Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-32462 (GCVE-0-2024-32462)
Vulnerability from cvelistv5 – Published: 2024-04-18 18:11 – Updated: 2025-12-16 18:13- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
| URL | Tags |
|---|---|
| https://github.com/flatpak/flatpak/security/advis… | x_refsource_CONFIRM |
| https://github.com/flatpak/flatpak/commit/72016e3… | x_refsource_MISC |
| https://github.com/flatpak/flatpak/commit/81abe2a… | x_refsource_MISC |
| https://github.com/flatpak/flatpak/commit/b7c1a55… | x_refsource_MISC |
| https://github.com/flatpak/flatpak/commit/bbab7ed… | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… | |
| https://lists.fedoraproject.org/archives/list/pac… | |
| http://www.openwall.com/lists/oss-security/2024/04/18/5 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:flatpak:flatpak:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flatpak",
"vendor": "flatpak",
"versions": [
{
"lessThan": "1.15.8",
"status": "affected",
"version": "1.15.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32462",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-20T04:00:12.336436Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T18:13:22.363Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:13:39.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj"
},
{
"name": "https://github.com/flatpak/flatpak/commit/72016e3fce8fcbeab707daf4f1a02b931fcc004d",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/flatpak/flatpak/commit/72016e3fce8fcbeab707daf4f1a02b931fcc004d"
},
{
"name": "https://github.com/flatpak/flatpak/commit/81abe2a37d363f5099c3d0bdcd0caad6efc5bf97",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/flatpak/flatpak/commit/81abe2a37d363f5099c3d0bdcd0caad6efc5bf97"
},
{
"name": "https://github.com/flatpak/flatpak/commit/b7c1a558e58aaeb1d007d29529bbb270dc4ff11e",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/flatpak/flatpak/commit/b7c1a558e58aaeb1d007d29529bbb270dc4ff11e"
},
{
"name": "https://github.com/flatpak/flatpak/commit/bbab7ed1e672356d1a78b422462b210e8e875931",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/flatpak/flatpak/commit/bbab7ed1e672356d1a78b422462b210e8e875931"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFNSCFJVMAQK5AF55JBN7OSJP3CREDBD/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IB6VQAF5S2YOBULDHPUKPOEIKONOP5KO/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/18/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "flatpak",
"vendor": "flatpak",
"versions": [
{
"status": "affected",
"version": "\u003c 1.10.9"
},
{
"status": "affected",
"version": "\u003e= 1.12.0, \u003c 1.12.9"
},
{
"status": "affected",
"version": "\u003e= 1.14.0, \u003c 1.14.6"
},
{
"status": "affected",
"version": "\u003e= 1.15.0, \u003c 1.15.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument of `flatpak run` expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. However it is possible to instead pass `bwrap` arguments to `--command=`, such as `--bind`. It\u0027s possible to pass an arbitrary `commandline` to the portal interface `org.freedesktop.portal.Background.RequestBackground` from within a Flatpak app. When this is converted into a `--command` and arguments, it achieves the same effect of passing arguments directly to `bwrap`, and thus can be used for a sandbox escape. The solution is to pass the `--` argument to `bwrap`, which makes it stop processing options. This has been supported since bubblewrap 0.3.0. All supported versions of Flatpak require at least that version of bubblewrap. xdg-desktop-portal version 1.18.4 will mitigate this vulnerability by only allowing Flatpak apps to create .desktop files for commands that do not start with --. The vulnerability is patched in 1.15.8, 1.10.9, 1.12.9, and 1.14.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88: Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T18:07:39.466Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj"
},
{
"name": "https://github.com/flatpak/flatpak/commit/72016e3fce8fcbeab707daf4f1a02b931fcc004d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/flatpak/flatpak/commit/72016e3fce8fcbeab707daf4f1a02b931fcc004d"
},
{
"name": "https://github.com/flatpak/flatpak/commit/81abe2a37d363f5099c3d0bdcd0caad6efc5bf97",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/flatpak/flatpak/commit/81abe2a37d363f5099c3d0bdcd0caad6efc5bf97"
},
{
"name": "https://github.com/flatpak/flatpak/commit/b7c1a558e58aaeb1d007d29529bbb270dc4ff11e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/flatpak/flatpak/commit/b7c1a558e58aaeb1d007d29529bbb270dc4ff11e"
},
{
"name": "https://github.com/flatpak/flatpak/commit/bbab7ed1e672356d1a78b422462b210e8e875931",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/flatpak/flatpak/commit/bbab7ed1e672356d1a78b422462b210e8e875931"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFNSCFJVMAQK5AF55JBN7OSJP3CREDBD/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IB6VQAF5S2YOBULDHPUKPOEIKONOP5KO/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/04/18/5"
}
],
"source": {
"advisory": "GHSA-phv6-cpc2-2fgj",
"discovery": "UNKNOWN"
},
"title": "Flatpak vulnerable to a sandbox escape via RequestBackground portal due to bad argument parsing"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-32462",
"datePublished": "2024-04-18T18:11:27.680Z",
"dateReserved": "2024-04-12T19:41:51.164Z",
"dateUpdated": "2025-12-16T18:13:22.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-32462",
"date": "2026-07-15",
"epss": "0.00512",
"percentile": "0.40181"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-32462\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-04-18T18:15:09.313\",\"lastModified\":\"2026-06-17T07:29:40.607\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument of `flatpak run` expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. However it is possible to instead pass `bwrap` arguments to `--command=`, such as `--bind`. It\u0027s possible to pass an arbitrary `commandline` to the portal interface `org.freedesktop.portal.Background.RequestBackground` from within a Flatpak app. When this is converted into a `--command` and arguments, it achieves the same effect of passing arguments directly to `bwrap`, and thus can be used for a sandbox escape. The solution is to pass the `--` argument to `bwrap`, which makes it stop processing options. This has been supported since bubblewrap 0.3.0. All supported versions of Flatpak require at least that version of bubblewrap. xdg-desktop-portal version 1.18.4 will mitigate this vulnerability by only allowing Flatpak apps to create .desktop files for commands that do not start with --. The vulnerability is patched in 1.15.8, 1.10.9, 1.12.9, and 1.14.6.\"},{\"lang\":\"es\",\"value\":\"Flatpak es un sistema para crear, distribuir y ejecutar aplicaciones de escritorio en espacio aislado en Linux. en versiones anteriores a la 1.10.9, 1.12.9, 1.14.6 y 1.15.8, una aplicaci\u00f3n Flatpak maliciosa o comprometida podr\u00eda ejecutar c\u00f3digo arbitrario fuera de su zona de pruebas. Normalmente, el argumento `--command` de `flatpak run` espera recibir un comando para ejecutar en la aplicaci\u00f3n Flatpak especificada, opcionalmente junto con algunos argumentos. Sin embargo, es posible pasar argumentos `bwrap` a `--command=`, como `--bind`. Es posible pasar una \\\"l\u00ednea de comando\\\" arbitraria a la interfaz del portal \\\"org.freedesktop.portal.Background.RequestBackground\\\" desde una aplicaci\u00f3n Flatpak. Cuando esto se convierte en un `--command` y argumentos, logra el mismo efecto de pasar argumentos directamente a `bwrap` y, por lo tanto, puede usarse para un escape sandbox. La soluci\u00f3n es pasar el argumento `--` a `bwrap`, lo que hace que deje de procesar las opciones. Esto ha sido compatible desde bubblewrap 0.3.0. Todas las versiones compatibles de Flatpak requieren al menos esa versi\u00f3n de bubblewrap. xdg-desktop-portal versi\u00f3n 1.18.4 mitigar\u00e1 esta vulnerabilidad al permitir que las aplicaciones Flatpak solo creen archivos .desktop para comandos que no comiencen con --. La vulnerabilidad est\u00e1 parcheada en 1.15.8, 1.10.9, 1.12.9 y 1.14.6.\"}],\"affected\":[{\"source\":\"security-advisories@github.com\",\"affectedData\":[{\"vendor\":\"flatpak\",\"product\":\"flatpak\",\"versions\":[{\"version\":\"\u003c 1.10.9\",\"status\":\"affected\"},{\"version\":\"\u003e= 1.12.0, \u003c 1.12.9\",\"status\":\"affected\"},{\"version\":\"\u003e= 1.14.0, \u003c 1.14.6\",\"status\":\"affected\"},{\"version\":\"\u003e= 1.15.0, \u003c 1.15.8\",\"status\":\"affected\"}]}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"affectedData\":[{\"vendor\":\"flatpak\",\"product\":\"flatpak\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:flatpak:flatpak:*:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"1.15.0\",\"lessThan\":\"1.15.8\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N\",\"baseScore\":8.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.0,\"impactScore\":5.8}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2024-04-20T04:00:12.336436Z\",\"id\":\"CVE-2024-32462\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-88\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:flatpak:flatpak:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.10.9\",\"matchCriteriaId\":\"E60FCEB3-549B-4F83-8BF1-87B9AB1A4D91\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:flatpak:flatpak:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.12.0\",\"versionEndExcluding\":\"1.12.9\",\"matchCriteriaId\":\"B8FCD122-12F7-46AC-AFBA-45303E6F4761\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:flatpak:flatpak:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.14.0\",\"versionEndExcluding\":\"1.14.6\",\"matchCriteriaId\":\"E1CCDB8B-00D2-4C89-A148-DB50CC4A940A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:flatpak:flatpak:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.15.0\",\"versionEndExcluding\":\"1.15.8\",\"matchCriteriaId\":\"AC3F3728-D443-4387-B00E-A559883BBAF3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA277A6C-83EC-4536-9125-97B84C4FAF59\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2024/04/18/5\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/flatpak/flatpak/commit/72016e3fce8fcbeab707daf4f1a02b931fcc004d\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/flatpak/flatpak/commit/81abe2a37d363f5099c3d0bdcd0caad6efc5bf97\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/flatpak/flatpak/commit/b7c1a558e58aaeb1d007d29529bbb270dc4ff11e\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/flatpak/flatpak/commit/bbab7ed1e672356d1a78b422462b210e8e875931\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IB6VQAF5S2YOBULDHPUKPOEIKONOP5KO/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFNSCFJVMAQK5AF55JBN7OSJP3CREDBD/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/04/18/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/flatpak/flatpak/commit/72016e3fce8fcbeab707daf4f1a02b931fcc004d\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/flatpak/flatpak/commit/81abe2a37d363f5099c3d0bdcd0caad6efc5bf97\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/flatpak/flatpak/commit/b7c1a558e58aaeb1d007d29529bbb270dc4ff11e\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/flatpak/flatpak/commit/bbab7ed1e672356d1a78b422462b210e8e875931\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IB6VQAF5S2YOBULDHPUKPOEIKONOP5KO/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFNSCFJVMAQK5AF55JBN7OSJP3CREDBD/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]}]}}",
"redhat_vex": {
"aggregate_severity": "Important",
"current_release_date": "2025-11-21T14:44:32+00:00",
"cve": "CVE-2024-32462",
"id": "CVE-2024-32462",
"initial_release_date": "2024-04-18T00:00:00+00:00",
"product_status:fixed": "691",
"product_status:known_affected": "6",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "flatpak: sandbox escape via RequestBackground portal",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32462.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj\", \"name\": \"https://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/flatpak/flatpak/commit/72016e3fce8fcbeab707daf4f1a02b931fcc004d\", \"name\": \"https://github.com/flatpak/flatpak/commit/72016e3fce8fcbeab707daf4f1a02b931fcc004d\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/flatpak/flatpak/commit/81abe2a37d363f5099c3d0bdcd0caad6efc5bf97\", \"name\": \"https://github.com/flatpak/flatpak/commit/81abe2a37d363f5099c3d0bdcd0caad6efc5bf97\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/flatpak/flatpak/commit/b7c1a558e58aaeb1d007d29529bbb270dc4ff11e\", \"name\": \"https://github.com/flatpak/flatpak/commit/b7c1a558e58aaeb1d007d29529bbb270dc4ff11e\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/flatpak/flatpak/commit/bbab7ed1e672356d1a78b422462b210e8e875931\", \"name\": \"https://github.com/flatpak/flatpak/commit/bbab7ed1e672356d1a78b422462b210e8e875931\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFNSCFJVMAQK5AF55JBN7OSJP3CREDBD/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IB6VQAF5S2YOBULDHPUKPOEIKONOP5KO/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/04/18/5\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T02:13:39.161Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-32462\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-04-20T04:00:12.336436Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:flatpak:flatpak:*:*:*:*:*:*:*:*\"], \"vendor\": \"flatpak\", \"product\": \"flatpak\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.15.0\", \"lessThan\": \"1.15.8\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-04-24T14:11:16.557Z\"}}], \"cna\": {\"title\": \"Flatpak vulnerable to a sandbox escape via RequestBackground portal due to bad argument parsing\", \"source\": {\"advisory\": \"GHSA-phv6-cpc2-2fgj\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.4, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"flatpak\", \"product\": \"flatpak\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.10.9\"}, {\"status\": \"affected\", \"version\": \"\u003e= 1.12.0, \u003c 1.12.9\"}, {\"status\": \"affected\", \"version\": \"\u003e= 1.14.0, \u003c 1.14.6\"}, {\"status\": \"affected\", \"version\": \"\u003e= 1.15.0, \u003c 1.15.8\"}]}], \"references\": [{\"url\": \"https://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj\", \"name\": \"https://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/flatpak/flatpak/commit/72016e3fce8fcbeab707daf4f1a02b931fcc004d\", \"name\": \"https://github.com/flatpak/flatpak/commit/72016e3fce8fcbeab707daf4f1a02b931fcc004d\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/flatpak/flatpak/commit/81abe2a37d363f5099c3d0bdcd0caad6efc5bf97\", \"name\": \"https://github.com/flatpak/flatpak/commit/81abe2a37d363f5099c3d0bdcd0caad6efc5bf97\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/flatpak/flatpak/commit/b7c1a558e58aaeb1d007d29529bbb270dc4ff11e\", \"name\": \"https://github.com/flatpak/flatpak/commit/b7c1a558e58aaeb1d007d29529bbb270dc4ff11e\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/flatpak/flatpak/commit/bbab7ed1e672356d1a78b422462b210e8e875931\", \"name\": \"https://github.com/flatpak/flatpak/commit/bbab7ed1e672356d1a78b422462b210e8e875931\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFNSCFJVMAQK5AF55JBN7OSJP3CREDBD/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IB6VQAF5S2YOBULDHPUKPOEIKONOP5KO/\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/04/18/5\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument of `flatpak run` expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. However it is possible to instead pass `bwrap` arguments to `--command=`, such as `--bind`. It\u0027s possible to pass an arbitrary `commandline` to the portal interface `org.freedesktop.portal.Background.RequestBackground` from within a Flatpak app. When this is converted into a `--command` and arguments, it achieves the same effect of passing arguments directly to `bwrap`, and thus can be used for a sandbox escape. The solution is to pass the `--` argument to `bwrap`, which makes it stop processing options. This has been supported since bubblewrap 0.3.0. All supported versions of Flatpak require at least that version of bubblewrap. xdg-desktop-portal version 1.18.4 will mitigate this vulnerability by only allowing Flatpak apps to create .desktop files for commands that do not start with --. The vulnerability is patched in 1.15.8, 1.10.9, 1.12.9, and 1.14.6.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-88\", \"description\": \"CWE-88: Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-05-01T18:07:39.466Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-32462\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-16T18:13:22.363Z\", \"dateReserved\": \"2024-04-12T19:41:51.164Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-04-18T18:11:27.680Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
SUSE-SU-2024:1536-1
Vulnerability from csaf_suse - Published: 2024-05-06 12:56 - Updated: 2024-05-06 12:56| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-1.14.5-150500.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-1.14.5-150500.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-1.14.5-150500.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-1.14.5-150500.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-devel-1.14.5-150500.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-devel-1.14.5-150500.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-devel-1.14.5-150500.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-devel-1.14.5-150500.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-remote-flathub-1.14.5-150500.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-zsh-completion-1.14.5-150500.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libflatpak0-1.14.5-150500.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libflatpak0-1.14.5-150500.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libflatpak0-1.14.5-150500.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libflatpak0-1.14.5-150500.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:system-user-flatpak-1.14.5-150500.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:flatpak-1.14.5-150500.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:flatpak-1.14.5-150500.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:flatpak-1.14.5-150500.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:flatpak-1.14.5-150500.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:flatpak-devel-1.14.5-150500.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:flatpak-devel-1.14.5-150500.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:flatpak-devel-1.14.5-150500.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:flatpak-devel-1.14.5-150500.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:flatpak-remote-flathub-1.14.5-150500.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:flatpak-zsh-completion-1.14.5-150500.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:libflatpak0-1.14.5-150500.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:libflatpak0-1.14.5-150500.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:libflatpak0-1.14.5-150500.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:libflatpak0-1.14.5-150500.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:system-user-flatpak-1.14.5-150500.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for flatpak",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for flatpak fixes the following issues:\n\n- CVE-2024-32462: Fixed arbitrary code execution outside sandbox via malicious app due to insufficient \u0027command\u0027 argument sanitization (bsc#1223110)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-1536,SUSE-SLE-Module-Desktop-Applications-15-SP5-2024-1536,openSUSE-SLE-15.5-2024-1536",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1536-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:1536-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241536-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:1536-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-May/035176.html"
},
{
"category": "self",
"summary": "SUSE Bug 1223110",
"url": "https://bugzilla.suse.com/1223110"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-32462 page",
"url": "https://www.suse.com/security/cve/CVE-2024-32462/"
}
],
"title": "Security update for flatpak",
"tracking": {
"current_release_date": "2024-05-06T12:56:18Z",
"generator": {
"date": "2024-05-06T12:56:18Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:1536-1",
"initial_release_date": "2024-05-06T12:56:18Z",
"revision_history": [
{
"date": "2024-05-06T12:56:18Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "flatpak-1.14.5-150500.3.9.1.aarch64",
"product": {
"name": "flatpak-1.14.5-150500.3.9.1.aarch64",
"product_id": "flatpak-1.14.5-150500.3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "flatpak-devel-1.14.5-150500.3.9.1.aarch64",
"product": {
"name": "flatpak-devel-1.14.5-150500.3.9.1.aarch64",
"product_id": "flatpak-devel-1.14.5-150500.3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "libflatpak0-1.14.5-150500.3.9.1.aarch64",
"product": {
"name": "libflatpak0-1.14.5-150500.3.9.1.aarch64",
"product_id": "libflatpak0-1.14.5-150500.3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.aarch64",
"product": {
"name": "typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.aarch64",
"product_id": "typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "flatpak-1.14.5-150500.3.9.1.i586",
"product": {
"name": "flatpak-1.14.5-150500.3.9.1.i586",
"product_id": "flatpak-1.14.5-150500.3.9.1.i586"
}
},
{
"category": "product_version",
"name": "flatpak-devel-1.14.5-150500.3.9.1.i586",
"product": {
"name": "flatpak-devel-1.14.5-150500.3.9.1.i586",
"product_id": "flatpak-devel-1.14.5-150500.3.9.1.i586"
}
},
{
"category": "product_version",
"name": "libflatpak0-1.14.5-150500.3.9.1.i586",
"product": {
"name": "libflatpak0-1.14.5-150500.3.9.1.i586",
"product_id": "libflatpak0-1.14.5-150500.3.9.1.i586"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.i586",
"product": {
"name": "typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.i586",
"product_id": "typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "flatpak-remote-flathub-1.14.5-150500.3.9.1.noarch",
"product": {
"name": "flatpak-remote-flathub-1.14.5-150500.3.9.1.noarch",
"product_id": "flatpak-remote-flathub-1.14.5-150500.3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "flatpak-zsh-completion-1.14.5-150500.3.9.1.noarch",
"product": {
"name": "flatpak-zsh-completion-1.14.5-150500.3.9.1.noarch",
"product_id": "flatpak-zsh-completion-1.14.5-150500.3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "system-user-flatpak-1.14.5-150500.3.9.1.noarch",
"product": {
"name": "system-user-flatpak-1.14.5-150500.3.9.1.noarch",
"product_id": "system-user-flatpak-1.14.5-150500.3.9.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "flatpak-1.14.5-150500.3.9.1.ppc64le",
"product": {
"name": "flatpak-1.14.5-150500.3.9.1.ppc64le",
"product_id": "flatpak-1.14.5-150500.3.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "flatpak-devel-1.14.5-150500.3.9.1.ppc64le",
"product": {
"name": "flatpak-devel-1.14.5-150500.3.9.1.ppc64le",
"product_id": "flatpak-devel-1.14.5-150500.3.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libflatpak0-1.14.5-150500.3.9.1.ppc64le",
"product": {
"name": "libflatpak0-1.14.5-150500.3.9.1.ppc64le",
"product_id": "libflatpak0-1.14.5-150500.3.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.ppc64le",
"product": {
"name": "typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.ppc64le",
"product_id": "typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "flatpak-1.14.5-150500.3.9.1.s390x",
"product": {
"name": "flatpak-1.14.5-150500.3.9.1.s390x",
"product_id": "flatpak-1.14.5-150500.3.9.1.s390x"
}
},
{
"category": "product_version",
"name": "flatpak-devel-1.14.5-150500.3.9.1.s390x",
"product": {
"name": "flatpak-devel-1.14.5-150500.3.9.1.s390x",
"product_id": "flatpak-devel-1.14.5-150500.3.9.1.s390x"
}
},
{
"category": "product_version",
"name": "libflatpak0-1.14.5-150500.3.9.1.s390x",
"product": {
"name": "libflatpak0-1.14.5-150500.3.9.1.s390x",
"product_id": "libflatpak0-1.14.5-150500.3.9.1.s390x"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.s390x",
"product": {
"name": "typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.s390x",
"product_id": "typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "flatpak-1.14.5-150500.3.9.1.x86_64",
"product": {
"name": "flatpak-1.14.5-150500.3.9.1.x86_64",
"product_id": "flatpak-1.14.5-150500.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "flatpak-devel-1.14.5-150500.3.9.1.x86_64",
"product": {
"name": "flatpak-devel-1.14.5-150500.3.9.1.x86_64",
"product_id": "flatpak-devel-1.14.5-150500.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "libflatpak0-1.14.5-150500.3.9.1.x86_64",
"product": {
"name": "libflatpak0-1.14.5-150500.3.9.1.x86_64",
"product_id": "libflatpak0-1.14.5-150500.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.x86_64",
"product": {
"name": "typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.x86_64",
"product_id": "typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-desktop-applications:15:sp5"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-1.14.5-150500.3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-1.14.5-150500.3.9.1.aarch64"
},
