ELSA-2026-21756

ULN >
Oracle Linux Errata repository >
ELSA-2026-21756

ELSA-2026-21756 - flatpak security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2026-05-28

Description

[1.12.9-4]
- Fix arbitrary code execution via crafted symlinks in sandbox-expose options
Resolves: RHEL-165633
- Fix arbitrary file deletion on host via improper cache file path validation
Resolves: RHEL-170160

Related CVEs

CVE-2026-34078

CVE-2026-34079

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	flatpak-1.12.9-4.el8_10.src.rpm	0df943c89e425c210feae0dc769c6080f1c20f9c3a6e7c8045c80db26ff9549b	-	ol8_aarch64_appstream
	flatpak-1.12.9-4.el8_10.src.rpm	0df943c89e425c210feae0dc769c6080f1c20f9c3a6e7c8045c80db26ff9549b	-	ol8_aarch64_codeready_builder
	flatpak-1.12.9-4.el8_10.aarch64.rpm	aa42e35d22e349ba3cde11877eea3a82082c6509b4153568cb998119173543e3	-	ol8_aarch64_appstream
	flatpak-devel-1.12.9-4.el8_10.aarch64.rpm	9abc27a0b354a30836a1d65e861264a7d0b2ce4a97048772dd62d5c869a81b26	-	ol8_aarch64_codeready_builder
	flatpak-libs-1.12.9-4.el8_10.aarch64.rpm	dd86c5e329c244f80849a0b5b9b4574921b73b47e95ea1dcc59366791e2f836d	-	ol8_aarch64_appstream
	flatpak-selinux-1.12.9-4.el8_10.noarch.rpm	90a119616a1d6455eb799179f833b33efa3130433ab1342bb01674fa513faaa8	-	ol8_aarch64_appstream
	flatpak-session-helper-1.12.9-4.el8_10.aarch64.rpm	83568837fd19f31fbbadba406f14859ecf9adf74a1953c497d314f6ce81bd0f1	-	ol8_aarch64_appstream

Oracle Linux 8 (x86_64)	flatpak-1.12.9-4.el8_10.src.rpm	0df943c89e425c210feae0dc769c6080f1c20f9c3a6e7c8045c80db26ff9549b	-	ol8_x86_64_appstream
	flatpak-1.12.9-4.el8_10.src.rpm	0df943c89e425c210feae0dc769c6080f1c20f9c3a6e7c8045c80db26ff9549b	-	ol8_x86_64_codeready_builder
	flatpak-1.12.9-4.el8_10.i686.rpm	004cbe39f853dddd97d292c8ca99b3bfd680e48ce6302a0e04d28737d000c05c	-	ol8_x86_64_codeready_builder
	flatpak-1.12.9-4.el8_10.x86_64.rpm	1c9cf7ddb4a9ee32226d6714846f1c803c8e3c808fa8b381a1228d51fcb2d196	-	ol8_x86_64_appstream
	flatpak-devel-1.12.9-4.el8_10.i686.rpm	7a81cd6023b79206451f32b0404c30cd7908a29ddcaa51f1a8d8a3f05d5b3e03	-	ol8_x86_64_codeready_builder
	flatpak-devel-1.12.9-4.el8_10.x86_64.rpm	6e3c61a78e9348b8155448cc6fb823e677c255da35d43c08bc1a52fcbe36db3a	-	ol8_x86_64_codeready_builder
	flatpak-libs-1.12.9-4.el8_10.i686.rpm	eadeb7bed56c4183eebd1aa60c34d58c5a3f0c642f23f7742b6a3a7180dab82d	-	ol8_x86_64_appstream
	flatpak-libs-1.12.9-4.el8_10.x86_64.rpm	0ebab6f4b3c03e3779232ccc32712af700226894eaa69412141307e4867200a8	-	ol8_x86_64_appstream
	flatpak-selinux-1.12.9-4.el8_10.noarch.rpm	90a119616a1d6455eb799179f833b33efa3130433ab1342bb01674fa513faaa8	-	ol8_x86_64_appstream
	flatpak-session-helper-1.12.9-4.el8_10.i686.rpm	1bae1c1a78f0801bf3add6c4f3419833f9cc81d3508839aeb2d94a45a66c1a8f	-	ol8_x86_64_codeready_builder
	flatpak-session-helper-1.12.9-4.el8_10.x86_64.rpm	7d5a57991855c381196f89280f0ea85e9ba8f70ff8e12e45d7b6064182c92a4a	-	ol8_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691