CLSA-2026-1777890711 flatpak: Fix of CVE-2026-34079

CVE-2026-34079: fix arbitrary host file deletion via app-controlled ld.so cache symlink in flatpakswitchsymlinkandremove...

SUSE SLES15 Security Update : flatpak (SUSE-SU-2026:1541-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1541-1 advisory. - CVE-2026-34078: improper processing of app-controlled symlinks by sandbox-expose can lead to sandbox escape, host file access and...

SUSE CVE-2026-34078

Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled symlinks pointing at arbitrary paths. Flatpak run mounts the resolved host path in the sandbox. This gives apps access ...

Flatpak 安全漏洞

Flatpak is an open-source system developed by Flatpak for building, distributing, and running sandboxed desktop applications on Linux. Versions of Flatpak prior to 1.16.4 contained a security vulnerability. This vulnerability stemmed from the sandbox-expose option accepting symbolic links that we...