"product_reference": "flatpak-1.14.5-150500.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-1.14.5-150500.3.9.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-1.14.5-150500.3.9.1.ppc64le"
},
"product_reference": "flatpak-1.14.5-150500.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-1.14.5-150500.3.9.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-1.14.5-150500.3.9.1.s390x"
},
"product_reference": "flatpak-1.14.5-150500.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-1.14.5-150500.3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-1.14.5-150500.3.9.1.x86_64"
},
"product_reference": "flatpak-1.14.5-150500.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-1.14.5-150500.3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-devel-1.14.5-150500.3.9.1.aarch64"
},
"product_reference": "flatpak-devel-1.14.5-150500.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-1.14.5-150500.3.9.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-devel-1.14.5-150500.3.9.1.ppc64le"
},
"product_reference": "flatpak-devel-1.14.5-150500.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-1.14.5-150500.3.9.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-devel-1.14.5-150500.3.9.1.s390x"
},
"product_reference": "flatpak-devel-1.14.5-150500.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-1.14.5-150500.3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-devel-1.14.5-150500.3.9.1.x86_64"
},
"product_reference": "flatpak-devel-1.14.5-150500.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-remote-flathub-1.14.5-150500.3.9.1.noarch as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-remote-flathub-1.14.5-150500.3.9.1.noarch"
},
"product_reference": "flatpak-remote-flathub-1.14.5-150500.3.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-zsh-completion-1.14.5-150500.3.9.1.noarch as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-zsh-completion-1.14.5-150500.3.9.1.noarch"
},
"product_reference": "flatpak-zsh-completion-1.14.5-150500.3.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libflatpak0-1.14.5-150500.3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libflatpak0-1.14.5-150500.3.9.1.aarch64"
},
"product_reference": "libflatpak0-1.14.5-150500.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libflatpak0-1.14.5-150500.3.9.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libflatpak0-1.14.5-150500.3.9.1.ppc64le"
},
"product_reference": "libflatpak0-1.14.5-150500.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libflatpak0-1.14.5-150500.3.9.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libflatpak0-1.14.5-150500.3.9.1.s390x"
},
"product_reference": "libflatpak0-1.14.5-150500.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libflatpak0-1.14.5-150500.3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libflatpak0-1.14.5-150500.3.9.1.x86_64"
},
"product_reference": "libflatpak0-1.14.5-150500.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-user-flatpak-1.14.5-150500.3.9.1.noarch as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5:system-user-flatpak-1.14.5-150500.3.9.1.noarch"
},
"product_reference": "system-user-flatpak-1.14.5-150500.3.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5:typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.aarch64"
},
"product_reference": "typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5:typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.ppc64le"
},
"product_reference": "typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5:typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.s390x"
},
"product_reference": "typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5:typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.x86_64"
},
"product_reference": "typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-1.14.5-150500.3.9.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:flatpak-1.14.5-150500.3.9.1.aarch64"
},
"product_reference": "flatpak-1.14.5-150500.3.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-1.14.5-150500.3.9.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:flatpak-1.14.5-150500.3.9.1.ppc64le"
},
"product_reference": "flatpak-1.14.5-150500.3.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-1.14.5-150500.3.9.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:flatpak-1.14.5-150500.3.9.1.s390x"
},
"product_reference": "flatpak-1.14.5-150500.3.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-1.14.5-150500.3.9.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:flatpak-1.14.5-150500.3.9.1.x86_64"
},
"product_reference": "flatpak-1.14.5-150500.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-1.14.5-150500.3.9.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:flatpak-devel-1.14.5-150500.3.9.1.aarch64"
},
"product_reference": "flatpak-devel-1.14.5-150500.3.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-1.14.5-150500.3.9.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:flatpak-devel-1.14.5-150500.3.9.1.ppc64le"
},
"product_reference": "flatpak-devel-1.14.5-150500.3.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-1.14.5-150500.3.9.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:flatpak-devel-1.14.5-150500.3.9.1.s390x"
},
"product_reference": "flatpak-devel-1.14.5-150500.3.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-1.14.5-150500.3.9.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:flatpak-devel-1.14.5-150500.3.9.1.x86_64"
},
"product_reference": "flatpak-devel-1.14.5-150500.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-remote-flathub-1.14.5-150500.3.9.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:flatpak-remote-flathub-1.14.5-150500.3.9.1.noarch"
},
"product_reference": "flatpak-remote-flathub-1.14.5-150500.3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-zsh-completion-1.14.5-150500.3.9.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:flatpak-zsh-completion-1.14.5-150500.3.9.1.noarch"
},
"product_reference": "flatpak-zsh-completion-1.14.5-150500.3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libflatpak0-1.14.5-150500.3.9.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libflatpak0-1.14.5-150500.3.9.1.aarch64"
},
"product_reference": "libflatpak0-1.14.5-150500.3.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libflatpak0-1.14.5-150500.3.9.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libflatpak0-1.14.5-150500.3.9.1.ppc64le"
},
"product_reference": "libflatpak0-1.14.5-150500.3.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libflatpak0-1.14.5-150500.3.9.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libflatpak0-1.14.5-150500.3.9.1.s390x"
},
"product_reference": "libflatpak0-1.14.5-150500.3.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libflatpak0-1.14.5-150500.3.9.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libflatpak0-1.14.5-150500.3.9.1.x86_64"
},
"product_reference": "libflatpak0-1.14.5-150500.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-user-flatpak-1.14.5-150500.3.9.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:system-user-flatpak-1.14.5-150500.3.9.1.noarch"
},
"product_reference": "system-user-flatpak-1.14.5-150500.3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.aarch64"
},
"product_reference": "typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.ppc64le"
},
"product_reference": "typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.s390x"
},
"product_reference": "typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.x86_64"
},
"product_reference": "typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-32462",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-32462"
}
],
"notes": [
{
"category": "general",
"text": "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument of `flatpak run` expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. However it is possible to instead pass `bwrap` arguments to `--command=`, such as `--bind`. It\u0027s possible to pass an arbitrary `commandline` to the portal interface `org.freedesktop.portal.Background.RequestBackground` from within a Flatpak app. When this is converted into a `--command` and arguments, it achieves the same effect of passing arguments directly to `bwrap`, and thus can be used for a sandbox escape. The solution is to pass the `--` argument to `bwrap`, which makes it stop processing options. This has been supported since bubblewrap 0.3.0. All supported versions of Flatpak require at least that version of bubblewrap. xdg-desktop-portal version 1.18.4 will mitigate this vulnerability by only allowing Flatpak apps to create .desktop files for commands that do not start with --. The vulnerability is patched in 1.15.8, 1.10.9, 1.12.9, and 1.14.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-1.14.5-150500.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-1.14.5-150500.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-1.14.5-150500.3.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-1.14.5-150500.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-devel-1.14.5-150500.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-devel-1.14.5-150500.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-devel-1.14.5-150500.3.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-devel-1.14.5-150500.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-remote-flathub-1.14.5-150500.3.9.1.noarch",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-zsh-completion-1.14.5-150500.3.9.1.noarch",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libflatpak0-1.14.5-150500.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libflatpak0-1.14.5-150500.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libflatpak0-1.14.5-150500.3.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libflatpak0-1.14.5-150500.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:system-user-flatpak-1.14.5-150500.3.9.1.noarch",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.x86_64",
"openSUSE Leap 15.5:flatpak-1.14.5-150500.3.9.1.aarch64",
"openSUSE Leap 15.5:flatpak-1.14.5-150500.3.9.1.ppc64le",
"openSUSE Leap 15.5:flatpak-1.14.5-150500.3.9.1.s390x",
"openSUSE Leap 15.5:flatpak-1.14.5-150500.3.9.1.x86_64",
"openSUSE Leap 15.5:flatpak-devel-1.14.5-150500.3.9.1.aarch64",
"openSUSE Leap 15.5:flatpak-devel-1.14.5-150500.3.9.1.ppc64le",
"openSUSE Leap 15.5:flatpak-devel-1.14.5-150500.3.9.1.s390x",
"openSUSE Leap 15.5:flatpak-devel-1.14.5-150500.3.9.1.x86_64",
"openSUSE Leap 15.5:flatpak-remote-flathub-1.14.5-150500.3.9.1.noarch",
"openSUSE Leap 15.5:flatpak-zsh-completion-1.14.5-150500.3.9.1.noarch",
"openSUSE Leap 15.5:libflatpak0-1.14.5-150500.3.9.1.aarch64",
"openSUSE Leap 15.5:libflatpak0-1.14.5-150500.3.9.1.ppc64le",
"openSUSE Leap 15.5:libflatpak0-1.14.5-150500.3.9.1.s390x",
"openSUSE Leap 15.5:libflatpak0-1.14.5-150500.3.9.1.x86_64",
"openSUSE Leap 15.5:system-user-flatpak-1.14.5-150500.3.9.1.noarch",
"openSUSE Leap 15.5:typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.aarch64",
"openSUSE Leap 15.5:typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.ppc64le",
"openSUSE Leap 15.5:typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.s390x",
"openSUSE Leap 15.5:typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-32462",
"url": "https://www.suse.com/security/cve/CVE-2024-32462"
},
{
"category": "external",
"summary": "SUSE Bug 1223110 for CVE-2024-32462",
"url": "https://bugzilla.suse.com/1223110"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-1.14.5-150500.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-1.14.5-150500.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-1.14.5-150500.3.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-1.14.5-150500.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-devel-1.14.5-150500.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-devel-1.14.5-150500.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-devel-1.14.5-150500.3.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-devel-1.14.5-150500.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-remote-flathub-1.14.5-150500.3.9.1.noarch",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-zsh-completion-1.14.5-150500.3.9.1.noarch",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libflatpak0-1.14.5-150500.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libflatpak0-1.14.5-150500.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libflatpak0-1.14.5-150500.3.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libflatpak0-1.14.5-150500.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:system-user-flatpak-1.14.5-150500.3.9.1.noarch",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.x86_64",
"openSUSE Leap 15.5:flatpak-1.14.5-150500.3.9.1.aarch64",
"openSUSE Leap 15.5:flatpak-1.14.5-150500.3.9.1.ppc64le",
"openSUSE Leap 15.5:flatpak-1.14.5-150500.3.9.1.s390x",
"openSUSE Leap 15.5:flatpak-1.14.5-150500.3.9.1.x86_64",
"openSUSE Leap 15.5:flatpak-devel-1.14.5-150500.3.9.1.aarch64",
"openSUSE Leap 15.5:flatpak-devel-1.14.5-150500.3.9.1.ppc64le",
"openSUSE Leap 15.5:flatpak-devel-1.14.5-150500.3.9.1.s390x",
"openSUSE Leap 15.5:flatpak-devel-1.14.5-150500.3.9.1.x86_64",
"openSUSE Leap 15.5:flatpak-remote-flathub-1.14.5-150500.3.9.1.noarch",
"openSUSE Leap 15.5:flatpak-zsh-completion-1.14.5-150500.3.9.1.noarch",
"openSUSE Leap 15.5:libflatpak0-1.14.5-150500.3.9.1.aarch64",
"openSUSE Leap 15.5:libflatpak0-1.14.5-150500.3.9.1.ppc64le",
"openSUSE Leap 15.5:libflatpak0-1.14.5-150500.3.9.1.s390x",
"openSUSE Leap 15.5:libflatpak0-1.14.5-150500.3.9.1.x86_64",
"openSUSE Leap 15.5:system-user-flatpak-1.14.5-150500.3.9.1.noarch",
"openSUSE Leap 15.5:typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.aarch64",
"openSUSE Leap 15.5:typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.ppc64le",
"openSUSE Leap 15.5:typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.s390x",
"openSUSE Leap 15.5:typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-1.14.5-150500.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-1.14.5-150500.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-1.14.5-150500.3.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-1.14.5-150500.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-devel-1.14.5-150500.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-devel-1.14.5-150500.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-devel-1.14.5-150500.3.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-devel-1.14.5-150500.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-remote-flathub-1.14.5-150500.3.9.1.noarch",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:flatpak-zsh-completion-1.14.5-150500.3.9.1.noarch",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libflatpak0-1.14.5-150500.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libflatpak0-1.14.5-150500.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libflatpak0-1.14.5-150500.3.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libflatpak0-1.14.5-150500.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:system-user-flatpak-1.14.5-150500.3.9.1.noarch",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.x86_64",
"openSUSE Leap 15.5:flatpak-1.14.5-150500.3.9.1.aarch64",
"openSUSE Leap 15.5:flatpak-1.14.5-150500.3.9.1.ppc64le",
"openSUSE Leap 15.5:flatpak-1.14.5-150500.3.9.1.s390x",
"openSUSE Leap 15.5:flatpak-1.14.5-150500.3.9.1.x86_64",
"openSUSE Leap 15.5:flatpak-devel-1.14.5-150500.3.9.1.aarch64",
"openSUSE Leap 15.5:flatpak-devel-1.14.5-150500.3.9.1.ppc64le",
"openSUSE Leap 15.5:flatpak-devel-1.14.5-150500.3.9.1.s390x",
"openSUSE Leap 15.5:flatpak-devel-1.14.5-150500.3.9.1.x86_64",
"openSUSE Leap 15.5:flatpak-remote-flathub-1.14.5-150500.3.9.1.noarch",
"openSUSE Leap 15.5:flatpak-zsh-completion-1.14.5-150500.3.9.1.noarch",
"openSUSE Leap 15.5:libflatpak0-1.14.5-150500.3.9.1.aarch64",
"openSUSE Leap 15.5:libflatpak0-1.14.5-150500.3.9.1.ppc64le",
"openSUSE Leap 15.5:libflatpak0-1.14.5-150500.3.9.1.s390x",
"openSUSE Leap 15.5:libflatpak0-1.14.5-150500.3.9.1.x86_64",
"openSUSE Leap 15.5:system-user-flatpak-1.14.5-150500.3.9.1.noarch",
"openSUSE Leap 15.5:typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.aarch64",
"openSUSE Leap 15.5:typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.ppc64le",
"openSUSE Leap 15.5:typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.s390x",
"openSUSE Leap 15.5:typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-06T12:56:18Z",
"details": "important"
}
],
"title": "CVE-2024-32462"
}
]
}
SUSE-SU-2024:1547-1
Vulnerability from csaf_suse - Published: 2024-05-07 14:05 - Updated: 2024-05-07 14:05| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:flatpak-1.10.8-150200.4.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:flatpak-1.10.8-150200.4.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:flatpak-devel-1.10.8-150200.4.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:flatpak-devel-1.10.8-150200.4.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:flatpak-zsh-completion-1.10.8-150200.4.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:libflatpak0-1.10.8-150200.4.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:libflatpak0-1.10.8-150200.4.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:system-user-flatpak-1.10.8-150200.4.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:system-user-flatpak-1.10.8-150200.4.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:flatpak-1.10.8-150200.4.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:flatpak-1.10.8-150200.4.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:flatpak-devel-1.10.8-150200.4.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:flatpak-devel-1.10.8-150200.4.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libflatpak0-1.10.8-150200.4.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libflatpak0-1.10.8-150200.4.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:flatpak-1.10.8-150200.4.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:flatpak-1.10.8-150200.4.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:flatpak-devel-1.10.8-150200.4.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:flatpak-devel-1.10.8-150200.4.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libflatpak0-1.10.8-150200.4.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libflatpak0-1.10.8-150200.4.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-1.10.8-150200.4.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-1.10.8-150200.4.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-1.10.8-150200.4.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-1.10.8-150200.4.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-devel-1.10.8-150200.4.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-devel-1.10.8-150200.4.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-devel-1.10.8-150200.4.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-devel-1.10.8-150200.4.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:libflatpak0-1.10.8-150200.4.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:libflatpak0-1.10.8-150200.4.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:libflatpak0-1.10.8-150200.4.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:libflatpak0-1.10.8-150200.4.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-1.10.8-150200.4.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-1.10.8-150200.4.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-1.10.8-150200.4.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-1.10.8-150200.4.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-devel-1.10.8-150200.4.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-devel-1.10.8-150200.4.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-devel-1.10.8-150200.4.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-devel-1.10.8-150200.4.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:libflatpak0-1.10.8-150200.4.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:libflatpak0-1.10.8-150200.4.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:libflatpak0-1.10.8-150200.4.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:libflatpak0-1.10.8-150200.4.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:flatpak-1.10.8-150200.4.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:flatpak-1.10.8-150200.4.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:flatpak-devel-1.10.8-150200.4.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:flatpak-devel-1.10.8-150200.4.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:flatpak-zsh-completion-1.10.8-150200.4.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:libflatpak0-1.10.8-150200.4.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:libflatpak0-1.10.8-150200.4.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:system-user-flatpak-1.10.8-150200.4.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:system-user-flatpak-1.10.8-150200.4.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:flatpak-1.10.8-150200.4.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:flatpak-1.10.8-150200.4.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:flatpak-devel-1.10.8-150200.4.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:flatpak-devel-1.10.8-150200.4.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:flatpak-zsh-completion-1.10.8-150200.4.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:libflatpak0-1.10.8-150200.4.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:libflatpak0-1.10.8-150200.4.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:system-user-flatpak-1.10.8-150200.4.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:system-user-flatpak-1.10.8-150200.4.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for flatpak",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for flatpak fixes the following issues:\n \n- CVE-2024-32462: Fixed arbitrary code execution outside sandbox via malicious app due to insufficient \u0027command\u0027 argument sanitization (bsc#1223110) \n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-1547,SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-1547,SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-1547,SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-1547,SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-1547,SUSE-SLE-Product-SLES_SAP-15-SP2-2024-1547,SUSE-SLE-Product-SLES_SAP-15-SP3-2024-1547,SUSE-Storage-7.1-2024-1547",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1547-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:1547-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241547-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:1547-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-May/035191.html"
},
{
"category": "self",
"summary": "SUSE Bug 1223110",
"url": "https://bugzilla.suse.com/1223110"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-32462 page",
"url": "https://www.suse.com/security/cve/CVE-2024-32462/"
}
],
"title": "Security update for flatpak",
"tracking": {
"current_release_date": "2024-05-07T14:05:44Z",
"generator": {
"date": "2024-05-07T14:05:44Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:1547-1",
"initial_release_date": "2024-05-07T14:05:44Z",
"revision_history": [
{
"date": "2024-05-07T14:05:44Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "flatpak-1.10.8-150200.4.18.1.aarch64",
"product": {
"name": "flatpak-1.10.8-150200.4.18.1.aarch64",
"product_id": "flatpak-1.10.8-150200.4.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "flatpak-devel-1.10.8-150200.4.18.1.aarch64",
"product": {
"name": "flatpak-devel-1.10.8-150200.4.18.1.aarch64",
"product_id": "flatpak-devel-1.10.8-150200.4.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "flatpak-zsh-completion-1.10.8-150200.4.18.1.aarch64",
"product": {
"name": "flatpak-zsh-completion-1.10.8-150200.4.18.1.aarch64",
"product_id": "flatpak-zsh-completion-1.10.8-150200.4.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "libflatpak0-1.10.8-150200.4.18.1.aarch64",
"product": {
"name": "libflatpak0-1.10.8-150200.4.18.1.aarch64",
"product_id": "libflatpak0-1.10.8-150200.4.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "system-user-flatpak-1.10.8-150200.4.18.1.aarch64",
"product": {
"name": "system-user-flatpak-1.10.8-150200.4.18.1.aarch64",
"product_id": "system-user-flatpak-1.10.8-150200.4.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.aarch64",
"product": {
"name": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.aarch64",
"product_id": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "flatpak-1.10.8-150200.4.18.1.i586",
"product": {
"name": "flatpak-1.10.8-150200.4.18.1.i586",
"product_id": "flatpak-1.10.8-150200.4.18.1.i586"
}
},
{
"category": "product_version",
"name": "flatpak-devel-1.10.8-150200.4.18.1.i586",
"product": {
"name": "flatpak-devel-1.10.8-150200.4.18.1.i586",
"product_id": "flatpak-devel-1.10.8-150200.4.18.1.i586"
}
},
{
"category": "product_version",
"name": "flatpak-zsh-completion-1.10.8-150200.4.18.1.i586",
"product": {
"name": "flatpak-zsh-completion-1.10.8-150200.4.18.1.i586",
"product_id": "flatpak-zsh-completion-1.10.8-150200.4.18.1.i586"
}
},
{
"category": "product_version",
"name": "libflatpak0-1.10.8-150200.4.18.1.i586",
"product": {
"name": "libflatpak0-1.10.8-150200.4.18.1.i586",
"product_id": "libflatpak0-1.10.8-150200.4.18.1.i586"
}
},
{
"category": "product_version",
"name": "system-user-flatpak-1.10.8-150200.4.18.1.i586",
"product": {
"name": "system-user-flatpak-1.10.8-150200.4.18.1.i586",
"product_id": "system-user-flatpak-1.10.8-150200.4.18.1.i586"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.i586",
"product": {
"name": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.i586",
