": "flatpak-devel-0:1.12.9-1.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-0:1.12.9-1.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.x86_64"
},
"product_reference": "flatpak-devel-0:1.12.9-1.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-0:1.12.9-1.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.aarch64"
},
"product_reference": "flatpak-libs-0:1.12.9-1.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-0:1.12.9-1.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.i686"
},
"product_reference": "flatpak-libs-0:1.12.9-1.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-0:1.12.9-1.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.ppc64le"
},
"product_reference": "flatpak-libs-0:1.12.9-1.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-0:1.12.9-1.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.s390x"
},
"product_reference": "flatpak-libs-0:1.12.9-1.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-0:1.12.9-1.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.x86_64"
},
"product_reference": "flatpak-libs-0:1.12.9-1.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-debuginfo-0:1.12.9-1.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.aarch64"
},
"product_reference": "flatpak-libs-debuginfo-0:1.12.9-1.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-debuginfo-0:1.12.9-1.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.i686"
},
"product_reference": "flatpak-libs-debuginfo-0:1.12.9-1.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-debuginfo-0:1.12.9-1.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.ppc64le"
},
"product_reference": "flatpak-libs-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-debuginfo-0:1.12.9-1.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.s390x"
},
"product_reference": "flatpak-libs-debuginfo-0:1.12.9-1.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-debuginfo-0:1.12.9-1.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.x86_64"
},
"product_reference": "flatpak-libs-debuginfo-0:1.12.9-1.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-selinux-0:1.12.9-1.el9_4.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:flatpak-selinux-0:1.12.9-1.el9_4.noarch"
},
"product_reference": "flatpak-selinux-0:1.12.9-1.el9_4.noarch",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-0:1.12.9-1.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.aarch64"
},
"product_reference": "flatpak-session-helper-0:1.12.9-1.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-0:1.12.9-1.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.i686"
},
"product_reference": "flatpak-session-helper-0:1.12.9-1.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-0:1.12.9-1.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.ppc64le"
},
"product_reference": "flatpak-session-helper-0:1.12.9-1.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-0:1.12.9-1.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.s390x"
},
"product_reference": "flatpak-session-helper-0:1.12.9-1.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-0:1.12.9-1.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.x86_64"
},
"product_reference": "flatpak-session-helper-0:1.12.9-1.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.aarch64"
},
"product_reference": "flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.i686"
},
"product_reference": "flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.ppc64le"
},
"product_reference": "flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.s390x"
},
"product_reference": "flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.x86_64"
},
"product_reference": "flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-tests-debuginfo-0:1.12.9-1.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.aarch64"
},
"product_reference": "flatpak-tests-debuginfo-0:1.12.9-1.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-tests-debuginfo-0:1.12.9-1.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.i686"
},
"product_reference": "flatpak-tests-debuginfo-0:1.12.9-1.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-tests-debuginfo-0:1.12.9-1.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.ppc64le"
},
"product_reference": "flatpak-tests-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-tests-debuginfo-0:1.12.9-1.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.s390x"
},
"product_reference": "flatpak-tests-debuginfo-0:1.12.9-1.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-tests-debuginfo-0:1.12.9-1.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.x86_64"
},
"product_reference": "flatpak-tests-debuginfo-0:1.12.9-1.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-0:1.12.9-1.el9_4.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.aarch64"
},
"product_reference": "flatpak-0:1.12.9-1.el9_4.aarch64",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-0:1.12.9-1.el9_4.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.i686"
},
"product_reference": "flatpak-0:1.12.9-1.el9_4.i686",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-0:1.12.9-1.el9_4.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.ppc64le"
},
"product_reference": "flatpak-0:1.12.9-1.el9_4.ppc64le",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-0:1.12.9-1.el9_4.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.s390x"
},
"product_reference": "flatpak-0:1.12.9-1.el9_4.s390x",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-0:1.12.9-1.el9_4.src as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.src"
},
"product_reference": "flatpak-0:1.12.9-1.el9_4.src",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-0:1.12.9-1.el9_4.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.x86_64"
},
"product_reference": "flatpak-0:1.12.9-1.el9_4.x86_64",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debuginfo-0:1.12.9-1.el9_4.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.aarch64"
},
"product_reference": "flatpak-debuginfo-0:1.12.9-1.el9_4.aarch64",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debuginfo-0:1.12.9-1.el9_4.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.i686"
