Linux Distros Unpatched Vulnerability : CVE-2024-32462

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a...

Linux Distros Unpatched Vulnerability : CVE-2020-13753

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONENEWUSER and the TIOCSTI ioctl. CLONENEWUSER could...

SUSE: Security Advisory (SUSE-SU-2024:3104-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

bubblewrap and flatpak security update

An update is available for flatpak. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Bubblewrap /usr/bin/bwrap is a core execution engine for unprivileged...

RLSA-2024:6356 Important: bubblewrap and flatpak security update

Bubblewrap /usr/bin/bwrap is a core execution engine for unprivileged containers that works as a setuid binary on kernels without user namespaces. Security Fixes: flatpak: Access to files outside sandbox for apps using persistent= --persist CVE-2024-42472 For more details about the security issue...

Advisory ROSA-SA-2025-2837

Software: bubblewrap 0.4.0 OS: ROSA Virtualization 2.1 packageevrstring: bubblewrap-0.4.0-2.rv3 CVE-ID: CVE-2024-42472 BDU-ID: 2024-06671 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Flatpak application and environment management tool is related to improper neutralization of special output...

Advisory ROSA-SA-2025-2793

Software: bubblewrap 0.4.0 OS: ROSA Virtualization 3.0 packageevrstring: bubblewrap-0.4.0-2.rv30 CVE-ID: CVE-2024-42472 BDU-ID: 2024-06671 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Flatpak application and environment management tool is related to improper neutralization of special output...

[SECURITY] [DLA 4099-1] flatpak security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4099-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk March 31, 2025 https://wiki.debian.org/LTS -...

Debian dla-4099 : flatpak - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4099 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4099-1 [email protected] https://www.debian.org/lts/security/...

CLSA-2025-1741291194 flatpak: Fix of CVE-2024-42472

CVE-2024-42472: patch Flatpak to include the new --bind-fd option in bubblewrap to prevent symlink attacks on persistent directories...

CLSA-2025-1741125454 bubblewrap: Fix of CVE-2024-42472

fix CVE-2024-42472 in flatpak by adding --bind-fd and --ro-bind-fd options in in bubblewrap, enabling race-free bind mounts using an OPATH file descriptor instead of a direct path...

Linux Distros Unpatched Vulnerability : CVE-2019-12439

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bubblewrap.c in Bubblewrap before 0.3.3 misuses temporary directories in /tmp as a mount point. In some particular configurations related to XDGRUNTIMEDIR, a...

SUSE SLED15 / SLES15 / openSUSE 15 : Recommended update for bubblewrap, flatpak, wayland-protocols (SUSE-SU-SUSE-RU-2025:0145-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-SUSE-RU-2025:0145-1 advisory. This update for bubblewrap, flatpak updates flatpak to 1.16.0. flatpak changes: - Update...

SUSE-RU-2025:0145-1 Recommended update for bubblewrap, flatpak, wayland-protocols

This update for bubblewrap, flatpak updates flatpak to 1.16.0. flatpak changes: - Update to version 1.16.0: + Bug fixes: - Update libglnx to 2024-12-06: . Fix an assertion failure if creating a parent directory encounters a dangling symlink. . Fix a Meson warning. . Don't emit terminal progress...

RLSA-2024:9449 Important: bubblewrap and flatpak security update

Bubblewrap /usr/bin/bwrap is a core execution engine for unprivileged containers that works as a setuid binary on kernels without user namespaces. Security Fixes: flatpak: Access to files outside sandbox for apps using persistent= --persist CVE-2024-42472 For more details about the security issue...

bubblewrap bug fix and enhancement update

An update is available for bubblewrap. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9...

RockyLinux 9 : bubblewrap and flatpak (RLSA-2024:9449)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:9449 advisory. flatpak: Access to files outside sandbox for apps using persistent= --persist CVE-2024-42472 Tenable has extracted the preceding description block directly from t...

bubblewrap and flatpak security update

bubblewrap 0.4.1-8 - Backport upstream fix to help address CVE-2024-42472 in flatpak flatpak 1.12.9-3 - Fix previous changelog entry 1.12.9-2 - Backport upstream patches for CVE-2024-42472 - Require bubblewrap version that has new --bind-fd option backported for addressing CVE-2024-42472...

RHSA-2024:9449 Red Hat Security Advisory: bubblewrap and flatpak security update

Bulletin has no description...

Important: Red Hat Security Advisory: bubblewrap and flatpak security update

An update for bubblewrap and flatpak is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...