"product_id": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "flatpak-1.10.8-150200.4.18.1.ppc64le",
"product": {
"name": "flatpak-1.10.8-150200.4.18.1.ppc64le",
"product_id": "flatpak-1.10.8-150200.4.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "flatpak-devel-1.10.8-150200.4.18.1.ppc64le",
"product": {
"name": "flatpak-devel-1.10.8-150200.4.18.1.ppc64le",
"product_id": "flatpak-devel-1.10.8-150200.4.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "flatpak-zsh-completion-1.10.8-150200.4.18.1.ppc64le",
"product": {
"name": "flatpak-zsh-completion-1.10.8-150200.4.18.1.ppc64le",
"product_id": "flatpak-zsh-completion-1.10.8-150200.4.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libflatpak0-1.10.8-150200.4.18.1.ppc64le",
"product": {
"name": "libflatpak0-1.10.8-150200.4.18.1.ppc64le",
"product_id": "libflatpak0-1.10.8-150200.4.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "system-user-flatpak-1.10.8-150200.4.18.1.ppc64le",
"product": {
"name": "system-user-flatpak-1.10.8-150200.4.18.1.ppc64le",
"product_id": "system-user-flatpak-1.10.8-150200.4.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.ppc64le",
"product": {
"name": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.ppc64le",
"product_id": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "flatpak-1.10.8-150200.4.18.1.s390x",
"product": {
"name": "flatpak-1.10.8-150200.4.18.1.s390x",
"product_id": "flatpak-1.10.8-150200.4.18.1.s390x"
}
},
{
"category": "product_version",
"name": "flatpak-devel-1.10.8-150200.4.18.1.s390x",
"product": {
"name": "flatpak-devel-1.10.8-150200.4.18.1.s390x",
"product_id": "flatpak-devel-1.10.8-150200.4.18.1.s390x"
}
},
{
"category": "product_version",
"name": "flatpak-zsh-completion-1.10.8-150200.4.18.1.s390x",
"product": {
"name": "flatpak-zsh-completion-1.10.8-150200.4.18.1.s390x",
"product_id": "flatpak-zsh-completion-1.10.8-150200.4.18.1.s390x"
}
},
{
"category": "product_version",
"name": "libflatpak0-1.10.8-150200.4.18.1.s390x",
"product": {
"name": "libflatpak0-1.10.8-150200.4.18.1.s390x",
"product_id": "libflatpak0-1.10.8-150200.4.18.1.s390x"
}
},
{
"category": "product_version",
"name": "system-user-flatpak-1.10.8-150200.4.18.1.s390x",
"product": {
"name": "system-user-flatpak-1.10.8-150200.4.18.1.s390x",
"product_id": "system-user-flatpak-1.10.8-150200.4.18.1.s390x"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.s390x",
"product": {
"name": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.s390x",
"product_id": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "flatpak-1.10.8-150200.4.18.1.x86_64",
"product": {
"name": "flatpak-1.10.8-150200.4.18.1.x86_64",
"product_id": "flatpak-1.10.8-150200.4.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "flatpak-devel-1.10.8-150200.4.18.1.x86_64",
"product": {
"name": "flatpak-devel-1.10.8-150200.4.18.1.x86_64",
"product_id": "flatpak-devel-1.10.8-150200.4.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64",
"product": {
"name": "flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64",
"product_id": "flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "libflatpak0-1.10.8-150200.4.18.1.x86_64",
"product": {
"name": "libflatpak0-1.10.8-150200.4.18.1.x86_64",
"product_id": "libflatpak0-1.10.8-150200.4.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "system-user-flatpak-1.10.8-150200.4.18.1.x86_64",
"product": {
"name": "system-user-flatpak-1.10.8-150200.4.18.1.x86_64",
"product_id": "system-user-flatpak-1.10.8-150200.4.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64",
"product": {
"name": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64",
"product_id": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-1.10.8-150200.4.18.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:flatpak-1.10.8-150200.4.18.1.aarch64"
},
"product_reference": "flatpak-1.10.8-150200.4.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-1.10.8-150200.4.18.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:flatpak-1.10.8-150200.4.18.1.x86_64"
},
"product_reference": "flatpak-1.10.8-150200.4.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-1.10.8-150200.4.18.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:flatpak-devel-1.10.8-150200.4.18.1.aarch64"
},
"product_reference": "flatpak-devel-1.10.8-150200.4.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-1.10.8-150200.4.18.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:flatpak-devel-1.10.8-150200.4.18.1.x86_64"
},
"product_reference": "flatpak-devel-1.10.8-150200.4.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-zsh-completion-1.10.8-150200.4.18.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.aarch64"
},
"product_reference": "flatpak-zsh-completion-1.10.8-150200.4.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64"
},
"product_reference": "flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libflatpak0-1.10.8-150200.4.18.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libflatpak0-1.10.8-150200.4.18.1.aarch64"
},
"product_reference": "libflatpak0-1.10.8-150200.4.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libflatpak0-1.10.8-150200.4.18.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libflatpak0-1.10.8-150200.4.18.1.x86_64"
},
"product_reference": "libflatpak0-1.10.8-150200.4.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-user-flatpak-1.10.8-150200.4.18.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.aarch64"
},
"product_reference": "system-user-flatpak-1.10.8-150200.4.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-user-flatpak-1.10.8-150200.4.18.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.x86_64"
},
"product_reference": "system-user-flatpak-1.10.8-150200.4.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.aarch64"
},
"product_reference": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64"
},
"product_reference": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-1.10.8-150200.4.18.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:flatpak-1.10.8-150200.4.18.1.aarch64"
},
"product_reference": "flatpak-1.10.8-150200.4.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-1.10.8-150200.4.18.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:flatpak-1.10.8-150200.4.18.1.x86_64"
},
"product_reference": "flatpak-1.10.8-150200.4.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-1.10.8-150200.4.18.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:flatpak-devel-1.10.8-150200.4.18.1.aarch64"
},
"product_reference": "flatpak-devel-1.10.8-150200.4.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-1.10.8-150200.4.18.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:flatpak-devel-1.10.8-150200.4.18.1.x86_64"
},
"product_reference": "flatpak-devel-1.10.8-150200.4.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-zsh-completion-1.10.8-150200.4.18.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.aarch64"
},
"product_reference": "flatpak-zsh-completion-1.10.8-150200.4.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64"
},
"product_reference": "flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libflatpak0-1.10.8-150200.4.18.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libflatpak0-1.10.8-150200.4.18.1.aarch64"
},
"product_reference": "libflatpak0-1.10.8-150200.4.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libflatpak0-1.10.8-150200.4.18.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libflatpak0-1.10.8-150200.4.18.1.x86_64"
},
"product_reference": "libflatpak0-1.10.8-150200.4.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-user-flatpak-1.10.8-150200.4.18.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.aarch64"
},
"product_reference": "system-user-flatpak-1.10.8-150200.4.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-user-flatpak-1.10.8-150200.4.18.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.x86_64"
},
"product_reference": "system-user-flatpak-1.10.8-150200.4.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.aarch64"
},
"product_reference": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64"
},
"product_reference": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-1.10.8-150200.4.18.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-1.10.8-150200.4.18.1.aarch64"
},
"product_reference": "flatpak-1.10.8-150200.4.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-1.10.8-150200.4.18.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-1.10.8-150200.4.18.1.ppc64le"
},
"product_reference": "flatpak-1.10.8-150200.4.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-1.10.8-150200.4.18.1.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-1.10.8-150200.4.18.1.s390x"
},
"product_reference": "flatpak-1.10.8-150200.4.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-1.10.8-150200.4.18.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-1.10.8-150200.4.18.1.x86_64"
},
"product_reference": "flatpak-1.10.8-150200.4.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-1.10.8-150200.4.18.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-devel-1.10.8-150200.4.18.1.aarch64"
},
"product_reference": "flatpak-devel-1.10.8-150200.4.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-1.10.8-150200.4.18.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-devel-1.10.8-150200.4.18.1.ppc64le"
},
"product_reference": "flatpak-devel-1.10.8-150200.4.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-1.10.8-150200.4.18.1.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-devel-1.10.8-150200.4.18.1.s390x"
},
"product_reference": "flatpak-devel-1.10.8-150200.4.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-1.10.8-150200.4.18.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-devel-1.10.8-150200.4.18.1.x86_64"
},
"product_reference": "flatpak-devel-1.10.8-150200.4.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-zsh-completion-1.10.8-150200.4.18.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.aarch64"
},
"product_reference": "flatpak-zsh-completion-1.10.8-150200.4.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-zsh-completion-1.10.8-150200.4.18.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.ppc64le"
},
"product_reference": "flatpak-zsh-completion-1.10.8-150200.4.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-zsh-completion-1.10.8-150200.4.18.1.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.s390x"
},
"product_reference": "flatpak-zsh-completion-1.10.8-150200.4.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64"
},
"product_reference": "flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libflatpak0-1.10.8-150200.4.18.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:libflatpak0-1.10.8-150200.4.18.1.aarch64"
},
"product_reference": "libflatpak0-1.10.8-150200.4.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libflatpak0-1.10.8-150200.4.18.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:libflatpak0-1.10.8-150200.4.18.1.ppc64le"
},
"product_reference": "libflatpak0-1.10.8-150200.4.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libflatpak0-1.10.8-150200.4.18.1.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:libflatpak0-1.10.8-150200.4.18.1.s390x"
},
"product_reference": "libflatpak0-1.10.8-150200.4.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libflatpak0-1.10.8-150200.4.18.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:libflatpak0-1.10.8-150200.4.18.1.x86_64"
},
"product_reference": "libflatpak0-1.10.8-150200.4.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-user-flatpak-1.10.8-150200.4.18.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.aarch64"
},
"product_reference": "system-user-flatpak-1.10.8-150200.4.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-user-flatpak-1.10.8-150200.4.18.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.ppc64le"
},
"product_reference": "system-user-flatpak-1.10.8-150200.4.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-user-flatpak-1.10.8-150200.4.18.1.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.s390x"
},
"product_reference": "system-user-flatpak-1.10.8-150200.4.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-user-flatpak-1.10.8-150200.4.18.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.x86_64"
},
"product_reference": "system-user-flatpak-1.10.8-150200.4.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.aarch64"
},
"product_reference": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.ppc64le"
},
"product_reference": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.s390x"
},
"product_reference": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64"
},
"product_reference": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-1.10.8-150200.4.18.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-1.10.8-150200.4.18.1.aarch64"
},
"product_reference": "flatpak-1.10.8-150200.4.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-1.10.8-150200.4.18.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-1.10.8-150200.4.18.1.ppc64le"
},
"product_reference": "flatpak-1.10.8-150200.4.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-1.10.8-150200.4.18.1.s390x as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-1.10.8-150200.4.18.1.s390x"
},
"product_reference": "flatpak-1.10.8-150200.4.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-1.10.8-150200.4.18.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-1.10.8-150200.4.18.1.x86_64"
},
"product_reference": "flatpak-1.10.8-150200.4.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-1.10.8-150200.4.18.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-devel-1.10.8-150200.4.18.1.aarch64"
},
"product_reference": "flatpak-devel-1.10.8-150200.4.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-1.10.8-150200.4.18.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-devel-1.10.8-150200.4.18.1.ppc64le"
},
"product_reference": "flatpak-devel-1.10.8-150200.4.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-1.10.8-150200.4.18.1.s390x as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-devel-1.10.8-150200.4.18.1.s390x"
},
"product_reference": "flatpak-devel-1.10.8-150200.4.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-1.10.8-150200.4.18.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-devel-1.10.8-150200.4.18.1.x86_64"
},
"product_reference": "flatpak-devel-1.10.8-150200.4.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-zsh-completion-1.10.8-150200.4.18.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.aarch64"
},
"product_reference": "flatpak-zsh-completion-1.10.8-150200.4.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-zsh-completion-1.10.8-150200.4.18.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.ppc64le"
},
"product_reference": "flatpak-zsh-completion-1.10.8-150200.4.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-zsh-completion-1.10.8-150200.4.18.1.s390x as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.s390x"
},
"product_reference": "flatpak-zsh-completion-1.10.8-150200.4.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64"
},
"product_reference": "flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libflatpak0-1.10.8-150200.4.18.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libflatpak0-1.10.8-150200.4.18.1.aarch64"
},
"product_reference": "libflatpak0-1.10.8-150200.4.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libflatpak0-1.10.8-150200.4.18.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libflatpak0-1.10.8-150200.4.18.1.ppc64le"
},
"product_reference": "libflatpak0-1.10.8-150200.4.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libflatpak0-1.10.8-150200.4.18.1.s390x as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libflatpak0-1.10.8-150200.4.18.1.s390x"
},
"product_reference": "libflatpak0-1.10.8-150200.4.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libflatpak0-1.10.8-150200.4.18.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libflatpak0-1.10.8-150200.4.18.1.x86_64"
},
"product_reference": "libflatpak0-1.10.8-150200.4.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-user-flatpak-1.10.8-150200.4.18.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.aarch64"
},
"product_reference": "system-user-flatpak-1.10.8-150200.4.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-user-flatpak-1.10.8-150200.4.18.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.ppc64le"
},
"product_reference": "system-user-flatpak-1.10.8-150200.4.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-user-flatpak-1.10.8-150200.4.18.1.s390x as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.s390x"
},
"product_reference": "system-user-flatpak-1.10.8-150200.4.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-user-flatpak-1.10.8-150200.4.18.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.x86_64"
},
"product_reference": "system-user-flatpak-1.10.8-150200.4.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.aarch64"
},
"product_reference": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.ppc64le"
},
"product_reference": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.s390x as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.s390x"
},
"product_reference": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64"
},
"product_reference": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-1.10.8-150200.4.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:flatpak-1.10.8-150200.4.18.1.ppc64le"
},
"product_reference": "flatpak-1.10.8-150200.4.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-1.10.8-150200.4.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:flatpak-1.10.8-150200.4.18.1.x86_64"
},
"product_reference": "flatpak-1.10.8-150200.4.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-1.10.8-150200.4.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:flatpak-devel-1.10.8-150200.4.18.1.ppc64le"
},
"product_reference": "flatpak-devel-1.10.8-150200.4.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-1.10.8-150200.4.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:flatpak-devel-1.10.8-150200.4.18.1.x86_64"
},
"product_reference": "flatpak-devel-1.10.8-150200.4.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-zsh-completion-1.10.8-150200.4.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:flatpak-zsh-completion-1.10.8-150200.4.18.1.ppc64le"
},
"product_reference": "flatpak-zsh-completion-1.10.8-150200.4.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64"
},
"product_reference": "flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libflatpak0-1.10.8-150200.4.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:libflatpak0-1.10.8-150200.4.18.1.ppc64le"
},
"product_reference": "libflatpak0-1.10.8-150200.4.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libflatpak0-1.10.8-150200.4.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:libflatpak0-1.10.8-150200.4.18.1.x86_64"
},
"product_reference": "libflatpak0-1.10.8-150200.4.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-user-flatpak-1.10.8-150200.4.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:system-user-flatpak-1.10.8-150200.4.18.1.ppc64le"
},
"product_reference": "system-user-flatpak-1.10.8-150200.4.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-user-flatpak-1.10.8-150200.4.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:system-user-flatpak-1.10.8-150200.4.18.1.x86_64"
},
"product_reference": "system-user-flatpak-1.10.8-150200.4.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.ppc64le"
},
"product_reference": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64"
},
"product_reference": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-1.10.8-150200.4.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:flatpak-1.10.8-150200.4.18.1.ppc64le"
},
"product_reference": "flatpak-1.10.8-150200.4.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-1.10.8-150200.4.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:flatpak-1.10.8-150200.4.18.1.x86_64"
},
"product_reference": "flatpak-1.10.8-150200.4.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-1.10.8-150200.4.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:flatpak-devel-1.10.8-150200.4.18.1.ppc64le"
},
"product_reference": "flatpak-devel-1.10.8-150200.4.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-1.10.8-150200.4.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:flatpak-devel-1.10.8-150200.4.18.1.x86_64"
},
"product_reference": "flatpak-devel-1.10.8-150200.4.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-zsh-completion-1.10.8-150200.4.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:flatpak-zsh-completion-1.10.8-150200.4.18.1.ppc64le"
},
"product_reference": "flatpak-zsh-completion-1.10.8-150200.4.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64"
},
"product_reference": "flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libflatpak0-1.10.8-150200.4.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:libflatpak0-1.10.8-150200.4.18.1.ppc64le"
},
"product_reference": "libflatpak0-1.10.8-150200.4.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libflatpak0-1.10.8-150200.4.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:libflatpak0-1.10.8-150200.4.18.1.x86_64"
},
"product_reference": "libflatpak0-1.10.8-150200.4.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-user-flatpak-1.10.8-150200.4.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:system-user-flatpak-1.10.8-150200.4.18.1.ppc64le"
},
"product_reference": "system-user-flatpak-1.10.8-150200.4.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-user-flatpak-1.10.8-150200.4.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:system-user-flatpak-1.10.8-150200.4.18.1.x86_64"
},
"product_reference": "system-user-flatpak-1.10.8-150200.4.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.ppc64le"
},
"product_reference": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64"
},
"product_reference": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-1.10.8-150200.4.18.1.aarch64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:flatpak-1.10.8-150200.4.18.1.aarch64"
},
"product_reference": "flatpak-1.10.8-150200.4.18.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-1.10.8-150200.4.18.1.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:flatpak-1.10.8-150200.4.18.1.x86_64"
},
"product_reference": "flatpak-1.10.8-150200.4.18.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-1.10.8-150200.4.18.1.aarch64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:flatpak-devel-1.10.8-150200.4.18.1.aarch64"
},
"product_reference": "flatpak-devel-1.10.8-150200.4.18.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-1.10.8-150200.4.18.1.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:flatpak-devel-1.10.8-150200.4.18.1.x86_64"
},
"product_reference": "flatpak-devel-1.10.8-150200.4.18.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-zsh-completion-1.10.8-150200.4.18.1.aarch64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:flatpak-zsh-completion-1.10.8-150200.4.18.1.aarch64"
},
"product_reference": "flatpak-zsh-completion-1.10.8-150200.4.18.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64"
},
"product_reference": "flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libflatpak0-1.10.8-150200.4.18.1.aarch64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:libflatpak0-1.10.8-150200.4.18.1.aarch64"
},
"product_reference": "libflatpak0-1.10.8-150200.4.18.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libflatpak0-1.10.8-150200.4.18.1.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:libflatpak0-1.10.8-150200.4.18.1.x86_64"
},
"product_reference": "libflatpak0-1.10.8-150200.4.18.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-user-flatpak-1.10.8-150200.4.18.1.aarch64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:system-user-flatpak-1.10.8-150200.4.18.1.aarch64"
},
"product_reference": "system-user-flatpak-1.10.8-150200.4.18.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-user-flatpak-1.10.8-150200.4.18.1.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:system-user-flatpak-1.10.8-150200.4.18.1.x86_64"
},
"product_reference": "system-user-flatpak-1.10.8-150200.4.18.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.aarch64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.aarch64"
},
"product_reference": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64"
},
"product_reference": "typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-32462",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-32462"
}
],
"notes": [
{
"category": "general",
"text": "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument of `flatpak run` expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. However it is possible to instead pass `bwrap` arguments to `--command=`, such as `--bind`. It\u0027s possible to pass an arbitrary `commandline` to the portal interface `org.freedesktop.portal.Background.RequestBackground` from within a Flatpak app. When this is converted into a `--command` and arguments, it achieves the same effect of passing arguments directly to `bwrap`, and thus can be used for a sandbox escape. The solution is to pass the `--` argument to `bwrap`, which makes it stop processing options. This has been supported since bubblewrap 0.3.0. All supported versions of Flatpak require at least that version of bubblewrap. xdg-desktop-portal version 1.18.4 will mitigate this vulnerability by only allowing Flatpak apps to create .desktop files for commands that do not start with --. The vulnerability is patched in 1.15.8, 1.10.9, 1.12.9, and 1.14.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:flatpak-1.10.8-150200.4.18.1.aarch64",