},
"product_reference": "flatpak-debuginfo-0:1.12.9-1.el9_4.i686",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debuginfo-0:1.12.9-1.el9_4.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.ppc64le"
},
"product_reference": "flatpak-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debuginfo-0:1.12.9-1.el9_4.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.s390x"
},
"product_reference": "flatpak-debuginfo-0:1.12.9-1.el9_4.s390x",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debuginfo-0:1.12.9-1.el9_4.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.x86_64"
},
"product_reference": "flatpak-debuginfo-0:1.12.9-1.el9_4.x86_64",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debugsource-0:1.12.9-1.el9_4.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.aarch64"
},
"product_reference": "flatpak-debugsource-0:1.12.9-1.el9_4.aarch64",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debugsource-0:1.12.9-1.el9_4.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.i686"
},
"product_reference": "flatpak-debugsource-0:1.12.9-1.el9_4.i686",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debugsource-0:1.12.9-1.el9_4.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.ppc64le"
},
"product_reference": "flatpak-debugsource-0:1.12.9-1.el9_4.ppc64le",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debugsource-0:1.12.9-1.el9_4.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.s390x"
},
"product_reference": "flatpak-debugsource-0:1.12.9-1.el9_4.s390x",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debugsource-0:1.12.9-1.el9_4.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.x86_64"
},
"product_reference": "flatpak-debugsource-0:1.12.9-1.el9_4.x86_64",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-0:1.12.9-1.el9_4.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.aarch64"
},
"product_reference": "flatpak-devel-0:1.12.9-1.el9_4.aarch64",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-0:1.12.9-1.el9_4.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.i686"
},
"product_reference": "flatpak-devel-0:1.12.9-1.el9_4.i686",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-0:1.12.9-1.el9_4.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.ppc64le"
},
"product_reference": "flatpak-devel-0:1.12.9-1.el9_4.ppc64le",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-0:1.12.9-1.el9_4.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.s390x"
},
"product_reference": "flatpak-devel-0:1.12.9-1.el9_4.s390x",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-0:1.12.9-1.el9_4.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.x86_64"
},
"product_reference": "flatpak-devel-0:1.12.9-1.el9_4.x86_64",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-0:1.12.9-1.el9_4.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.aarch64"
},
"product_reference": "flatpak-libs-0:1.12.9-1.el9_4.aarch64",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-0:1.12.9-1.el9_4.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.i686"
},
"product_reference": "flatpak-libs-0:1.12.9-1.el9_4.i686",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-0:1.12.9-1.el9_4.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.ppc64le"
},
"product_reference": "flatpak-libs-0:1.12.9-1.el9_4.ppc64le",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-0:1.12.9-1.el9_4.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.s390x"
},
"product_reference": "flatpak-libs-0:1.12.9-1.el9_4.s390x",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-0:1.12.9-1.el9_4.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.x86_64"
},
"product_reference": "flatpak-libs-0:1.12.9-1.el9_4.x86_64",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-debuginfo-0:1.12.9-1.el9_4.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.aarch64"
},
"product_reference": "flatpak-libs-debuginfo-0:1.12.9-1.el9_4.aarch64",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-debuginfo-0:1.12.9-1.el9_4.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.i686"
},
"product_reference": "flatpak-libs-debuginfo-0:1.12.9-1.el9_4.i686",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-debuginfo-0:1.12.9-1.el9_4.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.ppc64le"
},
"product_reference": "flatpak-libs-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-debuginfo-0:1.12.9-1.el9_4.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.s390x"
},
"product_reference": "flatpak-libs-debuginfo-0:1.12.9-1.el9_4.s390x",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-debuginfo-0:1.12.9-1.el9_4.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.x86_64"
},
"product_reference": "flatpak-libs-debuginfo-0:1.12.9-1.el9_4.x86_64",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-selinux-0:1.12.9-1.el9_4.noarch as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:flatpak-selinux-0:1.12.9-1.el9_4.noarch"
},
"product_reference": "flatpak-selinux-0:1.12.9-1.el9_4.noarch",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-0:1.12.9-1.el9_4.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.aarch64"
},
"product_reference": "flatpak-session-helper-0:1.12.9-1.el9_4.aarch64",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-0:1.12.9-1.el9_4.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.i686"
},
"product_reference": "flatpak-session-helper-0:1.12.9-1.el9_4.i686",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-0:1.12.9-1.el9_4.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.ppc64le"
},
"product_reference": "flatpak-session-helper-0:1.12.9-1.el9_4.ppc64le",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-0:1.12.9-1.el9_4.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.s390x"
},
"product_reference": "flatpak-session-helper-0:1.12.9-1.el9_4.s390x",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-0:1.12.9-1.el9_4.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.x86_64"
},
"product_reference": "flatpak-session-helper-0:1.12.9-1.el9_4.x86_64",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.aarch64"
