Synopsis
Moderate: flatpak-builder security and bug fix update
Type/Severity
Security Advisory: Moderate
Red Hat Lightspeed patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for flatpak-builder is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Flatpak-builder is a tool for building flatpaks from sources.
Security Fix(es):
- flatpak: flatpak-builder --mirror-screenshots-url can access files outside the build directory (CVE-2022-21682)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.
Affected Products
-
Red Hat Enterprise Linux for x86_64 8 x86_64
-
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64
-
Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8 x86_64
-
Red Hat Enterprise Linux for IBM z Systems 8 s390x
-
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8 s390x
-
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
-
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le
-
Red Hat Enterprise Linux Server - TUS 8.8 x86_64
-
Red Hat Enterprise Linux for ARM 64 8 aarch64
-
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8 aarch64
-
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
-
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64
-
Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 x86_64
-
Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 aarch64
-
Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 ppc64le
-
Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 s390x
Fixes
-
BZ - 2041592
- CVE-2022-21682 flatpak: flatpak-builder --mirror-screenshots-url can access files outside the build directory
-
BZ - 2047312
- Update flatpak-builder to 1.0.14
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for x86_64 8
| SRPM |
|
flatpak-builder-1.0.14-2.el8.src.rpm
|
SHA-256: 9a7d27f7fbe1c47602758f77ff5406c99e82a6633dd618b7e63d943f74612f42 |
| x86_64 |
|
flatpak-builder-1.0.14-2.el8.x86_64.rpm
|
SHA-256: 300e2a892854b92679149e72e493289448ae9a7a7a71c72a6db7358c041d3b3c |
|
flatpak-builder-debuginfo-1.0.14-2.el8.x86_64.rpm
|
SHA-256: 1aa0d460c2dafce577cd6a5acbc99f6943a1f24fd2f30b62c48d1b93e9d35385 |
|
flatpak-builder-debugsource-1.0.14-2.el8.x86_64.rpm
|
SHA-256: fa357c8cbe5198f39c66e8e2eda5cca875e56e2ea094bebbc096d2dd87166702 |
Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8
| SRPM |
|
flatpak-builder-1.0.14-2.el8.src.rpm
|
SHA-256: 9a7d27f7fbe1c47602758f77ff5406c99e82a6633dd618b7e63d943f74612f42 |
| x86_64 |
|
flatpak-builder-1.0.14-2.el8.x86_64.rpm
|
SHA-256: 300e2a892854b92679149e72e493289448ae9a7a7a71c72a6db7358c041d3b3c |
|
flatpak-builder-debuginfo-1.0.14-2.el8.x86_64.rpm
|
SHA-256: 1aa0d460c2dafce577cd6a5acbc99f6943a1f24fd2f30b62c48d1b93e9d35385 |
|
flatpak-builder-debugsource-1.0.14-2.el8.x86_64.rpm
|
SHA-256: fa357c8cbe5198f39c66e8e2eda5cca875e56e2ea094bebbc096d2dd87166702 |
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8
| SRPM |
|
flatpak-builder-1.0.14-2.el8.src.rpm
|
SHA-256: 9a7d27f7fbe1c47602758f77ff5406c99e82a6633dd618b7e63d943f74612f42 |
| x86_64 |
|
flatpak-builder-1.0.14-2.el8.x86_64.rpm
|
SHA-256: 300e2a892854b92679149e72e493289448ae9a7a7a71c72a6db7358c041d3b3c |
|
flatpak-builder-debuginfo-1.0.14-2.el8.x86_64.rpm
|
SHA-256: 1aa0d460c2dafce577cd6a5acbc99f6943a1f24fd2f30b62c48d1b93e9d35385 |
|
flatpak-builder-debugsource-1.0.14-2.el8.x86_64.rpm
|
SHA-256: fa357c8cbe5198f39c66e8e2eda5cca875e56e2ea094bebbc096d2dd87166702 |