"SUSE Enterprise Storage 7.1:flatpak-1.10.8-150200.4.18.1.x86_64",
"SUSE Enterprise Storage 7.1:flatpak-devel-1.10.8-150200.4.18.1.aarch64",
"SUSE Enterprise Storage 7.1:flatpak-devel-1.10.8-150200.4.18.1.x86_64",
"SUSE Enterprise Storage 7.1:flatpak-zsh-completion-1.10.8-150200.4.18.1.aarch64",
"SUSE Enterprise Storage 7.1:flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64",
"SUSE Enterprise Storage 7.1:libflatpak0-1.10.8-150200.4.18.1.aarch64",
"SUSE Enterprise Storage 7.1:libflatpak0-1.10.8-150200.4.18.1.x86_64",
"SUSE Enterprise Storage 7.1:system-user-flatpak-1.10.8-150200.4.18.1.aarch64",
"SUSE Enterprise Storage 7.1:system-user-flatpak-1.10.8-150200.4.18.1.x86_64",
"SUSE Enterprise Storage 7.1:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.aarch64",
"SUSE Enterprise Storage 7.1:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:flatpak-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:flatpak-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:flatpak-devel-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:flatpak-devel-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libflatpak0-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libflatpak0-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:flatpak-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:flatpak-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:flatpak-devel-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:flatpak-devel-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libflatpak0-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libflatpak0-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-1.10.8-150200.4.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-devel-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-devel-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-devel-1.10.8-150200.4.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-devel-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libflatpak0-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libflatpak0-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libflatpak0-1.10.8-150200.4.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libflatpak0-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-1.10.8-150200.4.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-devel-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-devel-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-devel-1.10.8-150200.4.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-devel-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libflatpak0-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libflatpak0-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libflatpak0-1.10.8-150200.4.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libflatpak0-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:flatpak-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:flatpak-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:flatpak-devel-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:flatpak-devel-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:flatpak-zsh-completion-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:libflatpak0-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:libflatpak0-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:system-user-flatpak-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:system-user-flatpak-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:flatpak-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:flatpak-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:flatpak-devel-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:flatpak-devel-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:flatpak-zsh-completion-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libflatpak0-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libflatpak0-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:system-user-flatpak-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:system-user-flatpak-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-32462",
"url": "https://www.suse.com/security/cve/CVE-2024-32462"
},
{
"category": "external",
"summary": "SUSE Bug 1223110 for CVE-2024-32462",
"url": "https://bugzilla.suse.com/1223110"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:flatpak-1.10.8-150200.4.18.1.aarch64",
"SUSE Enterprise Storage 7.1:flatpak-1.10.8-150200.4.18.1.x86_64",
"SUSE Enterprise Storage 7.1:flatpak-devel-1.10.8-150200.4.18.1.aarch64",
"SUSE Enterprise Storage 7.1:flatpak-devel-1.10.8-150200.4.18.1.x86_64",
"SUSE Enterprise Storage 7.1:flatpak-zsh-completion-1.10.8-150200.4.18.1.aarch64",
"SUSE Enterprise Storage 7.1:flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64",
"SUSE Enterprise Storage 7.1:libflatpak0-1.10.8-150200.4.18.1.aarch64",
"SUSE Enterprise Storage 7.1:libflatpak0-1.10.8-150200.4.18.1.x86_64",
"SUSE Enterprise Storage 7.1:system-user-flatpak-1.10.8-150200.4.18.1.aarch64",
"SUSE Enterprise Storage 7.1:system-user-flatpak-1.10.8-150200.4.18.1.x86_64",
"SUSE Enterprise Storage 7.1:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.aarch64",
"SUSE Enterprise Storage 7.1:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:flatpak-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:flatpak-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:flatpak-devel-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:flatpak-devel-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libflatpak0-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libflatpak0-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:flatpak-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:flatpak-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:flatpak-devel-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:flatpak-devel-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libflatpak0-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libflatpak0-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-1.10.8-150200.4.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-devel-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-devel-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-devel-1.10.8-150200.4.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-devel-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libflatpak0-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libflatpak0-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libflatpak0-1.10.8-150200.4.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libflatpak0-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-1.10.8-150200.4.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-devel-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-devel-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-devel-1.10.8-150200.4.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-devel-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libflatpak0-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libflatpak0-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libflatpak0-1.10.8-150200.4.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libflatpak0-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:flatpak-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:flatpak-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:flatpak-devel-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:flatpak-devel-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:flatpak-zsh-completion-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:libflatpak0-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:libflatpak0-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:system-user-flatpak-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:system-user-flatpak-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:flatpak-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:flatpak-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:flatpak-devel-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:flatpak-devel-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:flatpak-zsh-completion-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libflatpak0-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libflatpak0-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:system-user-flatpak-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:system-user-flatpak-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:flatpak-1.10.8-150200.4.18.1.aarch64",
"SUSE Enterprise Storage 7.1:flatpak-1.10.8-150200.4.18.1.x86_64",
"SUSE Enterprise Storage 7.1:flatpak-devel-1.10.8-150200.4.18.1.aarch64",
"SUSE Enterprise Storage 7.1:flatpak-devel-1.10.8-150200.4.18.1.x86_64",
"SUSE Enterprise Storage 7.1:flatpak-zsh-completion-1.10.8-150200.4.18.1.aarch64",
"SUSE Enterprise Storage 7.1:flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64",
"SUSE Enterprise Storage 7.1:libflatpak0-1.10.8-150200.4.18.1.aarch64",
"SUSE Enterprise Storage 7.1:libflatpak0-1.10.8-150200.4.18.1.x86_64",
"SUSE Enterprise Storage 7.1:system-user-flatpak-1.10.8-150200.4.18.1.aarch64",
"SUSE Enterprise Storage 7.1:system-user-flatpak-1.10.8-150200.4.18.1.x86_64",
"SUSE Enterprise Storage 7.1:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.aarch64",
"SUSE Enterprise Storage 7.1:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:flatpak-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:flatpak-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:flatpak-devel-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:flatpak-devel-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libflatpak0-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libflatpak0-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:flatpak-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:flatpak-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:flatpak-devel-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:flatpak-devel-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libflatpak0-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libflatpak0-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-1.10.8-150200.4.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-devel-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-devel-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-devel-1.10.8-150200.4.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-devel-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libflatpak0-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libflatpak0-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libflatpak0-1.10.8-150200.4.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libflatpak0-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-1.10.8-150200.4.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-devel-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-devel-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-devel-1.10.8-150200.4.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-devel-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libflatpak0-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libflatpak0-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libflatpak0-1.10.8-150200.4.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libflatpak0-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:system-user-flatpak-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:flatpak-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:flatpak-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:flatpak-devel-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:flatpak-devel-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:flatpak-zsh-completion-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:libflatpak0-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:libflatpak0-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:system-user-flatpak-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:system-user-flatpak-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:flatpak-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:flatpak-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:flatpak-devel-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:flatpak-devel-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:flatpak-zsh-completion-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:flatpak-zsh-completion-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libflatpak0-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libflatpak0-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:system-user-flatpak-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:system-user-flatpak-1.10.8-150200.4.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:typelib-1_0-Flatpak-1_0-1.10.8-150200.4.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-07T14:05:44Z",
"details": "important"
}
],
"title": "CVE-2024-32462"
}
]
}
SUSE-SU-2024:1548-1
Vulnerability from csaf_suse - Published: 2024-05-07 14:05 - Updated: 2024-05-07 14:05| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:flatpak-1.4.2-3.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:flatpak-1.4.2-3.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:flatpak-1.4.2-3.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:flatpak-1.4.2-3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libflatpak0-1.4.2-3.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libflatpak0-1.4.2-3.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libflatpak0-1.4.2-3.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libflatpak0-1.4.2-3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:flatpak-1.4.2-3.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:flatpak-1.4.2-3.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:flatpak-1.4.2-3.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:flatpak-1.4.2-3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libflatpak0-1.4.2-3.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libflatpak0-1.4.2-3.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libflatpak0-1.4.2-3.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libflatpak0-1.4.2-3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for flatpak",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for flatpak fixes the following issues:\n \n- CVE-2024-32462: Fixed arbitrary code execution outside sandbox via malicious app due to insufficient \u0027command\u0027 argument sanitization (bsc#1223110) \n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-1548,SUSE-SLE-SERVER-12-SP5-2024-1548",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1548-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:1548-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241548-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:1548-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-May/035190.html"
},
{
"category": "self",
"summary": "SUSE Bug 1223110",
"url": "https://bugzilla.suse.com/1223110"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-32462 page",
"url": "https://www.suse.com/security/cve/CVE-2024-32462/"
}
],
"title": "Security update for flatpak",
"tracking": {
"current_release_date": "2024-05-07T14:05:57Z",
"generator": {
"date": "2024-05-07T14:05:57Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:1548-1",
"initial_release_date": "2024-05-07T14:05:57Z",
"revision_history": [
{
"date": "2024-05-07T14:05:57Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "flatpak-1.4.2-3.6.1.aarch64",
"product": {
"name": "flatpak-1.4.2-3.6.1.aarch64",
"product_id": "flatpak-1.4.2-3.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "flatpak-devel-1.4.2-3.6.1.aarch64",
"product": {
"name": "flatpak-devel-1.4.2-3.6.1.aarch64",
"product_id": "flatpak-devel-1.4.2-3.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "flatpak-zsh-completion-1.4.2-3.6.1.aarch64",
"product": {
"name": "flatpak-zsh-completion-1.4.2-3.6.1.aarch64",
"product_id": "flatpak-zsh-completion-1.4.2-3.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "libflatpak0-1.4.2-3.6.1.aarch64",
"product": {
"name": "libflatpak0-1.4.2-3.6.1.aarch64",
"product_id": "libflatpak0-1.4.2-3.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.aarch64",
"product": {
"name": "typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.aarch64",
"product_id": "typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "flatpak-1.4.2-3.6.1.i586",
"product": {
"name": "flatpak-1.4.2-3.6.1.i586",
"product_id": "flatpak-1.4.2-3.6.1.i586"
}
},
{
"category": "product_version",
"name": "flatpak-devel-1.4.2-3.6.1.i586",
"product": {
"name": "flatpak-devel-1.4.2-3.6.1.i586",
"product_id": "flatpak-devel-1.4.2-3.6.1.i586"
}
},
{
"category": "product_version",
"name": "flatpak-zsh-completion-1.4.2-3.6.1.i586",
"product": {
"name": "flatpak-zsh-completion-1.4.2-3.6.1.i586",
"product_id": "flatpak-zsh-completion-1.4.2-3.6.1.i586"
}
},
{
"category": "product_version",
"name": "libflatpak0-1.4.2-3.6.1.i586",
"product": {
"name": "libflatpak0-1.4.2-3.6.1.i586",
"product_id": "libflatpak0-1.4.2-3.6.1.i586"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.i586",
"product": {
"name": "typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.i586",
"product_id": "typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "flatpak-1.4.2-3.6.1.ppc64le",
"product": {
"name": "flatpak-1.4.2-3.6.1.ppc64le",
"product_id": "flatpak-1.4.2-3.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "flatpak-devel-1.4.2-3.6.1.ppc64le",
"product": {
"name": "flatpak-devel-1.4.2-3.6.1.ppc64le",
"product_id": "flatpak-devel-1.4.2-3.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "flatpak-zsh-completion-1.4.2-3.6.1.ppc64le",
"product": {
"name": "flatpak-zsh-completion-1.4.2-3.6.1.ppc64le",
"product_id": "flatpak-zsh-completion-1.4.2-3.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libflatpak0-1.4.2-3.6.1.ppc64le",
"product": {
"name": "libflatpak0-1.4.2-3.6.1.ppc64le",
"product_id": "libflatpak0-1.4.2-3.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.ppc64le",
"product": {
"name": "typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.ppc64le",
"product_id": "typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "flatpak-1.4.2-3.6.1.s390",
"product": {
"name": "flatpak-1.4.2-3.6.1.s390",
"product_id": "flatpak-1.4.2-3.6.1.s390"
}
},
{
"category": "product_version",
"name": "flatpak-devel-1.4.2-3.6.1.s390",
"product": {
"name": "flatpak-devel-1.4.2-3.6.1.s390",
"product_id": "flatpak-devel-1.4.2-3.6.1.s390"
}
},
{
"category": "product_version",
"name": "flatpak-zsh-completion-1.4.2-3.6.1.s390",
"product": {
"name": "flatpak-zsh-completion-1.4.2-3.6.1.s390",
"product_id": "flatpak-zsh-completion-1.4.2-3.6.1.s390"
}
},
{
"category": "product_version",
"name": "libflatpak0-1.4.2-3.6.1.s390",
"product": {
"name": "libflatpak0-1.4.2-3.6.1.s390",
"product_id": "libflatpak0-1.4.2-3.6.1.s390"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.s390",
"product": {
"name": "typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.s390",
"product_id": "typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "flatpak-1.4.2-3.6.1.s390x",
"product": {
"name": "flatpak-1.4.2-3.6.1.s390x",
"product_id": "flatpak-1.4.2-3.6.1.s390x"
}
},
{
"category": "product_version",
"name": "flatpak-devel-1.4.2-3.6.1.s390x",
"product": {
"name": "flatpak-devel-1.4.2-3.6.1.s390x",
"product_id": "flatpak-devel-1.4.2-3.6.1.s390x"
}
},
{
"category": "product_version",
"name": "flatpak-zsh-completion-1.4.2-3.6.1.s390x",
"product": {
"name": "flatpak-zsh-completion-1.4.2-3.6.1.s390x",
"product_id": "flatpak-zsh-completion-1.4.2-3.6.1.s390x"
}
},
{
"category": "product_version",
"name": "libflatpak0-1.4.2-3.6.1.s390x",
"product": {
"name": "libflatpak0-1.4.2-3.6.1.s390x",
"product_id": "libflatpak0-1.4.2-3.6.1.s390x"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.s390x",
"product": {
"name": "typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.s390x",
"product_id": "typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "flatpak-1.4.2-3.6.1.x86_64",
"product": {
"name": "flatpak-1.4.2-3.6.1.x86_64",
"product_id": "flatpak-1.4.2-3.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "flatpak-devel-1.4.2-3.6.1.x86_64",
"product": {
"name": "flatpak-devel-1.4.2-3.6.1.x86_64",
"product_id": "flatpak-devel-1.4.2-3.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "flatpak-zsh-completion-1.4.2-3.6.1.x86_64",
"product": {
"name": "flatpak-zsh-completion-1.4.2-3.6.1.x86_64",
"product_id": "flatpak-zsh-completion-1.4.2-3.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "libflatpak0-1.4.2-3.6.1.x86_64",
"product": {
"name": "libflatpak0-1.4.2-3.6.1.x86_64",
"product_id": "libflatpak0-1.4.2-3.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.x86_64",
"product": {
"name": "typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.x86_64",
"product_id": "typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-1.4.2-3.6.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:flatpak-1.4.2-3.6.1.aarch64"
},
"product_reference": "flatpak-1.4.2-3.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-1.4.2-3.6.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:flatpak-1.4.2-3.6.1.ppc64le"
},
"product_reference": "flatpak-1.4.2-3.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-1.4.2-3.6.1.s390x as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:flatpak-1.4.2-3.6.1.s390x"
},
"product_reference": "flatpak-1.4.2-3.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-1.4.2-3.6.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:flatpak-1.4.2-3.6.1.x86_64"
},
"product_reference": "flatpak-1.4.2-3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libflatpak0-1.4.2-3.6.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:libflatpak0-1.4.2-3.6.1.aarch64"
},
"product_reference": "libflatpak0-1.4.2-3.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libflatpak0-1.4.2-3.6.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:libflatpak0-1.4.2-3.6.1.ppc64le"
},
"product_reference": "libflatpak0-1.4.2-3.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libflatpak0-1.4.2-3.6.1.s390x as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:libflatpak0-1.4.2-3.6.1.s390x"
},
"product_reference": "libflatpak0-1.4.2-3.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libflatpak0-1.4.2-3.6.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:libflatpak0-1.4.2-3.6.1.x86_64"
},
"product_reference": "libflatpak0-1.4.2-3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.aarch64"
},
"product_reference": "typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.ppc64le"
},
"product_reference": "typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.s390x as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.s390x"
},
"product_reference": "typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.x86_64"
},
"product_reference": "typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-1.4.2-3.6.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:flatpak-1.4.2-3.6.1.aarch64"
},
"product_reference": "flatpak-1.4.2-3.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-1.4.2-3.6.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:flatpak-1.4.2-3.6.1.ppc64le"
},
"product_reference": "flatpak-1.4.2-3.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-1.4.2-3.6.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:flatpak-1.4.2-3.6.1.s390x"
},
"product_reference": "flatpak-1.4.2-3.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-1.4.2-3.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:flatpak-1.4.2-3.6.1.x86_64"
},
"product_reference": "flatpak-1.4.2-3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libflatpak0-1.4.2-3.6.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libflatpak0-1.4.2-3.6.1.aarch64"
},
"product_reference": "libflatpak0-1.4.2-3.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libflatpak0-1.4.2-3.6.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libflatpak0-1.4.2-3.6.1.ppc64le"
},
"product_reference": "libflatpak0-1.4.2-3.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libflatpak0-1.4.2-3.6.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libflatpak0-1.4.2-3.6.1.s390x"
},
"product_reference": "libflatpak0-1.4.2-3.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libflatpak0-1.4.2-3.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libflatpak0-1.4.2-3.6.1.x86_64"
},
"product_reference": "libflatpak0-1.4.2-3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.aarch64"
},
"product_reference": "typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.ppc64le"
},
"product_reference": "typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.s390x"
},
"product_reference": "typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.x86_64"
},
"product_reference": "typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-32462",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-32462"
}
],
"notes": [
{
"category": "general",
