ELSA-2026-21755

ULN >
Oracle Linux Errata repository >
ELSA-2026-21755

ELSA-2026-21755 - flatpak security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2026-06-23

Description

[1.12.9-4.1]
- Fix arbitrary code execution via crafted symlinks in sandbox-expose options
Resolves: RHEL-165643
- Fix arbitrary file deletion on host via improper cache file path validation
Resolves: RHEL-170171

Related CVEs

CVE-2026-34078

CVE-2026-34079

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	flatpak-1.12.9-4.el9_8.1.src.rpm	410fe6947ab61a7b7d4f4f21820abf66dfde28007e2136e232cdcd9320772af0	-	ol9_aarch64_appstream
	flatpak-1.12.9-4.el9_8.1.src.rpm	410fe6947ab61a7b7d4f4f21820abf66dfde28007e2136e232cdcd9320772af0	-	ol9_aarch64_codeready_builder
	flatpak-1.12.9-4.el9_8.1.aarch64.rpm	39a100f43f94e556f06c58faf15cc00c541dcd0641ef59d3d2e83ac8f06a227b	-	ol9_aarch64_appstream
	flatpak-devel-1.12.9-4.el9_8.1.aarch64.rpm	d585d174897b674297417bc190247a12d389155d3eb437a29b80d0945a94b221	-	ol9_aarch64_codeready_builder
	flatpak-libs-1.12.9-4.el9_8.1.aarch64.rpm	d0ac2a6becacf5e49bc2eb27eb3d779f56dd6a511a7ce876b02405ed3235672e	-	ol9_aarch64_appstream
	flatpak-selinux-1.12.9-4.el9_8.1.noarch.rpm	fbf3085c25a37e9b4737dc8d23e941ba4babd9114f7b10450841f3c909d0d302	-	ol9_aarch64_appstream
	flatpak-session-helper-1.12.9-4.el9_8.1.aarch64.rpm	920d5a6a78d3d5aabf9636f47120b6e30b3421205158581dc9d49f49a071cdeb	-	ol9_aarch64_appstream

Oracle Linux 9 (x86_64)	flatpak-1.12.9-4.el9_8.1.src.rpm	410fe6947ab61a7b7d4f4f21820abf66dfde28007e2136e232cdcd9320772af0	-	ol9_x86_64_appstream
	flatpak-1.12.9-4.el9_8.1.src.rpm	410fe6947ab61a7b7d4f4f21820abf66dfde28007e2136e232cdcd9320772af0	-	ol9_x86_64_codeready_builder
	flatpak-1.12.9-4.el9_8.1.i686.rpm	1f448b4e7f4b28c9bef66af5e906c23bb16b3497a38702a9b4380f88899de24c	-	ol9_x86_64_codeready_builder
	flatpak-1.12.9-4.el9_8.1.x86_64.rpm	9d110a7970648d93802844d58268514a56837d4fb10f7095522e3fc5d00c83db	-	ol9_x86_64_appstream
	flatpak-devel-1.12.9-4.el9_8.1.i686.rpm	3e5ee7370ba2fc9f2a1d74db0ebc00f5ab10e190e9d4a8ec64114194a926a190	-	ol9_x86_64_codeready_builder
	flatpak-devel-1.12.9-4.el9_8.1.x86_64.rpm	214eb39ea363e76adda17f4d497724bdb4af425ee02c9e8595ba81da98b4e870	-	ol9_x86_64_codeready_builder
	flatpak-libs-1.12.9-4.el9_8.1.i686.rpm	5c22c606383b14adae8d6806f3926b8b500b25556ee2ad492e41192335b3de4d	-	ol9_x86_64_appstream
	flatpak-libs-1.12.9-4.el9_8.1.x86_64.rpm	38c3ad93421fc0548785ed010bd336da6e65611b39dd872a3bbddb719fe6637d	-	ol9_x86_64_appstream
	flatpak-selinux-1.12.9-4.el9_8.1.noarch.rpm	fbf3085c25a37e9b4737dc8d23e941ba4babd9114f7b10450841f3c909d0d302	-	ol9_x86_64_appstream
	flatpak-session-helper-1.12.9-4.el9_8.1.i686.rpm	3ba5d8616e41310c9fb7842d26aedeaf429dff043d33d07f0a4162c74c14e126	-	ol9_x86_64_codeready_builder
	flatpak-session-helper-1.12.9-4.el9_8.1.x86_64.rpm	6c4bc9e259a1144904cfa8d8c9c91a779920e224bd57cb60305b6eb912a1e1b7	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691