Red Hat Enterprise Linux for IBM z Systems 8
| SRPM |
|
flatpak-builder-1.0.14-2.el8.src.rpm
|
SHA-256: 9a7d27f7fbe1c47602758f77ff5406c99e82a6633dd618b7e63d943f74612f42 |
| s390x |
|
flatpak-builder-1.0.14-2.el8.s390x.rpm
|
SHA-256: eb2ba35916133f4a7d25e498967b47e0ce8b8ea2c96e804059241966257d6835 |
|
flatpak-builder-debuginfo-1.0.14-2.el8.s390x.rpm
|
SHA-256: 0af3c5785474df4200419bf4a77c04a3a0e32506f290d1a3832f3c05f2698bc8 |
|
flatpak-builder-debugsource-1.0.14-2.el8.s390x.rpm
|
SHA-256: 58f57afe644c1db25b93dac21f8b851306d8d75cee1973ba7c221ba6f2703812 |
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8
| SRPM |
|
flatpak-builder-1.0.14-2.el8.src.rpm
|
SHA-256: 9a7d27f7fbe1c47602758f77ff5406c99e82a6633dd618b7e63d943f74612f42 |
| s390x |
|
flatpak-builder-1.0.14-2.el8.s390x.rpm
|
SHA-256: eb2ba35916133f4a7d25e498967b47e0ce8b8ea2c96e804059241966257d6835 |
|
flatpak-builder-debuginfo-1.0.14-2.el8.s390x.rpm
|
SHA-256: 0af3c5785474df4200419bf4a77c04a3a0e32506f290d1a3832f3c05f2698bc8 |
|
flatpak-builder-debugsource-1.0.14-2.el8.s390x.rpm
|
SHA-256: 58f57afe644c1db25b93dac21f8b851306d8d75cee1973ba7c221ba6f2703812 |
Red Hat Enterprise Linux for Power, little endian 8
| SRPM |
|
flatpak-builder-1.0.14-2.el8.src.rpm
|
SHA-256: 9a7d27f7fbe1c47602758f77ff5406c99e82a6633dd618b7e63d943f74612f42 |
| ppc64le |
|
flatpak-builder-1.0.14-2.el8.ppc64le.rpm
|
SHA-256: 48b59f294a693b106440a22c466fa95b2b3941ca623d878702c0024d91871300 |
|
flatpak-builder-debuginfo-1.0.14-2.el8.ppc64le.rpm
|
SHA-256: cf3ed31f17ac19819a39a6d78b492fdbbd59d54bc4c9bad9bf400d09af1f6219 |
|
flatpak-builder-debugsource-1.0.14-2.el8.ppc64le.rpm
|
SHA-256: 75f108b063d814006bd17fcc99027c5cebb82c501fcf38b418731a005a6bef97 |
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8
| SRPM |
|
flatpak-builder-1.0.14-2.el8.src.rpm
|
SHA-256: 9a7d27f7fbe1c47602758f77ff5406c99e82a6633dd618b7e63d943f74612f42 |
| ppc64le |
|
flatpak-builder-1.0.14-2.el8.ppc64le.rpm
|
SHA-256: 48b59f294a693b106440a22c466fa95b2b3941ca623d878702c0024d91871300 |
|
flatpak-builder-debuginfo-1.0.14-2.el8.ppc64le.rpm
|
SHA-256: cf3ed31f17ac19819a39a6d78b492fdbbd59d54bc4c9bad9bf400d09af1f6219 |
|
flatpak-builder-debugsource-1.0.14-2.el8.ppc64le.rpm
|
SHA-256: 75f108b063d814006bd17fcc99027c5cebb82c501fcf38b418731a005a6bef97 |
Red Hat Enterprise Linux Server - TUS 8.8
| SRPM |
|
flatpak-builder-1.0.14-2.el8.src.rpm
|
SHA-256: 9a7d27f7fbe1c47602758f77ff5406c99e82a6633dd618b7e63d943f74612f42 |
| x86_64 |
|
flatpak-builder-1.0.14-2.el8.x86_64.rpm
|
SHA-256: 300e2a892854b92679149e72e493289448ae9a7a7a71c72a6db7358c041d3b3c |
|
flatpak-builder-debuginfo-1.0.14-2.el8.x86_64.rpm
|
SHA-256: 1aa0d460c2dafce577cd6a5acbc99f6943a1f24fd2f30b62c48d1b93e9d35385 |
|
flatpak-builder-debugsource-1.0.14-2.el8.x86_64.rpm
|
SHA-256: fa357c8cbe5198f39c66e8e2eda5cca875e56e2ea094bebbc096d2dd87166702 |
Red Hat Enterprise Linux for ARM 64 8
| SRPM |
|
flatpak-builder-1.0.14-2.el8.src.rpm
|
SHA-256: 9a7d27f7fbe1c47602758f77ff5406c99e82a6633dd618b7e63d943f74612f42 |
| aarch64 |
|
flatpak-builder-1.0.14-2.el8.aarch64.rpm
|
SHA-256: e05e585c651b0db34b95da9ae4313673c6e479b4eab5069300d41055f2bb9f14 |
|
flatpak-builder-debuginfo-1.0.14-2.el8.aarch64.rpm
|
SHA-256: d0d1467101fc2376411bbf34d526b53d7817a7148fad018739f1662a1d40ece0 |
|
flatpak-builder-debugsource-1.0.14-2.el8.aarch64.rpm
|
SHA-256: da649e5cab94bbeeb275b8ed453a5fa488b30550ad650b5bb05573acfd27419c |