"text": "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument of `flatpak run` expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. However it is possible to instead pass `bwrap` arguments to `--command=`, such as `--bind`. It\u0027s possible to pass an arbitrary `commandline` to the portal interface `org.freedesktop.portal.Background.RequestBackground` from within a Flatpak app. When this is converted into a `--command` and arguments, it achieves the same effect of passing arguments directly to `bwrap`, and thus can be used for a sandbox escape. The solution is to pass the `--` argument to `bwrap`, which makes it stop processing options. This has been supported since bubblewrap 0.3.0. All supported versions of Flatpak require at least that version of bubblewrap. xdg-desktop-portal version 1.18.4 will mitigate this vulnerability by only allowing Flatpak apps to create .desktop files for commands that do not start with --. The vulnerability is patched in 1.15.8, 1.10.9, 1.12.9, and 1.14.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:flatpak-1.4.2-3.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:flatpak-1.4.2-3.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:flatpak-1.4.2-3.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:flatpak-1.4.2-3.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libflatpak0-1.4.2-3.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libflatpak0-1.4.2-3.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libflatpak0-1.4.2-3.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libflatpak0-1.4.2-3.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:flatpak-1.4.2-3.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:flatpak-1.4.2-3.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:flatpak-1.4.2-3.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:flatpak-1.4.2-3.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libflatpak0-1.4.2-3.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libflatpak0-1.4.2-3.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libflatpak0-1.4.2-3.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libflatpak0-1.4.2-3.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-32462",
"url": "https://www.suse.com/security/cve/CVE-2024-32462"
},
{
"category": "external",
"summary": "SUSE Bug 1223110 for CVE-2024-32462",
"url": "https://bugzilla.suse.com/1223110"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:flatpak-1.4.2-3.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:flatpak-1.4.2-3.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:flatpak-1.4.2-3.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:flatpak-1.4.2-3.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libflatpak0-1.4.2-3.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libflatpak0-1.4.2-3.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libflatpak0-1.4.2-3.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libflatpak0-1.4.2-3.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:flatpak-1.4.2-3.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:flatpak-1.4.2-3.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:flatpak-1.4.2-3.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:flatpak-1.4.2-3.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libflatpak0-1.4.2-3.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libflatpak0-1.4.2-3.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libflatpak0-1.4.2-3.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libflatpak0-1.4.2-3.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:flatpak-1.4.2-3.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:flatpak-1.4.2-3.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:flatpak-1.4.2-3.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:flatpak-1.4.2-3.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libflatpak0-1.4.2-3.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libflatpak0-1.4.2-3.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libflatpak0-1.4.2-3.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libflatpak0-1.4.2-3.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:flatpak-1.4.2-3.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:flatpak-1.4.2-3.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:flatpak-1.4.2-3.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:flatpak-1.4.2-3.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libflatpak0-1.4.2-3.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libflatpak0-1.4.2-3.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libflatpak0-1.4.2-3.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libflatpak0-1.4.2-3.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-Flatpak-1_0-1.4.2-3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-07T14:05:57Z",
"details": "important"
}
],
"title": "CVE-2024-32462"
}
]
}
SUSE-SU-2024:1803-1
Vulnerability from csaf_suse - Published: 2024-05-28 14:21 - Updated: 2024-05-28 14:21| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:xdg-desktop-portal-1.16.0-150500.3.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:xdg-desktop-portal-1.16.0-150500.3.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:xdg-desktop-portal-1.16.0-150500.3.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:xdg-desktop-portal-1.16.0-150500.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:xdg-desktop-portal-devel-1.16.0-150500.3.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:xdg-desktop-portal-devel-1.16.0-150500.3.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:xdg-desktop-portal-devel-1.16.0-150500.3.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:xdg-desktop-portal-devel-1.16.0-150500.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP5:xdg-desktop-portal-lang-1.16.0-150500.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xdg-desktop-portal-1.16.0-150500.3.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xdg-desktop-portal-1.16.0-150500.3.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xdg-desktop-portal-1.16.0-150500.3.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xdg-desktop-portal-1.16.0-150500.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xdg-desktop-portal-devel-1.16.0-150500.3.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xdg-desktop-portal-devel-1.16.0-150500.3.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xdg-desktop-portal-devel-1.16.0-150500.3.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xdg-desktop-portal-devel-1.16.0-150500.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xdg-desktop-portal-lang-1.16.0-150500.3.6.1.noarch | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xdg-desktop-portal",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xdg-desktop-portal fixes the following issues:\n\n- CVE-2024-32462: Fixed sandbox escape via RequestBackground portal (bsc#1223110).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-1803,SUSE-SLE-Module-Desktop-Applications-15-SP5-2024-1803,openSUSE-SLE-15.5-2024-1803",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1803-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:1803-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241803-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:1803-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-May/035373.html"
},
{
"category": "self",
"summary": "SUSE Bug 1223110",
"url": "https://bugzilla.suse.com/1223110"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-32462 page",
"url": "https://www.suse.com/security/cve/CVE-2024-32462/"
}
],
"title": "Security update for xdg-desktop-portal",
"tracking": {
"current_release_date": "2024-05-28T14:21:16Z",
"generator": {
"date": "2024-05-28T14:21:16Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:1803-1",
"initial_release_date": "2024-05-28T14:21:16Z",
"revision_history": [
{
"date": "2024-05-28T14:21:16Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xdg-desktop-portal-1.16.0-150500.3.6.1.aarch64",
"product": {
"name": "xdg-desktop-portal-1.16.0-150500.3.6.1.aarch64",
"product_id": "xdg-desktop-portal-1.16.0-150500.3.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "xdg-desktop-portal-devel-1.16.0-150500.3.6.1.aarch64",
"product": {
"name": "xdg-desktop-portal-devel-1.16.0-150500.3.6.1.aarch64",
"product_id": "xdg-desktop-portal-devel-1.16.0-150500.3.6.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xdg-desktop-portal-1.16.0-150500.3.6.1.i586",
"product": {
"name": "xdg-desktop-portal-1.16.0-150500.3.6.1.i586",
"product_id": "xdg-desktop-portal-1.16.0-150500.3.6.1.i586"
}
},
{
"category": "product_version",
"name": "xdg-desktop-portal-devel-1.16.0-150500.3.6.1.i586",
"product": {
"name": "xdg-desktop-portal-devel-1.16.0-150500.3.6.1.i586",
"product_id": "xdg-desktop-portal-devel-1.16.0-150500.3.6.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xdg-desktop-portal-lang-1.16.0-150500.3.6.1.noarch",
"product": {
"name": "xdg-desktop-portal-lang-1.16.0-150500.3.6.1.noarch",
"product_id": "xdg-desktop-portal-lang-1.16.0-150500.3.6.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "xdg-desktop-portal-1.16.0-150500.3.6.1.ppc64le",
"product": {
"name": "xdg-desktop-portal-1.16.0-150500.3.6.1.ppc64le",
"product_id": "xdg-desktop-portal-1.16.0-150500.3.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "xdg-desktop-portal-devel-1.16.0-150500.3.6.1.ppc64le",
"product": {
"name": "xdg-desktop-portal-devel-1.16.0-150500.3.6.1.ppc64le",
"product_id": "xdg-desktop-portal-devel-1.16.0-150500.3.6.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "xdg-desktop-portal-1.16.0-150500.3.6.1.s390x",
"product": {
"name": "xdg-desktop-portal-1.16.0-150500.3.6.1.s390x",
"product_id": "xdg-desktop-portal-1.16.0-150500.3.6.1.s390x"
}
},
{
"category": "product_version",
"name": "xdg-desktop-portal-devel-1.16.0-150500.3.6.1.s390x",
"product": {
"name": "xdg-desktop-portal-devel-1.16.0-150500.3.6.1.s390x",
"product_id": "xdg-desktop-portal-devel-1.16.0-150500.3.6.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "xdg-desktop-portal-1.16.0-150500.3.6.1.x86_64",
"product": {
"name": "xdg-desktop-portal-1.16.0-150500.3.6.1.x86_64",
"product_id": "xdg-desktop-portal-1.16.0-150500.3.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "xdg-desktop-portal-devel-1.16.0-150500.3.6.1.x86_64",
"product": {
"name": "xdg-desktop-portal-devel-1.16.0-150500.3.6.1.x86_64",
"product_id": "xdg-desktop-portal-devel-1.16.0-150500.3.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-desktop-applications:15:sp5"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.16.0-150500.3.6.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5:xdg-desktop-portal-1.16.0-150500.3.6.1.aarch64"
},
"product_reference": "xdg-desktop-portal-1.16.0-150500.3.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.16.0-150500.3.6.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5:xdg-desktop-portal-1.16.0-150500.3.6.1.ppc64le"
},
"product_reference": "xdg-desktop-portal-1.16.0-150500.3.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.16.0-150500.3.6.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5:xdg-desktop-portal-1.16.0-150500.3.6.1.s390x"
},
"product_reference": "xdg-desktop-portal-1.16.0-150500.3.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.16.0-150500.3.6.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5:xdg-desktop-portal-1.16.0-150500.3.6.1.x86_64"
},
"product_reference": "xdg-desktop-portal-1.16.0-150500.3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-devel-1.16.0-150500.3.6.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5:xdg-desktop-portal-devel-1.16.0-150500.3.6.1.aarch64"
},
"product_reference": "xdg-desktop-portal-devel-1.16.0-150500.3.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-devel-1.16.0-150500.3.6.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5:xdg-desktop-portal-devel-1.16.0-150500.3.6.1.ppc64le"
},
"product_reference": "xdg-desktop-portal-devel-1.16.0-150500.3.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-devel-1.16.0-150500.3.6.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5:xdg-desktop-portal-devel-1.16.0-150500.3.6.1.s390x"
},
"product_reference": "xdg-desktop-portal-devel-1.16.0-150500.3.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-devel-1.16.0-150500.3.6.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5:xdg-desktop-portal-devel-1.16.0-150500.3.6.1.x86_64"
},
"product_reference": "xdg-desktop-portal-devel-1.16.0-150500.3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-lang-1.16.0-150500.3.6.1.noarch as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5:xdg-desktop-portal-lang-1.16.0-150500.3.6.1.noarch"
},
"product_reference": "xdg-desktop-portal-lang-1.16.0-150500.3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.16.0-150500.3.6.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:xdg-desktop-portal-1.16.0-150500.3.6.1.aarch64"
},
"product_reference": "xdg-desktop-portal-1.16.0-150500.3.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.16.0-150500.3.6.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:xdg-desktop-portal-1.16.0-150500.3.6.1.ppc64le"
},
"product_reference": "xdg-desktop-portal-1.16.0-150500.3.6.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.16.0-150500.3.6.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:xdg-desktop-portal-1.16.0-150500.3.6.1.s390x"
},
"product_reference": "xdg-desktop-portal-1.16.0-150500.3.6.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.16.0-150500.3.6.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:xdg-desktop-portal-1.16.0-150500.3.6.1.x86_64"
},
"product_reference": "xdg-desktop-portal-1.16.0-150500.3.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-devel-1.16.0-150500.3.6.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:xdg-desktop-portal-devel-1.16.0-150500.3.6.1.aarch64"
},
"product_reference": "xdg-desktop-portal-devel-1.16.0-150500.3.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-devel-1.16.0-150500.3.6.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:xdg-desktop-portal-devel-1.16.0-150500.3.6.1.ppc64le"
},
"product_reference": "xdg-desktop-portal-devel-1.16.0-150500.3.6.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-devel-1.16.0-150500.3.6.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:xdg-desktop-portal-devel-1.16.0-150500.3.6.1.s390x"
},
"product_reference": "xdg-desktop-portal-devel-1.16.0-150500.3.6.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-devel-1.16.0-150500.3.6.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:xdg-desktop-portal-devel-1.16.0-150500.3.6.1.x86_64"
},
"product_reference": "xdg-desktop-portal-devel-1.16.0-150500.3.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-lang-1.16.0-150500.3.6.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:xdg-desktop-portal-lang-1.16.0-150500.3.6.1.noarch"
},
"product_reference": "xdg-desktop-portal-lang-1.16.0-150500.3.6.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-32462",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-32462"
}
],
"notes": [
{
"category": "general",
"text": "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument of `flatpak run` expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. However it is possible to instead pass `bwrap` arguments to `--command=`, such as `--bind`. It\u0027s possible to pass an arbitrary `commandline` to the portal interface `org.freedesktop.portal.Background.RequestBackground` from within a Flatpak app. When this is converted into a `--command` and arguments, it achieves the same effect of passing arguments directly to `bwrap`, and thus can be used for a sandbox escape. The solution is to pass the `--` argument to `bwrap`, which makes it stop processing options. This has been supported since bubblewrap 0.3.0. All supported versions of Flatpak require at least that version of bubblewrap. xdg-desktop-portal version 1.18.4 will mitigate this vulnerability by only allowing Flatpak apps to create .desktop files for commands that do not start with --. The vulnerability is patched in 1.15.8, 1.10.9, 1.12.9, and 1.14.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:xdg-desktop-portal-1.16.0-150500.3.6.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:xdg-desktop-portal-1.16.0-150500.3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:xdg-desktop-portal-1.16.0-150500.3.6.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:xdg-desktop-portal-1.16.0-150500.3.6.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:xdg-desktop-portal-devel-1.16.0-150500.3.6.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:xdg-desktop-portal-devel-1.16.0-150500.3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:xdg-desktop-portal-devel-1.16.0-150500.3.6.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:xdg-desktop-portal-devel-1.16.0-150500.3.6.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:xdg-desktop-portal-lang-1.16.0-150500.3.6.1.noarch",
"openSUSE Leap 15.5:xdg-desktop-portal-1.16.0-150500.3.6.1.aarch64",
"openSUSE Leap 15.5:xdg-desktop-portal-1.16.0-150500.3.6.1.ppc64le",
"openSUSE Leap 15.5:xdg-desktop-portal-1.16.0-150500.3.6.1.s390x",
"openSUSE Leap 15.5:xdg-desktop-portal-1.16.0-150500.3.6.1.x86_64",
"openSUSE Leap 15.5:xdg-desktop-portal-devel-1.16.0-150500.3.6.1.aarch64",
"openSUSE Leap 15.5:xdg-desktop-portal-devel-1.16.0-150500.3.6.1.ppc64le",
"openSUSE Leap 15.5:xdg-desktop-portal-devel-1.16.0-150500.3.6.1.s390x",
"openSUSE Leap 15.5:xdg-desktop-portal-devel-1.16.0-150500.3.6.1.x86_64",
"openSUSE Leap 15.5:xdg-desktop-portal-lang-1.16.0-150500.3.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-32462",
"url": "https://www.suse.com/security/cve/CVE-2024-32462"
},
{
"category": "external",
"summary": "SUSE Bug 1223110 for CVE-2024-32462",
"url": "https://bugzilla.suse.com/1223110"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:xdg-desktop-portal-1.16.0-150500.3.6.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:xdg-desktop-portal-1.16.0-150500.3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:xdg-desktop-portal-1.16.0-150500.3.6.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:xdg-desktop-portal-1.16.0-150500.3.6.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:xdg-desktop-portal-devel-1.16.0-150500.3.6.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:xdg-desktop-portal-devel-1.16.0-150500.3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:xdg-desktop-portal-devel-1.16.0-150500.3.6.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:xdg-desktop-portal-devel-1.16.0-150500.3.6.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:xdg-desktop-portal-lang-1.16.0-150500.3.6.1.noarch",
"openSUSE Leap 15.5:xdg-desktop-portal-1.16.0-150500.3.6.1.aarch64",
"openSUSE Leap 15.5:xdg-desktop-portal-1.16.0-150500.3.6.1.ppc64le",
"openSUSE Leap 15.5:xdg-desktop-portal-1.16.0-150500.3.6.1.s390x",
"openSUSE Leap 15.5:xdg-desktop-portal-1.16.0-150500.3.6.1.x86_64",
"openSUSE Leap 15.5:xdg-desktop-portal-devel-1.16.0-150500.3.6.1.aarch64",
"openSUSE Leap 15.5:xdg-desktop-portal-devel-1.16.0-150500.3.6.1.ppc64le",
"openSUSE Leap 15.5:xdg-desktop-portal-devel-1.16.0-150500.3.6.1.s390x",
"openSUSE Leap 15.5:xdg-desktop-portal-devel-1.16.0-150500.3.6.1.x86_64",
"openSUSE Leap 15.5:xdg-desktop-portal-lang-1.16.0-150500.3.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:xdg-desktop-portal-1.16.0-150500.3.6.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:xdg-desktop-portal-1.16.0-150500.3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:xdg-desktop-portal-1.16.0-150500.3.6.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:xdg-desktop-portal-1.16.0-150500.3.6.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:xdg-desktop-portal-devel-1.16.0-150500.3.6.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:xdg-desktop-portal-devel-1.16.0-150500.3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:xdg-desktop-portal-devel-1.16.0-150500.3.6.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:xdg-desktop-portal-devel-1.16.0-150500.3.6.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP5:xdg-desktop-portal-lang-1.16.0-150500.3.6.1.noarch",
"openSUSE Leap 15.5:xdg-desktop-portal-1.16.0-150500.3.6.1.aarch64",
"openSUSE Leap 15.5:xdg-desktop-portal-1.16.0-150500.3.6.1.ppc64le",
"openSUSE Leap 15.5:xdg-desktop-portal-1.16.0-150500.3.6.1.s390x",
"openSUSE Leap 15.5:xdg-desktop-portal-1.16.0-150500.3.6.1.x86_64",
"openSUSE Leap 15.5:xdg-desktop-portal-devel-1.16.0-150500.3.6.1.aarch64",
"openSUSE Leap 15.5:xdg-desktop-portal-devel-1.16.0-150500.3.6.1.ppc64le",
"openSUSE Leap 15.5:xdg-desktop-portal-devel-1.16.0-150500.3.6.1.s390x",
"openSUSE Leap 15.5:xdg-desktop-portal-devel-1.16.0-150500.3.6.1.x86_64",
"openSUSE Leap 15.5:xdg-desktop-portal-lang-1.16.0-150500.3.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-28T14:21:16Z",
"details": "important"
}
],
"title": "CVE-2024-32462"
}
]
}
SUSE-SU-2024:1806-1
Vulnerability from csaf_suse - Published: 2024-05-28 20:10 - Updated: 2024-05-28 20:10| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:xdg-desktop-portal-1.10.1-150400.3.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:xdg-desktop-portal-1.10.1-150400.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:xdg-desktop-portal-lang-1.10.1-150400.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:xdg-desktop-portal-1.10.1-150400.3.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:xdg-desktop-portal-1.10.1-150400.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:xdg-desktop-portal-lang-1.10.1-150400.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:xdg-desktop-portal-1.10.1-150400.3.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:xdg-desktop-portal-1.10.1-150400.3.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:xdg-desktop-portal-1.10.1-150400.3.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:xdg-desktop-portal-1.10.1-150400.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:xdg-desktop-portal-lang-1.10.1-150400.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:xdg-desktop-portal-1.10.1-150400.3.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:xdg-desktop-portal-1.10.1-150400.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:xdg-desktop-portal-lang-1.10.1-150400.3.6.1.noarch | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xdg-desktop-portal",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xdg-desktop-portal fixes the following issues:\n\n- CVE-2024-32462: Fixed sandbox escape via RequestBackground portal (bsc#1223110).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-1806,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1806,SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1806,SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1806,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1806,SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1806",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1806-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:1806-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241806-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:1806-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-May/035390.html"
},
{
"category": "self",
"summary": "SUSE Bug 1223110",
"url": "https://bugzilla.suse.com/1223110"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-32462 page",
"url": "https://www.suse.com/security/cve/CVE-2024-32462/"
}
],
"title": "Security update for xdg-desktop-portal",
"tracking": {
"current_release_date": "2024-05-28T20:10:18Z",
"generator": {
"date": "2024-05-28T20:10:18Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:1806-1",
"initial_release_date": "2024-05-28T20:10:18Z",
"revision_history": [
{
"date": "2024-05-28T20:10:18Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xdg-desktop-portal-1.10.1-150400.3.6.1.aarch64",
"product": {
"name": "xdg-desktop-portal-1.10.1-150400.3.6.1.aarch64",
"product_id": "xdg-desktop-portal-1.10.1-150400.3.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "xdg-desktop-portal-devel-1.10.1-150400.3.6.1.aarch64",
"product": {
"name": "xdg-desktop-portal-devel-1.10.1-150400.3.6.1.aarch64",
"product_id": "xdg-desktop-portal-devel-1.10.1-150400.3.6.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xdg-desktop-portal-1.10.1-150400.3.6.1.i586",
"product": {
"name": "xdg-desktop-portal-1.10.1-150400.3.6.1.i586",
"product_id": "xdg-desktop-portal-1.10.1-150400.3.6.1.i586"
}
},
{
"category": "product_version",
"name": "xdg-desktop-portal-devel-1.10.1-150400.3.6.1.i586",
"product": {
"name": "xdg-desktop-portal-devel-1.10.1-150400.3.6.1.i586",
"product_id": "xdg-desktop-portal-devel-1.10.1-150400.3.6.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xdg-desktop-portal-lang-1.10.1-150400.3.6.1.noarch",
"product": {
"name": "xdg-desktop-portal-lang-1.10.1-150400.3.6.1.noarch",
"product_id": "xdg-desktop-portal-lang-1.10.1-150400.3.6.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "xdg-desktop-portal-1.10.1-150400.3.6.1.ppc64le",
"product": {
"name": "xdg-desktop-portal-1.10.1-150400.3.6.1.ppc64le",
"product_id": "xdg-desktop-portal-1.10.1-150400.3.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "xdg-desktop-portal-devel-1.10.1-150400.3.6.1.ppc64le",
"product": {
"name": "xdg-desktop-portal-devel-1.10.1-150400.3.6.1.ppc64le",
"product_id": "xdg-desktop-portal-devel-1.10.1-150400.3.6.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "xdg-desktop-portal-1.10.1-150400.3.6.1.s390x",
"product": {
"name": "xdg-desktop-portal-1.10.1-150400.3.6.1.s390x",
"product_id": "xdg-desktop-portal-1.10.1-150400.3.6.1.s390x"
}
},
{
"category": "product_version",
"name": "xdg-desktop-portal-devel-1.10.1-150400.3.6.1.s390x",
"product": {
"name": "xdg-desktop-portal-devel-1.10.1-150400.3.6.1.s390x",
"product_id": "xdg-desktop-portal-devel-1.10.1-150400.3.6.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "xdg-desktop-portal-1.10.1-150400.3.6.1.x86_64",
"product": {
"name": "xdg-desktop-portal-1.10.1-150400.3.6.1.x86_64",
"product_id": "xdg-desktop-portal-1.10.1-150400.3.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "xdg-desktop-portal-devel-1.10.1-150400.3.6.1.x86_64",
"product": {
"name": "xdg-desktop-portal-devel-1.10.1-150400.3.6.1.x86_64",
