[Apollo] Advisories Statistics light light Login

RLSA-2026:21755

Security Mirrored from RHSA-2026:21755
Issued at: 2026-06-05
Updated at: 2026-06-05

Synopsis

Important: flatpak security update



Description

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.

Security Fix(es):

* flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options (CVE-2026-34078)

* flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation (CVE-2026-34079)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Affected products

Rocky Linux 9 aarch64 Rocky Linux 9 ppc64le Rocky Linux 9 s390x Rocky Linux 9 x86_64

Fixes

2456276 2456284

CVEs

CVE-2026-34078 CVE-2026-34079

Affected packages

Rocky Linux 9 aarch64 - AppStream

flatpak-0:1.12.9-4.el9_8.1.aarch64.rpm flatpak-0:1.12.9-4.el9_8.1.src.rpm flatpak-debuginfo-0:1.12.9-4.el9_8.1.aarch64.rpm flatpak-debugsource-0:1.12.9-4.el9_8.1.aarch64.rpm flatpak-libs-0:1.12.9-4.el9_8.1.aarch64.rpm flatpak-libs-debuginfo-0:1.12.9-4.el9_8.1.aarch64.rpm flatpak-selinux-0:1.12.9-4.el9_8.1.noarch.rpm flatpak-session-helper-0:1.12.9-4.el9_8.1.aarch64.rpm flatpak-session-helper-debuginfo-0:1.12.9-4.el9_8.1.aarch64.rpm

Rocky Linux 9 x86_64 - CRB

flatpak-0:1.12.9-4.el9_8.1.i686.rpm flatpak-devel-0:1.12.9-4.el9_8.1.i686.rpm flatpak-devel-0:1.12.9-4.el9_8.1.x86_64.rpm flatpak-session-helper-0:1.12.9-4.el9_8.1.i686.rpm flatpak-session-helper-debuginfo-0:1.12.9-4.el9_8.1.i686.rpm

Rocky Linux 9 ppc64le - AppStream

flatpak-0:1.12.9-4.el9_8.1.ppc64le.rpm flatpak-0:1.12.9-4.el9_8.1.src.rpm flatpak-debuginfo-0:1.12.9-4.el9_8.1.ppc64le.rpm flatpak-debugsource-0:1.12.9-4.el9_8.1.ppc64le.rpm flatpak-libs-0:1.12.9-4.el9_8.1.ppc64le.rpm flatpak-libs-debuginfo-0:1.12.9-4.el9_8.1.ppc64le.rpm flatpak-selinux-0:1.12.9-4.el9_8.1.noarch.rpm flatpak-session-helper-0:1.12.9-4.el9_8.1.ppc64le.rpm flatpak-session-helper-debuginfo-0:1.12.9-4.el9_8.1.ppc64le.rpm

Rocky Linux 9 s390x - AppStream

flatpak-0:1.12.9-4.el9_8.1.s390x.rpm flatpak-0:1.12.9-4.el9_8.1.src.rpm flatpak-debuginfo-0:1.12.9-4.el9_8.1.s390x.rpm flatpak-debugsource-0:1.12.9-4.el9_8.1.s390x.rpm flatpak-libs-0:1.12.9-4.el9_8.1.s390x.rpm flatpak-libs-debuginfo-0:1.12.9-4.el9_8.1.s390x.rpm flatpak-selinux-0:1.12.9-4.el9_8.1.noarch.rpm flatpak-session-helper-0:1.12.9-4.el9_8.1.s390x.rpm flatpak-session-helper-debuginfo-0:1.12.9-4.el9_8.1.s390x.rpm

Rocky Linux 9 x86_64 - AppStream

flatpak-0:1.12.9-4.el9_8.1.src.rpm flatpak-0:1.12.9-4.el9_8.1.x86_64.rpm flatpak-debuginfo-0:1.12.9-4.el9_8.1.i686.rpm flatpak-debuginfo-0:1.12.9-4.el9_8.1.x86_64.rpm flatpak-debugsource-0:1.12.9-4.el9_8.1.i686.rpm flatpak-debugsource-0:1.12.9-4.el9_8.1.x86_64.rpm flatpak-libs-0:1.12.9-4.el9_8.1.i686.rpm flatpak-libs-0:1.12.9-4.el9_8.1.x86_64.rpm flatpak-libs-debuginfo-0:1.12.9-4.el9_8.1.i686.rpm flatpak-libs-debuginfo-0:1.12.9-4.el9_8.1.x86_64.rpm flatpak-selinux-0:1.12.9-4.el9_8.1.noarch.rpm flatpak-session-helper-0:1.12.9-4.el9_8.1.x86_64.rpm flatpak-session-helper-debuginfo-0:1.12.9-4.el9_8.1.x86_64.rpm

Rocky Linux 9 aarch64 - CRB

flatpak-devel-0:1.12.9-4.el9_8.1.aarch64.rpm

Rocky Linux 9 ppc64le - CRB

flatpak-devel-0:1.12.9-4.el9_8.1.ppc64le.rpm

Rocky Linux 9 s390x - CRB

flatpak-devel-0:1.12.9-4.el9_8.1.s390x.rpm