51 matches found
[SECURITY] Fedora 44 Update: flatpak-builder-1.4.8-1.fc44
Flatpak-builder is a tool for building flatpaks from sources. See https://flatpak.org/ for more information...
Fedora 44 : flatpak-builder (2026-5e62b78a0c)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-5e62b78a0c advisory. This update includes a fix for CVE-2026-39977. See also: the upstream advisory Tenable has extracted the preceding description block directly from the Fedora...
[SECURITY] Fedora 42 Update: flatpak-builder-1.4.8-1.fc42
Flatpak-builder is a tool for building flatpaks from sources. See https://flatpak.org/ for more information...
[SECURITY] Fedora 43 Update: flatpak-builder-1.4.8-1.fc43
Flatpak-builder is a tool for building flatpaks from sources. See https://flatpak.org/ for more information...
Fedora 42 : flatpak-builder (2026-631b9d535c)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-631b9d535c advisory. This update includes a fix for CVE-2026-39977. See also: the upstream advisory Tenable has extracted the preceding description block directly from the Fedora...
Fedora 43 : flatpak-builder (2026-25ff246b4f)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-25ff246b4f advisory. This update includes a fix for CVE-2026-39977. See also: the upstream advisory Tenable has extracted the preceding description block directly from the Fedora...
OPENSUSE-SU-2026:10590-1 flatpak-builder-1.4.8-1.1 on GA media
These are all security issues fixed in the flatpak-builder-1.4.8-1.1 package on the GA media of openSUSE Tumbleweed...
Linux Distros Unpatched Vulnerability : CVE-2026-39977
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - flatpak-builder is a tool to build flatpaks from source. From 1.4.5 to before 1.4.8, the license-files manifest key takes an array of paths to user defined...
CVE-2026-39977
A flaw was found in flatpak-builder. A specially crafted manifest or source can bypass path restrictions by using symbolic links within the license-files field, allowing the builder to follow paths outside the intended source directory, reading arbitrary files from the host system and including...
SUSE CVE-2026-39977
flatpak-builder is a tool to build flatpaks from source. From 1.4.5 to before 1.4.8, the license-files manifest key takes an array of paths to user defined licence files relative to the source directory of the module. The paths from that array are resolved using gfileresolverelativepath and...
DEBIAN-CVE-2026-39977
flatpak-builder is a tool to build flatpaks from source. From 1.4.5 to before 1.4.8, the license-files manifest key takes an array of paths to user defined licence files relative to the source directory of the module. The paths from that array are resolved using gfileresolverelativepath and...
CVE-2026-39977
flatpak-builder is a tool to build flatpaks from source. From 1.4.5 to before 1.4.8, the license-files manifest key takes an array of paths to user defined licence files relative to the source directory of the module. The paths from that array are resolved using gfileresolverelativepath and...
CVE-2026-39977
flatpak-builder is a tool to build flatpaks from source. From 1.4.5 to before 1.4.8, the license-files manifest key takes an array of paths to user defined licence files relative to the source directory of the module. The paths from that array are resolved using gfileresolverelativepath and...
UBUNTU-CVE-2026-39977
flatpak-builder is a tool to build flatpaks from source. From 1.4.5 to before 1.4.8, the license-files manifest key takes an array of paths to user defined licence files relative to the source directory of the module. The paths from that array are resolved using gfileresolverelativepath and...
CVE-2026-39977
The CVE concerns flatpak-builder (versions 1.4.5–1.4.7) where the license-files manifest key accepts an array of paths relative to the module source. Paths are validated using two checks, but the final path component and symlink handling can allow path traversal. The copy operation runs on the ho...
CVE-2026-39977 flatpak-builder has a path traversal leading to arbitrary file read on host when installing licence files
flatpak-builder is a tool to build flatpaks from source. From 1.4.5 to before 1.4.8, the license-files manifest key takes an array of paths to user defined licence files relative to the source directory of the module. The paths from that array are resolved using gfileresolverelativepath and...
CVE-2026-39977
flatpak-builder is a tool to build flatpaks from source. From 1.4.5 to before 1.4.8, the license-files manifest key takes an array of paths to user defined licence files relative to the source directory of the module. The paths from that array are resolved using gfileresolverelativepath and...
CVE-2026-39977
flatpak-builder is a tool to build flatpaks from source. From 1.4.5 to before 1.4.8, the license-files manifest key takes an array of paths to user defined licence files relative to the source directory of the module. The paths from that array are resolved using gfileresolverelativepath and...
CVE-2026-39977
flatpak-builder is a tool to build flatpaks from source. From 1.4.5 to before 1.4.8, the license-files manifest key takes an array of paths to user defined licence files relative to the source directory of the module. The paths from that array are resolved using gfileresolverelativepath and...
EUVD-2026-21045
flatpak-builder is a tool to build flatpaks from source. From 1.4.5 to before 1.4.8, the license-files manifest key takes an array of paths to user defined licence files relative to the source directory of the module. The paths from that array are resolved using gfileresolverelativepath and...