"product_id": "xdg-desktop-portal-devel-1.10.1-150400.3.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.10.1-150400.3.6.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:xdg-desktop-portal-1.10.1-150400.3.6.1.aarch64"
},
"product_reference": "xdg-desktop-portal-1.10.1-150400.3.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.10.1-150400.3.6.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:xdg-desktop-portal-1.10.1-150400.3.6.1.x86_64"
},
"product_reference": "xdg-desktop-portal-1.10.1-150400.3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-devel-1.10.1-150400.3.6.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.aarch64"
},
"product_reference": "xdg-desktop-portal-devel-1.10.1-150400.3.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-devel-1.10.1-150400.3.6.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.x86_64"
},
"product_reference": "xdg-desktop-portal-devel-1.10.1-150400.3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-lang-1.10.1-150400.3.6.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:xdg-desktop-portal-lang-1.10.1-150400.3.6.1.noarch"
},
"product_reference": "xdg-desktop-portal-lang-1.10.1-150400.3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.10.1-150400.3.6.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:xdg-desktop-portal-1.10.1-150400.3.6.1.aarch64"
},
"product_reference": "xdg-desktop-portal-1.10.1-150400.3.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.10.1-150400.3.6.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:xdg-desktop-portal-1.10.1-150400.3.6.1.x86_64"
},
"product_reference": "xdg-desktop-portal-1.10.1-150400.3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-devel-1.10.1-150400.3.6.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.aarch64"
},
"product_reference": "xdg-desktop-portal-devel-1.10.1-150400.3.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-devel-1.10.1-150400.3.6.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.x86_64"
},
"product_reference": "xdg-desktop-portal-devel-1.10.1-150400.3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-lang-1.10.1-150400.3.6.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:xdg-desktop-portal-lang-1.10.1-150400.3.6.1.noarch"
},
"product_reference": "xdg-desktop-portal-lang-1.10.1-150400.3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.10.1-150400.3.6.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:xdg-desktop-portal-1.10.1-150400.3.6.1.aarch64"
},
"product_reference": "xdg-desktop-portal-1.10.1-150400.3.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.10.1-150400.3.6.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:xdg-desktop-portal-1.10.1-150400.3.6.1.ppc64le"
},
"product_reference": "xdg-desktop-portal-1.10.1-150400.3.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.10.1-150400.3.6.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:xdg-desktop-portal-1.10.1-150400.3.6.1.s390x"
},
"product_reference": "xdg-desktop-portal-1.10.1-150400.3.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.10.1-150400.3.6.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:xdg-desktop-portal-1.10.1-150400.3.6.1.x86_64"
},
"product_reference": "xdg-desktop-portal-1.10.1-150400.3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-devel-1.10.1-150400.3.6.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.aarch64"
},
"product_reference": "xdg-desktop-portal-devel-1.10.1-150400.3.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-devel-1.10.1-150400.3.6.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.ppc64le"
},
"product_reference": "xdg-desktop-portal-devel-1.10.1-150400.3.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-devel-1.10.1-150400.3.6.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.s390x"
},
"product_reference": "xdg-desktop-portal-devel-1.10.1-150400.3.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-devel-1.10.1-150400.3.6.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.x86_64"
},
"product_reference": "xdg-desktop-portal-devel-1.10.1-150400.3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-lang-1.10.1-150400.3.6.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:xdg-desktop-portal-lang-1.10.1-150400.3.6.1.noarch"
},
"product_reference": "xdg-desktop-portal-lang-1.10.1-150400.3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.10.1-150400.3.6.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:xdg-desktop-portal-1.10.1-150400.3.6.1.ppc64le"
},
"product_reference": "xdg-desktop-portal-1.10.1-150400.3.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.10.1-150400.3.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:xdg-desktop-portal-1.10.1-150400.3.6.1.x86_64"
},
"product_reference": "xdg-desktop-portal-1.10.1-150400.3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-devel-1.10.1-150400.3.6.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.ppc64le"
},
"product_reference": "xdg-desktop-portal-devel-1.10.1-150400.3.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-devel-1.10.1-150400.3.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.x86_64"
},
"product_reference": "xdg-desktop-portal-devel-1.10.1-150400.3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-lang-1.10.1-150400.3.6.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:xdg-desktop-portal-lang-1.10.1-150400.3.6.1.noarch"
},
"product_reference": "xdg-desktop-portal-lang-1.10.1-150400.3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-32462",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-32462"
}
],
"notes": [
{
"category": "general",
"text": "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument of `flatpak run` expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. However it is possible to instead pass `bwrap` arguments to `--command=`, such as `--bind`. It\u0027s possible to pass an arbitrary `commandline` to the portal interface `org.freedesktop.portal.Background.RequestBackground` from within a Flatpak app. When this is converted into a `--command` and arguments, it achieves the same effect of passing arguments directly to `bwrap`, and thus can be used for a sandbox escape. The solution is to pass the `--` argument to `bwrap`, which makes it stop processing options. This has been supported since bubblewrap 0.3.0. All supported versions of Flatpak require at least that version of bubblewrap. xdg-desktop-portal version 1.18.4 will mitigate this vulnerability by only allowing Flatpak apps to create .desktop files for commands that do not start with --. The vulnerability is patched in 1.15.8, 1.10.9, 1.12.9, and 1.14.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:xdg-desktop-portal-1.10.1-150400.3.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:xdg-desktop-portal-1.10.1-150400.3.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:xdg-desktop-portal-lang-1.10.1-150400.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:xdg-desktop-portal-1.10.1-150400.3.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:xdg-desktop-portal-1.10.1-150400.3.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:xdg-desktop-portal-lang-1.10.1-150400.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:xdg-desktop-portal-1.10.1-150400.3.6.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:xdg-desktop-portal-1.10.1-150400.3.6.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:xdg-desktop-portal-1.10.1-150400.3.6.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:xdg-desktop-portal-1.10.1-150400.3.6.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:xdg-desktop-portal-lang-1.10.1-150400.3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:xdg-desktop-portal-1.10.1-150400.3.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:xdg-desktop-portal-1.10.1-150400.3.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:xdg-desktop-portal-lang-1.10.1-150400.3.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-32462",
"url": "https://www.suse.com/security/cve/CVE-2024-32462"
},
{
"category": "external",
"summary": "SUSE Bug 1223110 for CVE-2024-32462",
"url": "https://bugzilla.suse.com/1223110"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:xdg-desktop-portal-1.10.1-150400.3.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:xdg-desktop-portal-1.10.1-150400.3.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:xdg-desktop-portal-lang-1.10.1-150400.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:xdg-desktop-portal-1.10.1-150400.3.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:xdg-desktop-portal-1.10.1-150400.3.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:xdg-desktop-portal-lang-1.10.1-150400.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:xdg-desktop-portal-1.10.1-150400.3.6.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:xdg-desktop-portal-1.10.1-150400.3.6.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:xdg-desktop-portal-1.10.1-150400.3.6.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:xdg-desktop-portal-1.10.1-150400.3.6.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:xdg-desktop-portal-lang-1.10.1-150400.3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:xdg-desktop-portal-1.10.1-150400.3.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:xdg-desktop-portal-1.10.1-150400.3.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:xdg-desktop-portal-lang-1.10.1-150400.3.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:xdg-desktop-portal-1.10.1-150400.3.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:xdg-desktop-portal-1.10.1-150400.3.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:xdg-desktop-portal-lang-1.10.1-150400.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:xdg-desktop-portal-1.10.1-150400.3.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:xdg-desktop-portal-1.10.1-150400.3.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:xdg-desktop-portal-lang-1.10.1-150400.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:xdg-desktop-portal-1.10.1-150400.3.6.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:xdg-desktop-portal-1.10.1-150400.3.6.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:xdg-desktop-portal-1.10.1-150400.3.6.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:xdg-desktop-portal-1.10.1-150400.3.6.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:xdg-desktop-portal-lang-1.10.1-150400.3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:xdg-desktop-portal-1.10.1-150400.3.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:xdg-desktop-portal-1.10.1-150400.3.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:xdg-desktop-portal-devel-1.10.1-150400.3.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:xdg-desktop-portal-lang-1.10.1-150400.3.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-28T20:10:18Z",
"details": "important"
}
],
"title": "CVE-2024-32462"
}
]
}
SUSE-SU-2024:1831-1
Vulnerability from csaf_suse - Published: 2024-05-29 12:09 - Updated: 2024-05-29 12:09| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:xdg-desktop-portal-1.8.0-150200.5.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xdg-desktop-portal-1.8.0-150200.5.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:xdg-desktop-portal-1.8.0-150200.5.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xdg-desktop-portal",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xdg-desktop-portal fixes the following issues:\n\n- CVE-2024-32462: Fixed sandbox escape via RequestBackground portal (bsc#1223110).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-1831,SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-1831,SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-1831,SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-1831,SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-1831,SUSE-SLE-Product-SLES_SAP-15-SP2-2024-1831,SUSE-SLE-Product-SLES_SAP-15-SP3-2024-1831,SUSE-Storage-7.1-2024-1831",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1831-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:1831-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241831-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:1831-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018625.html"
},
{
"category": "self",
"summary": "SUSE Bug 1223110",
"url": "https://bugzilla.suse.com/1223110"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-32462 page",
"url": "https://www.suse.com/security/cve/CVE-2024-32462/"
}
],
"title": "Security update for xdg-desktop-portal",
"tracking": {
"current_release_date": "2024-05-29T12:09:40Z",
"generator": {
"date": "2024-05-29T12:09:40Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:1831-1",
"initial_release_date": "2024-05-29T12:09:40Z",
"revision_history": [
{
"date": "2024-05-29T12:09:40Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xdg-desktop-portal-1.8.0-150200.5.6.1.aarch64",
"product": {
"name": "xdg-desktop-portal-1.8.0-150200.5.6.1.aarch64",
"product_id": "xdg-desktop-portal-1.8.0-150200.5.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.aarch64",
"product": {
"name": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.aarch64",
"product_id": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xdg-desktop-portal-1.8.0-150200.5.6.1.i586",
"product": {
"name": "xdg-desktop-portal-1.8.0-150200.5.6.1.i586",
"product_id": "xdg-desktop-portal-1.8.0-150200.5.6.1.i586"
}
},
{
"category": "product_version",
"name": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.i586",
"product": {
"name": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.i586",
"product_id": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch",
"product": {
"name": "xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch",
"product_id": "xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "xdg-desktop-portal-1.8.0-150200.5.6.1.ppc64le",
"product": {
"name": "xdg-desktop-portal-1.8.0-150200.5.6.1.ppc64le",
"product_id": "xdg-desktop-portal-1.8.0-150200.5.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.ppc64le",
"product": {
"name": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.ppc64le",
"product_id": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "xdg-desktop-portal-1.8.0-150200.5.6.1.s390x",
"product": {
"name": "xdg-desktop-portal-1.8.0-150200.5.6.1.s390x",
"product_id": "xdg-desktop-portal-1.8.0-150200.5.6.1.s390x"
}
},
{
"category": "product_version",
"name": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.s390x",
"product": {
"name": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.s390x",
"product_id": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64",
"product": {
"name": "xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64",
"product_id": "xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64",
"product": {
"name": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64",
"product_id": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.8.0-150200.5.6.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.aarch64"
},
"product_reference": "xdg-desktop-portal-1.8.0-150200.5.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64"
},
"product_reference": "xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.aarch64"
},
"product_reference": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64"
},
"product_reference": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch"
},
"product_reference": "xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.8.0-150200.5.6.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.aarch64"
},
"product_reference": "xdg-desktop-portal-1.8.0-150200.5.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64"
},
"product_reference": "xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.aarch64"
},
"product_reference": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64"
},
"product_reference": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch"
},
"product_reference": "xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.8.0-150200.5.6.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.aarch64"
},
"product_reference": "xdg-desktop-portal-1.8.0-150200.5.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.8.0-150200.5.6.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.ppc64le"
},
"product_reference": "xdg-desktop-portal-1.8.0-150200.5.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.8.0-150200.5.6.1.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.s390x"
},
"product_reference": "xdg-desktop-portal-1.8.0-150200.5.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64"
},
"product_reference": "xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.aarch64"
},
"product_reference": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.ppc64le"
},
"product_reference": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.s390x"
},
"product_reference": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64"
},
"product_reference": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch"
},
"product_reference": "xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.8.0-150200.5.6.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.aarch64"
},
"product_reference": "xdg-desktop-portal-1.8.0-150200.5.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.8.0-150200.5.6.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.ppc64le"
},
"product_reference": "xdg-desktop-portal-1.8.0-150200.5.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.8.0-150200.5.6.1.s390x as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.s390x"
},
"product_reference": "xdg-desktop-portal-1.8.0-150200.5.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64"
},
"product_reference": "xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.aarch64"
},
"product_reference": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.ppc64le"
},
"product_reference": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.s390x as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.s390x"
},
"product_reference": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64"
},
"product_reference": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch"
},
"product_reference": "xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.8.0-150200.5.6.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xdg-desktop-portal-1.8.0-150200.5.6.1.ppc64le"
},
"product_reference": "xdg-desktop-portal-1.8.0-150200.5.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64"
},
"product_reference": "xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.ppc64le"
},
"product_reference": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64"
},
"product_reference": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch"
},
"product_reference": "xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.8.0-150200.5.6.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:xdg-desktop-portal-1.8.0-150200.5.6.1.ppc64le"
},
"product_reference": "xdg-desktop-portal-1.8.0-150200.5.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64"
},
"product_reference": "xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.ppc64le"
},
"product_reference": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64"
},
"product_reference": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch"
},
"product_reference": "xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.8.0-150200.5.6.1.aarch64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:xdg-desktop-portal-1.8.0-150200.5.6.1.aarch64"
},
"product_reference": "xdg-desktop-portal-1.8.0-150200.5.6.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64"
},
"product_reference": "xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.aarch64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.aarch64"
},
"product_reference": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64"
},
"product_reference": "xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch"
},
"product_reference": "xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-32462",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-32462"
}
],
"notes": [
{
"category": "general",
"text": "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument of `flatpak run` expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. However it is possible to instead pass `bwrap` arguments to `--command=`, such as `--bind`. It\u0027s possible to pass an arbitrary `commandline` to the portal interface `org.freedesktop.portal.Background.RequestBackground` from within a Flatpak app. When this is converted into a `--command` and arguments, it achieves the same effect of passing arguments directly to `bwrap`, and thus can be used for a sandbox escape. The solution is to pass the `--` argument to `bwrap`, which makes it stop processing options. This has been supported since bubblewrap 0.3.0. All supported versions of Flatpak require at least that version of bubblewrap. xdg-desktop-portal version 1.18.4 will mitigate this vulnerability by only allowing Flatpak apps to create .desktop files for commands that do not start with --. The vulnerability is patched in 1.15.8, 1.10.9, 1.12.9, and 1.14.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:xdg-desktop-portal-1.8.0-150200.5.6.1.aarch64",
"SUSE Enterprise Storage 7.1:xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64",
"SUSE Enterprise Storage 7.1:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.aarch64",
"SUSE Enterprise Storage 7.1:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64",
"SUSE Enterprise Storage 7.1:xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xdg-desktop-portal-1.8.0-150200.5.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xdg-desktop-portal-1.8.0-150200.5.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-32462",
"url": "https://www.suse.com/security/cve/CVE-2024-32462"
},
{
"category": "external",
"summary": "SUSE Bug 1223110 for CVE-2024-32462",
"url": "https://bugzilla.suse.com/1223110"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:xdg-desktop-portal-1.8.0-150200.5.6.1.aarch64",
"SUSE Enterprise Storage 7.1:xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64",
"SUSE Enterprise Storage 7.1:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.aarch64",
"SUSE Enterprise Storage 7.1:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64",
"SUSE Enterprise Storage 7.1:xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xdg-desktop-portal-1.8.0-150200.5.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xdg-desktop-portal-1.8.0-150200.5.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:xdg-desktop-portal-1.8.0-150200.5.6.1.aarch64",
"SUSE Enterprise Storage 7.1:xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64",
"SUSE Enterprise Storage 7.1:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.aarch64",
"SUSE Enterprise Storage 7.1:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64",
"SUSE Enterprise Storage 7.1:xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xdg-desktop-portal-1.8.0-150200.5.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xdg-desktop-portal-1.8.0-150200.5.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xdg-desktop-portal-1.8.0-150200.5.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xdg-desktop-portal-devel-1.8.0-150200.5.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xdg-desktop-portal-lang-1.8.0-150200.5.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-29T12:09:40Z",
"details": "important"
}
],
"title": "CVE-2024-32462"
}
]
}
SUSE-SU-2024:1832-1
Vulnerability from csaf_suse - Published: 2024-05-29 12:09 - Updated: 2024-05-29 12:09| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xdg-desktop-portal-1.4.2-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xdg-desktop-portal-1.4.2-3.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xdg-desktop-portal-1.4.2-3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xdg-desktop-portal-1.4.2-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xdg-desktop-portal-lang-1.4.2-3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xdg-desktop-portal-1.4.2-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xdg-desktop-portal-1.4.2-3.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xdg-desktop-portal-1.4.2-3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xdg-desktop-portal-1.4.2-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xdg-desktop-portal-lang-1.4.2-3.3.1.noarch | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xdg-desktop-portal",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xdg-desktop-portal fixes the following issues:\n\n- CVE-2024-32462: Fixed sandbox escape via RequestBackground portal (bsc#1223110).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-1832,SUSE-SLE-SERVER-12-SP5-2024-1832",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1832-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:1832-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241832-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:1832-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018624.html"
},
{
"category": "self",
"summary": "SUSE Bug 1223110",
"url": "https://bugzilla.suse.com/1223110"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-32462 page",
"url": "https://www.suse.com/security/cve/CVE-2024-32462/"
}
],
"title": "Security update for xdg-desktop-portal",
"tracking": {
"current_release_date": "2024-05-29T12:09:58Z",
"generator": {
"date": "2024-05-29T12:09:58Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:1832-1",
"initial_release_date": "2024-05-29T12:09:58Z",
"revision_history": [
{
"date": "2024-05-29T12:09:58Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xdg-desktop-portal-1.4.2-3.3.1.aarch64",
"product": {
"name": "xdg-desktop-portal-1.4.2-3.3.1.aarch64",
"product_id": "xdg-desktop-portal-1.4.2-3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "xdg-desktop-portal-devel-1.4.2-3.3.1.aarch64",
"product": {
"name": "xdg-desktop-portal-devel-1.4.2-3.3.1.aarch64",
"product_id": "xdg-desktop-portal-devel-1.4.2-3.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xdg-desktop-portal-1.4.2-3.3.1.i586",
"product": {
"name": "xdg-desktop-portal-1.4.2-3.3.1.i586",
"product_id": "xdg-desktop-portal-1.4.2-3.3.1.i586"
}
},
{
"category": "product_version",
"name": "xdg-desktop-portal-devel-1.4.2-3.3.1.i586",
"product": {
"name": "xdg-desktop-portal-devel-1.4.2-3.3.1.i586",
"product_id": "xdg-desktop-portal-devel-1.4.2-3.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xdg-desktop-portal-lang-1.4.2-3.3.1.noarch",
"product": {
"name": "xdg-desktop-portal-lang-1.4.2-3.3.1.noarch",
"product_id": "xdg-desktop-portal-lang-1.4.2-3.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "xdg-desktop-portal-1.4.2-3.3.1.ppc64le",
"product": {
"name": "xdg-desktop-portal-1.4.2-3.3.1.ppc64le",
"product_id": "xdg-desktop-portal-1.4.2-3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "xdg-desktop-portal-devel-1.4.2-3.3.1.ppc64le",
"product": {
"name": "xdg-desktop-portal-devel-1.4.2-3.3.1.ppc64le",
"product_id": "xdg-desktop-portal-devel-1.4.2-3.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "xdg-desktop-portal-1.4.2-3.3.1.s390",
"product": {
"name": "xdg-desktop-portal-1.4.2-3.3.1.s390",
"product_id": "xdg-desktop-portal-1.4.2-3.3.1.s390"
}
},
{
"category": "product_version",
"name": "xdg-desktop-portal-devel-1.4.2-3.3.1.s390",
"product": {
"name": "xdg-desktop-portal-devel-1.4.2-3.3.1.s390",
"product_id": "xdg-desktop-portal-devel-1.4.2-3.3.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "xdg-desktop-portal-1.4.2-3.3.1.s390x",
"product": {
"name": "xdg-desktop-portal-1.4.2-3.3.1.s390x",
"product_id": "xdg-desktop-portal-1.4.2-3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "xdg-desktop-portal-devel-1.4.2-3.3.1.s390x",
"product": {
"name": "xdg-desktop-portal-devel-1.4.2-3.3.1.s390x",
"product_id": "xdg-desktop-portal-devel-1.4.2-3.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "xdg-desktop-portal-1.4.2-3.3.1.x86_64",
"product": {
"name": "xdg-desktop-portal-1.4.2-3.3.1.x86_64",
"product_id": "xdg-desktop-portal-1.4.2-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "xdg-desktop-portal-devel-1.4.2-3.3.1.x86_64",
"product": {
"name": "xdg-desktop-portal-devel-1.4.2-3.3.1.x86_64",
"product_id": "xdg-desktop-portal-devel-1.4.2-3.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.4.2-3.3.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:xdg-desktop-portal-1.4.2-3.3.1.aarch64"
},
"product_reference": "xdg-desktop-portal-1.4.2-3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.4.2-3.3.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:xdg-desktop-portal-1.4.2-3.3.1.ppc64le"
},
"product_reference": "xdg-desktop-portal-1.4.2-3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.4.2-3.3.1.s390x as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:xdg-desktop-portal-1.4.2-3.3.1.s390x"
},
"product_reference": "xdg-desktop-portal-1.4.2-3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.4.2-3.3.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:xdg-desktop-portal-1.4.2-3.3.1.x86_64"
},
"product_reference": "xdg-desktop-portal-1.4.2-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-lang-1.4.2-3.3.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:xdg-desktop-portal-lang-1.4.2-3.3.1.noarch"
},
"product_reference": "xdg-desktop-portal-lang-1.4.2-3.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.4.2-3.3.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xdg-desktop-portal-1.4.2-3.3.1.aarch64"
},
"product_reference": "xdg-desktop-portal-1.4.2-3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.4.2-3.3.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xdg-desktop-portal-1.4.2-3.3.1.ppc64le"
},
"product_reference": "xdg-desktop-portal-1.4.2-3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.4.2-3.3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xdg-desktop-portal-1.4.2-3.3.1.s390x"
},
"product_reference": "xdg-desktop-portal-1.4.2-3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.4.2-3.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xdg-desktop-portal-1.4.2-3.3.1.x86_64"
},
"product_reference": "xdg-desktop-portal-1.4.2-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-lang-1.4.2-3.3.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xdg-desktop-portal-lang-1.4.2-3.3.1.noarch"
},
"product_reference": "xdg-desktop-portal-lang-1.4.2-3.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-32462",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-32462"
}
],
"notes": [
{
"category": "general",
"text": "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument of `flatpak run` expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. However it is possible to instead pass `bwrap` arguments to `--command=`, such as `--bind`. It\u0027s possible to pass an arbitrary `commandline` to the portal interface `org.freedesktop.portal.Background.RequestBackground` from within a Flatpak app. When this is converted into a `--command` and arguments, it achieves the same effect of passing arguments directly to `bwrap`, and thus can be used for a sandbox escape. The solution is to pass the `--` argument to `bwrap`, which makes it stop processing options. This has been supported since bubblewrap 0.3.0. All supported versions of Flatpak require at least that version of bubblewrap. xdg-desktop-portal version 1.18.4 will mitigate this vulnerability by only allowing Flatpak apps to create .desktop files for commands that do not start with --. The vulnerability is patched in 1.15.8, 1.10.9, 1.12.9, and 1.14.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:xdg-desktop-portal-1.4.2-3.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:xdg-desktop-portal-1.4.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:xdg-desktop-portal-1.4.2-3.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:xdg-desktop-portal-1.4.2-3.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xdg-desktop-portal-lang-1.4.2-3.3.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xdg-desktop-portal-1.4.2-3.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xdg-desktop-portal-1.4.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xdg-desktop-portal-1.4.2-3.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xdg-desktop-portal-1.4.2-3.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xdg-desktop-portal-lang-1.4.2-3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-32462",
"url": "https://www.suse.com/security/cve/CVE-2024-32462"
},
{
"category": "external",
"summary": "SUSE Bug 1223110 for CVE-2024-32462",
"url": "https://bugzilla.suse.com/1223110"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:xdg-desktop-portal-1.4.2-3.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:xdg-desktop-portal-1.4.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:xdg-desktop-portal-1.4.2-3.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:xdg-desktop-portal-1.4.2-3.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xdg-desktop-portal-lang-1.4.2-3.3.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xdg-desktop-portal-1.4.2-3.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xdg-desktop-portal-1.4.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xdg-desktop-portal-1.4.2-3.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xdg-desktop-portal-1.4.2-3.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xdg-desktop-portal-lang-1.4.2-3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:xdg-desktop-portal-1.4.2-3.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:xdg-desktop-portal-1.4.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:xdg-desktop-portal-1.4.2-3.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:xdg-desktop-portal-1.4.2-3.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xdg-desktop-portal-lang-1.4.2-3.3.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xdg-desktop-portal-1.4.2-3.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xdg-desktop-portal-1.4.2-3.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xdg-desktop-portal-1.4.2-3.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xdg-desktop-portal-1.4.2-3.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xdg-desktop-portal-lang-1.4.2-3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-29T12:09:58Z",
"details": "important"
}
],
"title": "CVE-2024-32462"
}
]
}
SUSE-SU-2024:2067-1
Vulnerability from csaf_suse - Published: 2024-06-18 11:16 - Updated: 2024-06-18 11:16| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP6:xdg-desktop-portal-1.18.2-150600.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP6:xdg-desktop-portal-1.18.2-150600.4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP6:xdg-desktop-portal-1.18.2-150600.4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP6:xdg-desktop-portal-1.18.2-150600.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP6:xdg-desktop-portal-devel-1.18.2-150600.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP6:xdg-desktop-portal-devel-1.18.2-150600.4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP6:xdg-desktop-portal-devel-1.18.2-150600.4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP6:xdg-desktop-portal-devel-1.18.2-150600.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15 SP6:xdg-desktop-portal-lang-1.18.2-150600.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:xdg-desktop-portal-1.18.2-150600.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:xdg-desktop-portal-1.18.2-150600.4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:xdg-desktop-portal-1.18.2-150600.4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:xdg-desktop-portal-1.18.2-150600.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:xdg-desktop-portal-devel-1.18.2-150600.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:xdg-desktop-portal-devel-1.18.2-150600.4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:xdg-desktop-portal-devel-1.18.2-150600.4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:xdg-desktop-portal-devel-1.18.2-150600.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:xdg-desktop-portal-lang-1.18.2-150600.4.3.1.noarch | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xdg-desktop-portal",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xdg-desktop-portal fixes the following issues:\n\n- CVE-2024-32462: Fix arbitrary code execution outside bwrap sandbox by checking that the first commandline item doesn\u0027t start with whitespaces or a hyphen. (bsc#1223110)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-2067,SUSE-SLE-Module-Desktop-Applications-15-SP6-2024-2067,openSUSE-SLE-15.6-2024-2067",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_2067-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:2067-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20242067-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:2067-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-June/035613.html"
},
{
"category": "self",
"summary": "SUSE Bug 1223110",
"url": "https://bugzilla.suse.com/1223110"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-32462 page",
"url": "https://www.suse.com/security/cve/CVE-2024-32462/"
}
],
"title": "Security update for xdg-desktop-portal",
"tracking": {
"current_release_date": "2024-06-18T11:16:25Z",
"generator": {
"date": "2024-06-18T11:16:25Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:2067-1",
"initial_release_date": "2024-06-18T11:16:25Z",
"revision_history": [
{
"date": "2024-06-18T11:16:25Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xdg-desktop-portal-1.18.2-150600.4.3.1.aarch64",
"product": {
"name": "xdg-desktop-portal-1.18.2-150600.4.3.1.aarch64",
"product_id": "xdg-desktop-portal-1.18.2-150600.4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "xdg-desktop-portal-devel-1.18.2-150600.4.3.1.aarch64",
"product": {
"name": "xdg-desktop-portal-devel-1.18.2-150600.4.3.1.aarch64",
"product_id": "xdg-desktop-portal-devel-1.18.2-150600.4.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xdg-desktop-portal-1.18.2-150600.4.3.1.i586",
"product": {
"name": "xdg-desktop-portal-1.18.2-150600.4.3.1.i586",
"product_id": "xdg-desktop-portal-1.18.2-150600.4.3.1.i586"
}
},
{
"category": "product_version",
"name": "xdg-desktop-portal-devel-1.18.2-150600.4.3.1.i586",
"product": {
"name": "xdg-desktop-portal-devel-1.18.2-150600.4.3.1.i586",
"product_id": "xdg-desktop-portal-devel-1.18.2-150600.4.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xdg-desktop-portal-lang-1.18.2-150600.4.3.1.noarch",
"product": {
"name": "xdg-desktop-portal-lang-1.18.2-150600.4.3.1.noarch",
"product_id": "xdg-desktop-portal-lang-1.18.2-150600.4.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "xdg-desktop-portal-1.18.2-150600.4.3.1.ppc64le",
"product": {
"name": "xdg-desktop-portal-1.18.2-150600.4.3.1.ppc64le",
"product_id": "xdg-desktop-portal-1.18.2-150600.4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "xdg-desktop-portal-devel-1.18.2-150600.4.3.1.ppc64le",
"product": {
"name": "xdg-desktop-portal-devel-1.18.2-150600.4.3.1.ppc64le",
"product_id": "xdg-desktop-portal-devel-1.18.2-150600.4.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "xdg-desktop-portal-1.18.2-150600.4.3.1.s390x",
"product": {
"name": "xdg-desktop-portal-1.18.2-150600.4.3.1.s390x",
"product_id": "xdg-desktop-portal-1.18.2-150600.4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "xdg-desktop-portal-devel-1.18.2-150600.4.3.1.s390x",
"product": {
"name": "xdg-desktop-portal-devel-1.18.2-150600.4.3.1.s390x",
"product_id": "xdg-desktop-portal-devel-1.18.2-150600.4.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "xdg-desktop-portal-1.18.2-150600.4.3.1.x86_64",
"product": {
"name": "xdg-desktop-portal-1.18.2-150600.4.3.1.x86_64",
"product_id": "xdg-desktop-portal-1.18.2-150600.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "xdg-desktop-portal-devel-1.18.2-150600.4.3.1.x86_64",
"product": {
"name": "xdg-desktop-portal-devel-1.18.2-150600.4.3.1.x86_64",
"product_id": "xdg-desktop-portal-devel-1.18.2-150600.4.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-desktop-applications:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.18.2-150600.4.3.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:xdg-desktop-portal-1.18.2-150600.4.3.1.aarch64"
},
"product_reference": "xdg-desktop-portal-1.18.2-150600.4.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.18.2-150600.4.3.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:xdg-desktop-portal-1.18.2-150600.4.3.1.ppc64le"
},
"product_reference": "xdg-desktop-portal-1.18.2-150600.4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.18.2-150600.4.3.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:xdg-desktop-portal-1.18.2-150600.4.3.1.s390x"
},
"product_reference": "xdg-desktop-portal-1.18.2-150600.4.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.18.2-150600.4.3.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:xdg-desktop-portal-1.18.2-150600.4.3.1.x86_64"
},
"product_reference": "xdg-desktop-portal-1.18.2-150600.4.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-devel-1.18.2-150600.4.3.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:xdg-desktop-portal-devel-1.18.2-150600.4.3.1.aarch64"
},
"product_reference": "xdg-desktop-portal-devel-1.18.2-150600.4.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-devel-1.18.2-150600.4.3.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:xdg-desktop-portal-devel-1.18.2-150600.4.3.1.ppc64le"
},
"product_reference": "xdg-desktop-portal-devel-1.18.2-150600.4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-devel-1.18.2-150600.4.3.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:xdg-desktop-portal-devel-1.18.2-150600.4.3.1.s390x"
},
"product_reference": "xdg-desktop-portal-devel-1.18.2-150600.4.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-devel-1.18.2-150600.4.3.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:xdg-desktop-portal-devel-1.18.2-150600.4.3.1.x86_64"
},
"product_reference": "xdg-desktop-portal-devel-1.18.2-150600.4.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-lang-1.18.2-150600.4.3.1.noarch as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:xdg-desktop-portal-lang-1.18.2-150600.4.3.1.noarch"
},
"product_reference": "xdg-desktop-portal-lang-1.18.2-150600.4.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.18.2-150600.4.3.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:xdg-desktop-portal-1.18.2-150600.4.3.1.aarch64"
},
"product_reference": "xdg-desktop-portal-1.18.2-150600.4.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.18.2-150600.4.3.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:xdg-desktop-portal-1.18.2-150600.4.3.1.ppc64le"
},
"product_reference": "xdg-desktop-portal-1.18.2-150600.4.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.18.2-150600.4.3.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:xdg-desktop-portal-1.18.2-150600.4.3.1.s390x"
},
"product_reference": "xdg-desktop-portal-1.18.2-150600.4.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-1.18.2-150600.4.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:xdg-desktop-portal-1.18.2-150600.4.3.1.x86_64"
},
"product_reference": "xdg-desktop-portal-1.18.2-150600.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-devel-1.18.2-150600.4.3.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:xdg-desktop-portal-devel-1.18.2-150600.4.3.1.aarch64"
},
"product_reference": "xdg-desktop-portal-devel-1.18.2-150600.4.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-devel-1.18.2-150600.4.3.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:xdg-desktop-portal-devel-1.18.2-150600.4.3.1.ppc64le"
},
"product_reference": "xdg-desktop-portal-devel-1.18.2-150600.4.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-devel-1.18.2-150600.4.3.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:xdg-desktop-portal-devel-1.18.2-150600.4.3.1.s390x"
},
"product_reference": "xdg-desktop-portal-devel-1.18.2-150600.4.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-devel-1.18.2-150600.4.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:xdg-desktop-portal-devel-1.18.2-150600.4.3.1.x86_64"
},
"product_reference": "xdg-desktop-portal-devel-1.18.2-150600.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xdg-desktop-portal-lang-1.18.2-150600.4.3.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:xdg-desktop-portal-lang-1.18.2-150600.4.3.1.noarch"
},
"product_reference": "xdg-desktop-portal-lang-1.18.2-150600.4.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-32462",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-32462"
}
],
"notes": [
{
"category": "general",
"text": "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument of `flatpak run` expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. However it is possible to instead pass `bwrap` arguments to `--command=`, such as `--bind`. It\u0027s possible to pass an arbitrary `commandline` to the portal interface `org.freedesktop.portal.Background.RequestBackground` from within a Flatpak app. When this is converted into a `--command` and arguments, it achieves the same effect of passing arguments directly to `bwrap`, and thus can be used for a sandbox escape. The solution is to pass the `--` argument to `bwrap`, which makes it stop processing options. This has been supported since bubblewrap 0.3.0. All supported versions of Flatpak require at least that version of bubblewrap. xdg-desktop-portal version 1.18.4 will mitigate this vulnerability by only allowing Flatpak apps to create .desktop files for commands that do not start with --. The vulnerability is patched in 1.15.8, 1.10.9, 1.12.9, and 1.14.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:xdg-desktop-portal-1.18.2-150600.4.3.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:xdg-desktop-portal-1.18.2-150600.4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:xdg-desktop-portal-1.18.2-150600.4.3.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:xdg-desktop-portal-1.18.2-150600.4.3.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:xdg-desktop-portal-devel-1.18.2-150600.4.3.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:xdg-desktop-portal-devel-1.18.2-150600.4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:xdg-desktop-portal-devel-1.18.2-150600.4.3.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:xdg-desktop-portal-devel-1.18.2-150600.4.3.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:xdg-desktop-portal-lang-1.18.2-150600.4.3.1.noarch",
"openSUSE Leap 15.6:xdg-desktop-portal-1.18.2-150600.4.3.1.aarch64",
"openSUSE Leap 15.6:xdg-desktop-portal-1.18.2-150600.4.3.1.ppc64le",
"openSUSE Leap 15.6:xdg-desktop-portal-1.18.2-150600.4.3.1.s390x",
"openSUSE Leap 15.6:xdg-desktop-portal-1.18.2-150600.4.3.1.x86_64",
"openSUSE Leap 15.6:xdg-desktop-portal-devel-1.18.2-150600.4.3.1.aarch64",
"openSUSE Leap 15.6:xdg-desktop-portal-devel-1.18.2-150600.4.3.1.ppc64le",
"openSUSE Leap 15.6:xdg-desktop-portal-devel-1.18.2-150600.4.3.1.s390x",
"openSUSE Leap 15.6:xdg-desktop-portal-devel-1.18.2-150600.4.3.1.x86_64",
"openSUSE Leap 15.6:xdg-desktop-portal-lang-1.18.2-150600.4.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-32462",
"url": "https://www.suse.com/security/cve/CVE-2024-32462"
},
{
"category": "external",
"summary": "SUSE Bug 1223110 for CVE-2024-32462",
"url": "https://bugzilla.suse.com/1223110"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:xdg-desktop-portal-1.18.2-150600.4.3.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:xdg-desktop-portal-1.18.2-150600.4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:xdg-desktop-portal-1.18.2-150600.4.3.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:xdg-desktop-portal-1.18.2-150600.4.3.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:xdg-desktop-portal-devel-1.18.2-150600.4.3.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:xdg-desktop-portal-devel-1.18.2-150600.4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:xdg-desktop-portal-devel-1.18.2-150600.4.3.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:xdg-desktop-portal-devel-1.18.2-150600.4.3.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:xdg-desktop-portal-lang-1.18.2-150600.4.3.1.noarch",
"openSUSE Leap 15.6:xdg-desktop-portal-1.18.2-150600.4.3.1.aarch64",
"openSUSE Leap 15.6:xdg-desktop-portal-1.18.2-150600.4.3.1.ppc64le",
"openSUSE Leap 15.6:xdg-desktop-portal-1.18.2-150600.4.3.1.s390x",
"openSUSE Leap 15.6:xdg-desktop-portal-1.18.2-150600.4.3.1.x86_64",
"openSUSE Leap 15.6:xdg-desktop-portal-devel-1.18.2-150600.4.3.1.aarch64",
"openSUSE Leap 15.6:xdg-desktop-portal-devel-1.18.2-150600.4.3.1.ppc64le",
"openSUSE Leap 15.6:xdg-desktop-portal-devel-1.18.2-150600.4.3.1.s390x",
"openSUSE Leap 15.6:xdg-desktop-portal-devel-1.18.2-150600.4.3.1.x86_64",
"openSUSE Leap 15.6:xdg-desktop-portal-lang-1.18.2-150600.4.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:xdg-desktop-portal-1.18.2-150600.4.3.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:xdg-desktop-portal-1.18.2-150600.4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:xdg-desktop-portal-1.18.2-150600.4.3.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:xdg-desktop-portal-1.18.2-150600.4.3.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:xdg-desktop-portal-devel-1.18.2-150600.4.3.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:xdg-desktop-portal-devel-1.18.2-150600.4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:xdg-desktop-portal-devel-1.18.2-150600.4.3.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:xdg-desktop-portal-devel-1.18.2-150600.4.3.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:xdg-desktop-portal-lang-1.18.2-150600.4.3.1.noarch",
"openSUSE Leap 15.6:xdg-desktop-portal-1.18.2-150600.4.3.1.aarch64",
"openSUSE Leap 15.6:xdg-desktop-portal-1.18.2-150600.4.3.1.ppc64le",
"openSUSE Leap 15.6:xdg-desktop-portal-1.18.2-150600.4.3.1.s390x",
"openSUSE Leap 15.6:xdg-desktop-portal-1.18.2-150600.4.3.1.x86_64",
"openSUSE Leap 15.6:xdg-desktop-portal-devel-1.18.2-150600.4.3.1.aarch64",
"openSUSE Leap 15.6:xdg-desktop-portal-devel-1.18.2-150600.4.3.1.ppc64le",
"openSUSE Leap 15.6:xdg-desktop-portal-devel-1.18.2-150600.4.3.1.s390x",
"openSUSE Leap 15.6:xdg-desktop-portal-devel-1.18.2-150600.4.3.1.x86_64",
"openSUSE Leap 15.6:xdg-desktop-portal-lang-1.18.2-150600.4.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-18T11:16:25Z",
"details": "important"
}
],
"title": "CVE-2024-32462"
}
]
}
ubuntu-cve-2024-32462
Vulnerability from osv_ubuntu
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the --command argument of flatpak run expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. However it is possible to instead pass bwrap arguments to --command=, such as --bind. It's possible to pass an arbitrary commandline to the portal interface org.freedesktop.portal.Background.RequestBackground from within a Flatpak app. When this is converted into a --command and arguments, it achieves the same effect of passing arguments directly to bwrap, and thus can be used for a sandbox escape. The solution is to pass the -- argument to bwrap, which makes it stop processing options. This has been supported since bubblewrap 0.3.0. All supported versions of Flatpak require at least that version of bubblewrap. xdg-desktop-portal version 1.18.4 will mitigate this vulnerability by only allowing Flatpak apps to create .desktop files for commands that do not start with --. The vulnerability is patched in 1.15.8, 1.10.9, 1.12.9, and 1.14.6.
