ELSA-2024-6356

ELSA-2024-6356 - bubblewrap and flatpak security update

Type:SECURITY
Impact:IMPORTANT
Release Date:2024-09-04

Description


bubblewrap
[0.4.1-7]
- Add support for --bind-fd and --ro-bind-fd (CVE-2024-42472)

flatpak
[1.12.9-3]
- Fix previous changelog entry

[1.12.9-2]
- Backport upstream patches for CVE-2024-42472
- Require bubblewrap version that has new --bind-fd option backported for
addressing CVE-2024-42472


Related CVEs


CVE-2024-42472

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 9 (aarch64) bubblewrap-0.4.1-7.el9_4.src.rpmc857d52e247250c56dbcba1ae6cfeb0b3226d4e3976b6c585dbce30745397ba6-ol9_aarch64_baseos_latest
bubblewrap-0.4.1-7.el9_4.src.rpmc857d52e247250c56dbcba1ae6cfeb0b3226d4e3976b6c585dbce30745397ba6-ol9_aarch64_u4_baseos_patch
flatpak-1.12.9-3.el9_4.src.rpmd4a785aa519f83142a8de1dcb8fccb6d7abd49eafce8355be733e4286b4e5aae-ol9_aarch64_appstream
flatpak-1.12.9-3.el9_4.src.rpmd4a785aa519f83142a8de1dcb8fccb6d7abd49eafce8355be733e4286b4e5aae-ol9_aarch64_codeready_builder
bubblewrap-0.4.1-7.el9_4.aarch64.rpm2b9941244ab9baa91051e4968255b70a17f0a1108201637066cf0792eb81281c-ol9_aarch64_baseos_latest
bubblewrap-0.4.1-7.el9_4.aarch64.rpm2b9941244ab9baa91051e4968255b70a17f0a1108201637066cf0792eb81281c-ol9_aarch64_u4_baseos_patch
flatpak-1.12.9-3.el9_4.aarch64.rpma5e6c4469efa002fa9772df98cf09ebecd5deef7026d99787c37cfb56c730d8f-ol9_aarch64_appstream
flatpak-devel-1.12.9-3.el9_4.aarch64.rpm202b500ff37dc3c62134a6d2bcce72b771ebf2fab74121739eba2333c456195b-ol9_aarch64_codeready_builder
flatpak-libs-1.12.9-3.el9_4.aarch64.rpmfc0671fccbedb289afebe041e9e1488f5bdb421037c7db46b81dd5ad43da61f1-ol9_aarch64_appstream
flatpak-selinux-1.12.9-3.el9_4.noarch.rpm16c5b62abe7eb008299c420bd41ee3175f20ce5de40b0ec27c51b8ce9ac194c9-ol9_aarch64_appstream
flatpak-session-helper-1.12.9-3.el9_4.aarch64.rpm2e0ba318e24cd58ebc0c58e4290d8a5a98a2c39a4beb7a3b3baaed8da62adcc6-ol9_aarch64_appstream
Oracle Linux 9 (x86_64) bubblewrap-0.4.1-7.el9_4.src.rpmc857d52e247250c56dbcba1ae6cfeb0b3226d4e3976b6c585dbce30745397ba6-ol9_x86_64_baseos_latest
bubblewrap-0.4.1-7.el9_4.src.rpmc857d52e247250c56dbcba1ae6cfeb0b3226d4e3976b6c585dbce30745397ba6-ol9_x86_64_u4_baseos_patch
flatpak-1.12.9-3.el9_4.src.rpmd4a785aa519f83142a8de1dcb8fccb6d7abd49eafce8355be733e4286b4e5aae-ol9_x86_64_appstream
flatpak-1.12.9-3.el9_4.src.rpmd4a785aa519f83142a8de1dcb8fccb6d7abd49eafce8355be733e4286b4e5aae-ol9_x86_64_codeready_builder
bubblewrap-0.4.1-7.el9_4.x86_64.rpm38efddefb792e669a6d2629fd241c4ce906f27451b1b87bdb7981086c99dc1c5-ol9_x86_64_baseos_latest
bubblewrap-0.4.1-7.el9_4.x86_64.rpm38efddefb792e669a6d2629fd241c4ce906f27451b1b87bdb7981086c99dc1c5-ol9_x86_64_u4_baseos_patch
flatpak-1.12.9-3.el9_4.i686.rpm9a15427e945071ac087a33d2cce38772c31c1fa7c1b9389fd37059fa31de1026-ol9_x86_64_codeready_builder
flatpak-1.12.9-3.el9_4.x86_64.rpmd9ba02327d244561c5d8d27eeb69b346cb93d532db0f48e04d01ee1cd57d152a-ol9_x86_64_appstream
flatpak-devel-1.12.9-3.el9_4.i686.rpm80ef28a46184437a05f132bd733a8a4fd6488bd7d463b16df447ac510deec1cd-ol9_x86_64_codeready_builder
flatpak-devel-1.12.9-3.el9_4.x86_64.rpm2906a7d03081e1c02b7f81d6ecca9d52c6830cfe24e765672d8637eb4418a531-ol9_x86_64_codeready_builder
flatpak-libs-1.12.9-3.el9_4.i686.rpm059412f00cdf96a584c8d3c09cf3f7a1ca208aac5671c3ab493ac8fb6f3e4f87-ol9_x86_64_appstream
flatpak-libs-1.12.9-3.el9_4.x86_64.rpmf65e6b5bbfb57f5431ca41fdae310b2dee2ca78dea6723b76bca7d34cda0f2d9-ol9_x86_64_appstream
flatpak-selinux-1.12.9-3.el9_4.noarch.rpm16c5b62abe7eb008299c420bd41ee3175f20ce5de40b0ec27c51b8ce9ac194c9-ol9_x86_64_appstream
flatpak-session-helper-1.12.9-3.el9_4.i686.rpm5f4fe7278a989f78761b3a152a632b1e6aa91d457c3881f7f13cd434ed14a1f3-ol9_x86_64_codeready_builder
flatpak-session-helper-1.12.9-3.el9_4.x86_64.rpm174148aa4cec48d74be76547eb89027c3fe1a8b0b6648b888f6361c55f18be21-ol9_x86_64_appstream



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete