525 matches found
Security update for xdg-desktop-portal
This update for xdg-desktop-portal fixes the following issue: CVE-2026-40354: File deletion via symlink attack bsc1262045. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command...
SUSE-SU-2026:2105-1 Security update for xdg-desktop-portal
This update for xdg-desktop-portal fixes the following issue: - CVE-2026-40354: File deletion via symlink attack bsc1262045...
USN-8167-2 xdg-dbus-proxy vulnerability
USN-8167-1 fixed a vulnerability in xdg-dbus-proxy. This update provides the corresponding update for Ubuntu 20.04 LTS. Original advisory details: It was discovered that xdg-dbus-proxy incorrectly handled eavesdropping in policy rules. A local attacker could possibly use this issue to intercept...
USN-8167-2: xdg-dbus-proxy vulnerability
USN-8167-1 fixed a vulnerability in xdg-dbus-proxy. This update provides the corresponding update for Ubuntu 20.04 LTS. Original advisory details: It was discovered that xdg-dbus-proxy incorrectly handled eavesdropping in policy rules. A local attacker could possibly use this issue to intercept...
Ubuntu 24.04 LTS / 25.10 : XDG Desktop Portal vulnerability (USN-8287-1)
The remote Ubuntu 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8287-1 advisory. It was discovered that XDG Desktop Portal incorrectly handled trashing files. A local attacker could possibly use this issue to delete arbitrary files on...
USN-8287-1: XDG Desktop Portal vulnerability
It was discovered that XDG Desktop Portal incorrectly handled trashing files. A local attacker could possibly use this issue to delete arbitrary files on the host file system via a symlink attack...
USN-8287-1 xdg-desktop-portal vulnerability
It was discovered that XDG Desktop Portal incorrectly handled trashing files. A local attacker could possibly use this issue to delete arbitrary files on the host file system via a symlink attack...
Astra Linux - уязвимость в flatpak
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak application could execute arbitrary code outside its sandbox. Normally, the --command argument of flatpak...
Amazon Linux 2023 : xdg-desktop-portal, xdg-desktop-portal-devel (ALAS2023-2026-1669)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1669 advisory. Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Flatpak app to trash any file in the host context via a symlink attack on gfiletrash. CVE-2026-40354 Tenable has extracted t...
OESA-2026-2287 xdg-dbus-proxy security update
xdg-dbus-proxy is a filtering proxy for D-Bus connections. It was originally part of the flatpak project, but it has been broken out as a standalone module to facilitate using it in other contexts. Security Fixes: xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy...
OESA-2026-2286 xdg-dbus-proxy security update
xdg-dbus-proxy is a filtering proxy for D-Bus connections. It was originally part of the flatpak project, but it has been broken out as a standalone module to facilitate using it in other contexts. Security Fixes: xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy...
Medium: xdg-desktop-portal
Issue Overview: Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Flatpak app to trash any file in the host context via a symlink attack on gfiletrash. CVE-2026-40354 Affected Packages: xdg-desktop-portal Note: This advisory is applicable to Amazon Linux 2 AL2 Core...
Amazon Linux 2 : xdg-desktop-portal, --advisory ALAS2-2026-3298 (ALAS-2026-3298)
The version of xdg-desktop-portal installed on the remote host is prior to 1.0.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3298 advisory. Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Flatpak app to trash any file in the host...
OESA-2026-2213 xdg-dbus-proxy security update
xdg-dbus-proxy is a filtering proxy for D-Bus connections. It was originally part of the flatpak project, but it has been broken out as a standalone module to facilitate using it in other contexts. Security Fixes: xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy...
OESA-2026-2212 xdg-dbus-proxy security update
xdg-dbus-proxy is a filtering proxy for D-Bus connections. It was originally part of the flatpak project, but it has been broken out as a standalone module to facilitate using it in other contexts. Security Fixes: xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy...
OESA-2026-2184 xdg-desktop-portal security update
xdg-desktop-portal works by exposing a series of D-Bus interfaces known as portals under a well-known name org.freedesktop.portal.Desktop and object path /org/freedesktop/portal/desktop. The portal interfaces include APIs for file access, opening URIs, printing and others. Security Fixes: Flatpak...
OESA-2026-2182 xdg-desktop-portal security update
xdg-desktop-portal works by exposing a series of D-Bus interfaces known as portals under a well-known name org.freedesktop.portal.Desktop and object path /org/freedesktop/portal/desktop. The portal interfaces include APIs for file access, opening URIs, printing and others. Security Fixes: Flatpak...
OESA-2026-2183 xdg-desktop-portal security update
xdg-desktop-portal works by exposing a series of D-Bus interfaces known as portals under a well-known name org.freedesktop.portal.Desktop and object path /org/freedesktop/portal/desktop. The portal interfaces include APIs for file access, opening URIs, printing and others. Security Fixes: Flatpak...
[SECURITY] Fedora 42 Update: xdg-dbus-proxy-0.1.7-1.fc42
xdg-dbus-proxy is a filtering proxy for D-Bus connections. It was originally part of the flatpak project, but it has been broken out as a standalone module to facilitate using it in other contexts...
Fedora 42 : xdg-dbus-proxy (2026-adc66b374a)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-adc66b374a advisory. Update the package, including fix for CVE-2026-34080. See also: upstream security advisory Tenable has extracted the preceding description block directly fro...