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "flatpak",
"binary_version": "1.0.9-0ubuntu0.4"
},
{
"binary_name": "flatpak-tests",
"binary_version": "1.0.9-0ubuntu0.4"
},
{
"binary_name": "gir1.2-flatpak-1.0",
"binary_version": "1.0.9-0ubuntu0.4"
},
{
"binary_name": "libflatpak0",
"binary_version": "1.0.9-0ubuntu0.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "flatpak",
"purl": "pkg:deb/ubuntu/flatpak@1.0.9-0ubuntu0.4?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.8.7-5",
"0.10.0-1",
"0.10.0-2",
"0.10.1-1",
"0.10.2-1",
"0.10.2.1-1",
"0.10.2.1-2",
"0.10.3-1",
"0.11.1-0ubuntu1",
"0.11.3-2",
"0.11.3-3",
"0.11.7-0ubuntu0.1",
"1.0.1-0ubuntu0.1",
"1.0.6-0ubuntu0.1",
"1.0.7-0ubuntu0.18.04.1",
"1.0.8-0ubuntu0.18.04.1",
"1.0.9-0ubuntu0.1",
"1.0.9-0ubuntu0.2",
"1.0.9-0ubuntu0.3",
"1.0.9-0ubuntu0.4"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "flatpak",
"binary_version": "1.6.5-0ubuntu0.5"
},
{
"binary_name": "flatpak-tests",
"binary_version": "1.6.5-0ubuntu0.5"
},
{
"binary_name": "gir1.2-flatpak-1.0",
"binary_version": "1.6.5-0ubuntu0.5"
},
{
"binary_name": "libflatpak0",
"binary_version": "1.6.5-0ubuntu0.5"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "flatpak",
"purl": "pkg:deb/ubuntu/flatpak@1.6.5-0ubuntu0.5?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.4.3-1",
"1.6.0-1",
"1.6.1-1",
"1.6.2-1",
"1.6.3-1",
"1.6.5-0ubuntu0.1",
"1.6.5-0ubuntu0.2",
"1.6.5-0ubuntu0.3",
"1.6.5-0ubuntu0.4",
"1.6.5-0ubuntu0.5"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "flatpak",
"binary_version": "1.12.7-1ubuntu0.1"
},
{
"binary_name": "flatpak-tests",
"binary_version": "1.12.7-1ubuntu0.1"
},
{
"binary_name": "gir1.2-flatpak-1.0",
"binary_version": "1.12.7-1ubuntu0.1"
},
{
"binary_name": "libflatpak0",
"binary_version": "1.12.7-1ubuntu0.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "flatpak",
"purl": "pkg:deb/ubuntu/flatpak@1.12.7-1ubuntu0.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.10.2-3",
"1.12.2-1",
"1.12.2-2",
"1.12.3-1",
"1.12.4-1",
"1.12.5-1",
"1.12.6-1",
"1.12.7-1",
"1.12.7-1ubuntu0.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "flatpak",
"binary_version": "1.14.6-1"
},
{
"binary_name": "flatpak-tests",
"binary_version": "1.14.6-1"
},
{
"binary_name": "gir1.2-flatpak-1.0",
"binary_version": "1.14.6-1"
},
{
"binary_name": "libflatpak0",
"binary_version": "1.14.6-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "flatpak",
"purl": "pkg:deb/ubuntu/flatpak@1.14.6-1?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.14.6-1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.14.4-2",
"1.14.5-1",
"1.14.5-1build1",
"1.14.5-1build4",
"1.14.5-1build5",
"1.14.5-1build6"
]
}
],
"aliases": [],
"details": "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument of `flatpak run` expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. However it is possible to instead pass `bwrap` arguments to `--command=`, such as `--bind`. It\u0027s possible to pass an arbitrary `commandline` to the portal interface `org.freedesktop.portal.Background.RequestBackground` from within a Flatpak app. When this is converted into a `--command` and arguments, it achieves the same effect of passing arguments directly to `bwrap`, and thus can be used for a sandbox escape. The solution is to pass the `--` argument to `bwrap`, which makes it stop processing options. This has been supported since bubblewrap 0.3.0. All supported versions of Flatpak require at least that version of bubblewrap. xdg-desktop-portal version 1.18.4 will mitigate this vulnerability by only allowing Flatpak apps to create .desktop files for commands that do not start with --. The vulnerability is patched in 1.15.8, 1.10.9, 1.12.9, and 1.14.6.",
"id": "UBUNTU-CVE-2024-32462",
"modified": "2026-04-22T07:48:47Z",
"published": "2024-04-18T18:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-32462"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32462"
},
{
"type": "REPORT",
"url": "https://www.openwall.com/lists/oss-security/2024/04/18/5"
},
{
"type": "REPORT",
"url": "https://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj"
},
{
"type": "REPORT",
"url": "https://github.com/flatpak/flatpak/commit/72016e3fce8fcbeab707daf4f1a02b931fcc004d"
},
{
"type": "REPORT",
"url": "https://github.com/flatpak/flatpak/commit/81abe2a37d363f5099c3d0bdcd0caad6efc5bf97"
},
{
"type": "REPORT",
"url": "https://github.com/flatpak/flatpak/commit/b7c1a558e58aaeb1d007d29529bbb270dc4ff11e"
},
{
"type": "REPORT",
"url": "https://github.com/flatpak/flatpak/commit/bbab7ed1e672356d1a78b422462b210e8e875931"
}
],
"related": [],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2024-32462"
]
}
WID-SEC-W-2024-1398
Vulnerability from csaf_certbund - Published: 2024-06-17 22:00 - Updated: 2025-01-08 23:00Es besteht eine Schwachstelle in Red Hat Enterprise Linux. Dieser Fehler besteht in der flatpak-Komponente aufgrund einer Argumenteninjektion, die zu einem Sandbox-Escape führt. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Code außerhalb seiner Sandbox auszuführen.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux flatpak <1.12.9
Red Hat / Enterprise Linux
|
flatpak <1.12.9 | ||
|
Red Hat Enterprise Linux flatpak <1.10.9
Red Hat / Enterprise Linux
|
flatpak <1.10.9 | ||
|
Red Hat Enterprise Linux flatpak <1.15.8
Red Hat / Enterprise Linux
|
flatpak <1.15.8 | ||
|
Red Hat Enterprise Linux 8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.6
|
8.6 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux flatpak <1.14.6
Red Hat / Enterprise Linux
|
flatpak <1.14.6 | ||
|
Red Hat Enterprise Linux 9
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9
|
9 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat Enterprise Linux 8.4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.4
|
8.4 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
Red Hat Enterprise Linux 9.2
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9.2
|
9.2 | |
|
Juniper Junos Space <24.1R2
Juniper / Junos Space
|
<24.1R2 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— |
| URL | Category |
|---|---|
| https://wid.cert-bund.de/.well-known/csaf/white/2… | self |
| https://wid.cert-bund.de/portal/wid/securityadvis… | self |
| https://access.redhat.com/errata/RHSA-2024:3959 | external |
| https://access.redhat.com/errata/RHSA-2024:3960 | external |
| https://access.redhat.com/errata/RHSA-2024:3961 | external |
| https://access.redhat.com/errata/RHSA-2024:3962 | external |
| https://access.redhat.com/errata/RHSA-2024:3963 | external |
| https://access.redhat.com/errata/RHSA-2024:3969 | external |
| https://access.redhat.com/errata/RHSA-2024:3970 | external |
| https://github.com/flatpak/flatpak/security/advis… | external |
| https://linux.oracle.com/errata/ELSA-2024-3961.html | external |
| https://linux.oracle.com/errata/ELSA-2024-3959.html | external |
| https://access.redhat.com/errata/RHSA-2024:3979 | external |
| https://access.redhat.com/errata/RHSA-2024:3980 | external |
| https://linux.oracle.com/errata/ELSA-2024-3980.html | external |
| https://lists.opensuse.org/archives/list/security… | external |
| https://security.gentoo.org/glsa/202406-02 | external |
| https://errata.build.resf.org/RLSA-2024:3961 | external |
| https://errata.build.resf.org/RLSA-2024:3959 | external |
| https://supportportal.juniper.net/s/article/2025-… | external |
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann eine Schwachstelle in Red Hat Enterprise Linux ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1398 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1398.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1398 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1398"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2024-06-17",
"url": "https://access.redhat.com/errata/RHSA-2024:3959"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2024-06-17",
"url": "https://access.redhat.com/errata/RHSA-2024:3960"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2024-06-17",
"url": "https://access.redhat.com/errata/RHSA-2024:3961"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2024-06-17",
"url": "https://access.redhat.com/errata/RHSA-2024:3962"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2024-06-17",
"url": "https://access.redhat.com/errata/RHSA-2024:3963"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2024-06-17",
"url": "https://access.redhat.com/errata/RHSA-2024:3969"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2024-06-17",
"url": "https://access.redhat.com/errata/RHSA-2024:3970"
},
{
"category": "external",
"summary": "GitHub Database",
"url": "https://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-3961 vom 2024-06-18",
"url": "https://linux.oracle.com/errata/ELSA-2024-3961.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-3959 vom 2024-06-18",
"url": "https://linux.oracle.com/errata/ELSA-2024-3959.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3979 vom 2024-06-18",
"url": "https://access.redhat.com/errata/RHSA-2024:3979"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3980 vom 2024-06-18",
"url": "https://access.redhat.com/errata/RHSA-2024:3980"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-3980 vom 2024-06-18",
"url": "https://linux.oracle.com/errata/ELSA-2024-3980.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2067-1 vom 2024-06-18",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/JWXIVLOOXGCVCPF5QAIPUOCVCAK7LTDS/"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202406-02 vom 2024-06-22",
"url": "https://security.gentoo.org/glsa/202406-02"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:3961 vom 2024-07-02",
"url": "https://errata.build.resf.org/RLSA-2024:3961"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:3959 vom 2024-07-02",
"url": "https://errata.build.resf.org/RLSA-2024:3959"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA92874 vom 2024-01-09",
"url": "https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R2-release"
}
],
"source_lang": "en-US",
"title": "Red Hat Enterprise Linux (Flatpak): Schwachstelle erm\u00f6glicht Codeausf\u00fchrung",
"tracking": {
"current_release_date": "2025-01-08T23:00:00.000+00:00",
"generator": {
"date": "2025-01-09T09:14:48.332+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.10"
}
},
"id": "WID-SEC-W-2024-1398",
"initial_release_date": "2024-06-17T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-06-17T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-06-18T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Oracle Linux und SUSE aufgenommen"
},
{
"date": "2024-06-23T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2024-07-02T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2025-01-08T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Juniper aufgenommen"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c24.1R2",
"product": {
"name": "Juniper Junos Space \u003c24.1R2",
"product_id": "T040074"
}
},
{
"category": "product_version",
"name": "24.1R2",
"product": {
"name": "Juniper Junos Space 24.1R2",
"product_id": "T040074-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:juniper:junos_space:24.1r2"
}
}
}
],
"category": "product_name",
"name": "Junos Space"
}
],
"category": "vendor",
"name": "Juniper"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "9",
"product": {
"name": "Red Hat Enterprise Linux 9",
"product_id": "T035496",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9"
}
}
},
{
"category": "product_version",
"name": "9.2",
"product": {
"name": "Red Hat Enterprise Linux 9.2",
"product_id": "T035497",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9.2"
}
}
},
{
"category": "product_version",
"name": "8",
"product": {
"name": "Red Hat Enterprise Linux 8",
"product_id": "T035498",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8"
}
}
},
{
"category": "product_version",
"name": "8.8",
"product": {
"name": "Red Hat Enterprise Linux 8.8",
"product_id": "T035499",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8.8"
}
}
},
{
"category": "product_version",
"name": "8.4",
"product": {
"name": "Red Hat Enterprise Linux 8.4",
"product_id": "T035500",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8.4"
}
}
},
{
"category": "product_version",
"name": "8.6",
"product": {
"name": "Red Hat Enterprise Linux 8.6",
"product_id": "T035501",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8.6"
}
}
},
{
"category": "product_version_range",
"name": "flatpak \u003c1.15.8",
"product": {
"name": "Red Hat Enterprise Linux flatpak \u003c1.15.8",
"product_id": "T035502"
}
},
{
"category": "product_version",
"name": "flatpak 1.15.8",
"product": {
"name": "Red Hat Enterprise Linux flatpak 1.15.8",
"product_id": "T035502-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:flatpak__1.15.8"
}
}
},
{
"category": "product_version_range",
"name": "flatpak \u003c1.10.9",
"product": {
"name": "Red Hat Enterprise Linux flatpak \u003c1.10.9",
"product_id": "T035503"
}
},
{
"category": "product_version",
"name": "flatpak 1.10.9",
"product": {
"name": "Red Hat Enterprise Linux flatpak 1.10.9",
"product_id": "T035503-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:flatpak__1.10.9"
}
}
},
{
"category": "product_version_range",
"name": "flatpak \u003c1.12.9",
"product": {
"name": "Red Hat Enterprise Linux flatpak \u003c1.12.9",
"product_id": "T035504"
}
},
{
"category": "product_version",
"name": "flatpak 1.12.9",
"product": {
"name": "Red Hat Enterprise Linux flatpak 1.12.9",
"product_id": "T035504-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:flatpak__1.12.9"
}
}
},
{
"category": "product_version_range",
"name": "flatpak \u003c1.14.6",
"product": {
"name": "Red Hat Enterprise Linux flatpak \u003c1.14.6",
"product_id": "T035505"
}
},
{
"category": "product_version",
"name": "flatpak 1.14.6",
"product": {
"name": "Red Hat Enterprise Linux flatpak 1.14.6",
"product_id": "T035505-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:flatpak__1.14.6"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-32462",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Red Hat Enterprise Linux. Dieser Fehler besteht in der flatpak-Komponente aufgrund einer Argumenteninjektion, die zu einem Sandbox-Escape f\u00fchrt. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Code au\u00dferhalb seiner Sandbox auszuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T035504",
"T035503",
"T035502",
"T035501",
"67646",
"T035505",
"T035496",
"T012167",
"T004914",
"T035500",
"T032255",
"T035499",
"T035498",
"T035497",
"T040074",
"T002207"
]
},
"release_date": "2024-06-17T22:00:00.000+00:00",
"title": "CVE-2024-32462"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.