ELSA-2024-6356

ULN >
Oracle Linux Errata repository >
ELSA-2024-6356

ELSA-2024-6356 - bubblewrap and flatpak security update

Type:	SECURITY
Severity:	IMPORTANT
Release Date:	2024-09-04

Description

bubblewrap
[0.4.1-7]
- Add support for --bind-fd and --ro-bind-fd (CVE-2024-42472)

flatpak
[1.12.9-3]
- Fix previous changelog entry

[1.12.9-2]
- Backport upstream patches for CVE-2024-42472
- Require bubblewrap version that has new --bind-fd option backported for
addressing CVE-2024-42472

Related CVEs

CVE-2024-42472

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	bubblewrap-0.4.1-7.el9_4.src.rpm	d8e67fe63488340d61600dedb109375c	-	ol9_aarch64_baseos_latest
	bubblewrap-0.4.1-7.el9_4.src.rpm	d8e67fe63488340d61600dedb109375c	-	ol9_aarch64_u4_baseos_patch
	flatpak-1.12.9-3.el9_4.src.rpm	d83ff9b318dd64be25eeaf526874d7be	-	ol9_aarch64_appstream
	flatpak-1.12.9-3.el9_4.src.rpm	d83ff9b318dd64be25eeaf526874d7be	-	ol9_aarch64_codeready_builder
	bubblewrap-0.4.1-7.el9_4.aarch64.rpm	33432370aa4f2891d254e770f0550034	-	ol9_aarch64_baseos_latest
	bubblewrap-0.4.1-7.el9_4.aarch64.rpm	33432370aa4f2891d254e770f0550034	-	ol9_aarch64_u4_baseos_patch
	flatpak-1.12.9-3.el9_4.aarch64.rpm	71b8f9aecab2683e199c2e96aa2da29c	-	ol9_aarch64_appstream
	flatpak-devel-1.12.9-3.el9_4.aarch64.rpm	e5025987d8e60d06c14c1e69afc83d14	-	ol9_aarch64_codeready_builder
	flatpak-libs-1.12.9-3.el9_4.aarch64.rpm	3a85f826b49c154666547e4e04b3ff3a	-	ol9_aarch64_appstream
	flatpak-selinux-1.12.9-3.el9_4.noarch.rpm	285282ef5fc2c30ae0b5d3113c22ae8d	-	ol9_aarch64_appstream
	flatpak-session-helper-1.12.9-3.el9_4.aarch64.rpm	a76ad56a81e2ed2fb84437dd04674629	-	ol9_aarch64_appstream

Oracle Linux 9 (x86_64)	bubblewrap-0.4.1-7.el9_4.src.rpm	d8e67fe63488340d61600dedb109375c	-	ol9_x86_64_baseos_latest
	bubblewrap-0.4.1-7.el9_4.src.rpm	d8e67fe63488340d61600dedb109375c	-	ol9_x86_64_u4_baseos_patch
	flatpak-1.12.9-3.el9_4.src.rpm	d83ff9b318dd64be25eeaf526874d7be	-	ol9_x86_64_appstream
	flatpak-1.12.9-3.el9_4.src.rpm	d83ff9b318dd64be25eeaf526874d7be	-	ol9_x86_64_codeready_builder
	bubblewrap-0.4.1-7.el9_4.x86_64.rpm	dc4742f70e9387cbfe9a97e807af2536	-	ol9_x86_64_baseos_latest
	bubblewrap-0.4.1-7.el9_4.x86_64.rpm	dc4742f70e9387cbfe9a97e807af2536	-	ol9_x86_64_u4_baseos_patch
	flatpak-1.12.9-3.el9_4.i686.rpm	de0bc7eeedb0bad9aa0acdbe4ad38fb8	-	ol9_x86_64_codeready_builder
	flatpak-1.12.9-3.el9_4.x86_64.rpm	28ac01cbddf08a05ad17539be55dbb36	-	ol9_x86_64_appstream
	flatpak-devel-1.12.9-3.el9_4.i686.rpm	ac05d1d790131d5d8e18e20dfb91a574	-	ol9_x86_64_codeready_builder
	flatpak-devel-1.12.9-3.el9_4.x86_64.rpm	a58955f073dafd1f7704e750769c6f45	-	ol9_x86_64_codeready_builder
	flatpak-libs-1.12.9-3.el9_4.i686.rpm	33d46297b495e7321336d24b8fd8abbe	-	ol9_x86_64_appstream
	flatpak-libs-1.12.9-3.el9_4.x86_64.rpm	3a17fa075b215459075235e68ec6ccca	-	ol9_x86_64_appstream
	flatpak-selinux-1.12.9-3.el9_4.noarch.rpm	285282ef5fc2c30ae0b5d3113c22ae8d	-	ol9_x86_64_appstream
	flatpak-session-helper-1.12.9-3.el9_4.i686.rpm	da91ba0454e469208cb74e0340008103	-	ol9_x86_64_codeready_builder
	flatpak-session-helper-1.12.9-3.el9_4.x86_64.rpm	094281c47436b8b056c3125040f6011f	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

Oracle customers - enter a support request
Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691