- Issued:
- 2024-09-12
- Updated:
- 2024-09-12
RHBA-2024:6651 - Bug Fix Advisory
Synopsis
Updated rhel9/flatpak-runtime and rhel9/flatpak-sdk container images update
Type/Severity
Bug Fix Advisory
Topic
Updated rhel9/flatpak-runtime and rhel9/flatpak-sdk container images are now available in the Red Hat container registry.
Description
Flatpak is a system for running graphical applications as containers. A Flatpak application has access to content from two container images - the application itself, and the runtime image. To build against a particular runtime image, a corresponding SDK image is used.
flatpak-runtime provides the runtime image and flatpak-sdk provides the SDK image.
This updates the rhel9/flatpak-runtime and the rhel9/flatpak-sdk container images in the Red Hat container registry.
Solution
To install and use Red Hat Enterprise Linux Flatpak content available in the the Red Hat Container Catalog, make sure that you have the latest version of the Flatpak client installed on your system:
yum update flatpak
After updating the Flatpak packages, add the Flatpak remote to your system. This enables the Flatpak client and gnome-software to find RHEL Flatpak content available on the Red Hat Container Catalog:
flatpak remote-add rhel https://flatpaks.redhat.io/rhel.flatpakrepo
Provide the credentials for your Red Hat Enterprise Linux account:
podman login registry.redhat.io
Podman only saves credentials until the user logs out. To save your credentials permanently, run:
cp $XDG_RUNTIME_DIR/containers/auth.json $HOME/.config/flatpak/oci-auth.json
To enable the RHEL Flatpak remote for a set of workstations within an organization, you should use a Registry Service Account. Credentials can be installed system-wide at /etc/flatpak/oci-auth.json.
Then, you can install the runtime and the SDK:
flatpak install rhel com.redhat.Platform//el8
flatpak install rhel com.redhat.Sdk//el8
Generally, you do not need to install the runtime explicitly. It is installed along with an application that uses it.
If you have previously installed the runtime or SDK, you can update to the latest version by running:
flatpak update
The SDK is used by using flatpak-builder with a manifest that includes:
{
[...]
"runtime": "com.redhat.Platform",
"runtime-version": "el8",
"sdk": "com.redhat.Sdk",
}
For more information about the image, search the <image_name> in the Red Hat Ecosystem Catalog: https://catalog.redhat.com/software/containers/search.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64
- Red Hat Enterprise Linux Server - AUS 9.6 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64
- Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64
- Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x
Fixes
- BZ - 2279632 - CVE-2024-34397 glib2: Signal subscription vulnerabilities
- BZ - 2292836 - CVE-2024-38428 wget: Misinterpretation of input may lead to improper behavior
- BZ - 2293942 - CVE-2024-39331 emacs: org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code
- BZ - 2294676 - CVE-2024-37371 krb5: GSS message token handling
- BZ - 2294677 - CVE-2024-37370 krb5: GSS message token handling
- BZ - 2300010 - CVE-2024-40897 orc: Stack-based buffer overflow vulnerability in ORC
- BZ - 2302255 - CVE-2024-6923 cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection
CVEs
- CVE-2023-52771
- CVE-2023-52880
- CVE-2024-6923
- CVE-2024-26581
- CVE-2024-26668
- CVE-2024-26810
- CVE-2024-26855
- CVE-2024-26908
- CVE-2024-26925
- CVE-2024-27016
- CVE-2024-27019
- CVE-2024-27020
- CVE-2024-27415
- CVE-2024-34397
- CVE-2024-35839
- CVE-2024-35896
- CVE-2024-35897
- CVE-2024-35898
- CVE-2024-35962
- CVE-2024-36003
- CVE-2024-36025
- CVE-2024-37370
- CVE-2024-37371
- CVE-2024-38428
- CVE-2024-38538
- CVE-2024-38540
- CVE-2024-38544
- CVE-2024-38579
- CVE-2024-38608
- CVE-2024-39331
- CVE-2024-39476
- CVE-2024-40897
- CVE-2024-40905
- CVE-2024-40911
- CVE-2024-40912
- CVE-2024-40914
- CVE-2024-40929
- CVE-2024-40939
- CVE-2024-40941
- CVE-2024-40957
- CVE-2024-40978
- CVE-2024-40983
- CVE-2024-41041
- CVE-2024-41076
- CVE-2024-41090
- CVE-2024-41091
- CVE-2024-42110
- CVE-2024-42152
x86_64
| rhel9/flatpak-runtime@sha256:56b3c2ed106c16c021cd1f885b3250b4c9df0913ee81f13caae410d681cb814b |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