},
"product_reference": "flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.aarch64",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.i686"
},
"product_reference": "flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.i686",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.ppc64le"
},
"product_reference": "flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.s390x"
},
"product_reference": "flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.s390x",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.x86_64"
},
"product_reference": "flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.x86_64",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-tests-debuginfo-0:1.12.9-1.el9_4.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.aarch64"
},
"product_reference": "flatpak-tests-debuginfo-0:1.12.9-1.el9_4.aarch64",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-tests-debuginfo-0:1.12.9-1.el9_4.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.i686"
},
"product_reference": "flatpak-tests-debuginfo-0:1.12.9-1.el9_4.i686",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-tests-debuginfo-0:1.12.9-1.el9_4.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.ppc64le"
},
"product_reference": "flatpak-tests-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-tests-debuginfo-0:1.12.9-1.el9_4.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.s390x"
},
"product_reference": "flatpak-tests-debuginfo-0:1.12.9-1.el9_4.s390x",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-tests-debuginfo-0:1.12.9-1.el9_4.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.x86_64"
},
"product_reference": "flatpak-tests-debuginfo-0:1.12.9-1.el9_4.x86_64",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-32462",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2024-04-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2275981"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Flatpak, a system for building, distributing, and running sandboxed desktop applications on Linux. Normally, the \"--command\" argument of \"flatpak run\" expects being given a command to run in the specified Flatpak app, along with optional arguments. However, it is possible to pass bwrap arguments to \"--command=\" instead, such as \"--bind\". It is possible to pass an arbitrary \"commandline\" to the portal interface \"org.freedesktop.portal.Background.RequestBackground\" within the Flatpak app. This is normally safe because it can only specify a command that exists inside the sandbox. When a crafted \"commandline\" is converted into a \"--command\" and arguments, the app could achieve the same effect of passing arguments directly to bwrap to achieve sandbox escape.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flatpak: sandbox escape via RequestBackground portal",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability poses an important security risk due to its potential for sandbox escape within Flatpak environments. Exploiting this vulnerability allows a malicious Flatpak application to execute arbitrary code outside of its designated sandbox, effectively bypassing the security measures intended to restrict its system access. By manipulating the --command argument and the org.freedesktop.portal.Background.RequestBackground portal interface, an attacker can craft commands that are misinterpreted as bwrap options, leading to unauthorized execution of commands with elevated privileges. This could result in unauthorized data access, system compromise, and potentially enable further exploitation of the host system.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-selinux-0:1.12.9-1.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.src",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-selinux-0:1.12.9-1.el9_4.noarch",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-32462"
},
{
"category": "external",
"summary": "RHBZ#2275981",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275981"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-32462",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32462"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-32462",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32462"
},
{
"category": "external",
"summary": "https://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj",
"url": "https://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj"
}
],
"release_date": "2024-04-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-17T16:24:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-selinux-0:1.12.9-1.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.src",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-selinux-0:1.12.9-1.el9_4.noarch",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3959"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-selinux-0:1.12.9-1.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.src",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-selinux-0:1.12.9-1.el9_4.noarch",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-selinux-0:1.12.9-1.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.src",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-0:1.12.9-1.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-debuginfo-0:1.12.9-1.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-debugsource-0:1.12.9-1.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-devel-0:1.12.9-1.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-0:1.12.9-1.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-libs-debuginfo-0:1.12.9-1.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-selinux-0:1.12.9-1.el9_4.noarch",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-0:1.12.9-1.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-session-helper-debuginfo-0:1.12.9-1.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:flatpak-tests-debuginfo-0:1.12.9-1.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "flatpak: sandbox escape via RequestBackground portal"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…