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8
| SRPM |
|
flatpak-builder-1.0.14-2.el8.src.rpm
|
SHA-256: 9a7d27f7fbe1c47602758f77ff5406c99e82a6633dd618b7e63d943f74612f42 |
| aarch64 |
|
flatpak-builder-1.0.14-2.el8.aarch64.rpm
|
SHA-256: e05e585c651b0db34b95da9ae4313673c6e479b4eab5069300d41055f2bb9f14 |
|
flatpak-builder-debuginfo-1.0.14-2.el8.aarch64.rpm
|
SHA-256: d0d1467101fc2376411bbf34d526b53d7817a7148fad018739f1662a1d40ece0 |
|
flatpak-builder-debugsource-1.0.14-2.el8.aarch64.rpm
|
SHA-256: da649e5cab94bbeeb275b8ed453a5fa488b30550ad650b5bb05573acfd27419c |
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8
| SRPM |
|
flatpak-builder-1.0.14-2.el8.src.rpm
|
SHA-256: 9a7d27f7fbe1c47602758f77ff5406c99e82a6633dd618b7e63d943f74612f42 |
| ppc64le |
|
flatpak-builder-1.0.14-2.el8.ppc64le.rpm
|
SHA-256: 48b59f294a693b106440a22c466fa95b2b3941ca623d878702c0024d91871300 |
|
flatpak-builder-debuginfo-1.0.14-2.el8.ppc64le.rpm
|
SHA-256: cf3ed31f17ac19819a39a6d78b492fdbbd59d54bc4c9bad9bf400d09af1f6219 |
|
flatpak-builder-debugsource-1.0.14-2.el8.ppc64le.rpm
|
SHA-256: 75f108b063d814006bd17fcc99027c5cebb82c501fcf38b418731a005a6bef97 |
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8
| SRPM |
|
flatpak-builder-1.0.14-2.el8.src.rpm
|
SHA-256: 9a7d27f7fbe1c47602758f77ff5406c99e82a6633dd618b7e63d943f74612f42 |
| x86_64 |
|
flatpak-builder-1.0.14-2.el8.x86_64.rpm
|
SHA-256: 300e2a892854b92679149e72e493289448ae9a7a7a71c72a6db7358c041d3b3c |
|
flatpak-builder-debuginfo-1.0.14-2.el8.x86_64.rpm
|
SHA-256: 1aa0d460c2dafce577cd6a5acbc99f6943a1f24fd2f30b62c48d1b93e9d35385 |
|
flatpak-builder-debugsource-1.0.14-2.el8.x86_64.rpm
|
SHA-256: fa357c8cbe5198f39c66e8e2eda5cca875e56e2ea094bebbc096d2dd87166702 |
Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10
| SRPM |
|
flatpak-builder-1.0.14-2.el8.src.rpm
|
SHA-256: 9a7d27f7fbe1c47602758f77ff5406c99e82a6633dd618b7e63d943f74612f42 |
| x86_64 |
|
flatpak-builder-1.0.14-2.el8.x86_64.rpm
|
SHA-256: 300e2a892854b92679149e72e493289448ae9a7a7a71c72a6db7358c041d3b3c |
|
flatpak-builder-debuginfo-1.0.14-2.el8.x86_64.rpm
|
SHA-256: 1aa0d460c2dafce577cd6a5acbc99f6943a1f24fd2f30b62c48d1b93e9d35385 |
|
flatpak-builder-debugsource-1.0.14-2.el8.x86_64.rpm
|
SHA-256: fa357c8cbe5198f39c66e8e2eda5cca875e56e2ea094bebbc096d2dd87166702 |
Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10
| SRPM |
|
flatpak-builder-1.0.14-2.el8.src.rpm
|
SHA-256: 9a7d27f7fbe1c47602758f77ff5406c99e82a6633dd618b7e63d943f74612f42 |
| aarch64 |
|
flatpak-builder-1.0.14-2.el8.aarch64.rpm
|
SHA-256: e05e585c651b0db34b95da9ae4313673c6e479b4eab5069300d41055f2bb9f14 |
|
flatpak-builder-debuginfo-1.0.14-2.el8.aarch64.rpm
|
SHA-256: d0d1467101fc2376411bbf34d526b53d7817a7148fad018739f1662a1d40ece0 |
|
flatpak-builder-debugsource-1.0.14-2.el8.aarch64.rpm
|
SHA-256: da649e5cab94bbeeb275b8ed453a5fa488b30550ad650b5bb05573acfd27419c |
Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10
| SRPM |
|
flatpak-builder-1.0.14-2.el8.src.rpm
|
SHA-256: 9a7d27f7fbe1c47602758f77ff5406c99e82a6633dd618b7e63d943f74612f42 |
| ppc64le |
|
flatpak-builder-1.0.14-2.el8.ppc64le.rpm
|
SHA-256: 48b59f294a693b106440a22c466fa95b2b3941ca623d878702c0024d91871300 |
|
flatpak-builder-debuginfo-1.0.14-2.el8.ppc64le.rpm
|
SHA-256: cf3ed31f17ac19819a39a6d78b492fdbbd59d54bc4c9bad9bf400d09af1f6219 |
|
flatpak-builder-debugsource-1.0.14-2.el8.ppc64le.rpm
|
SHA-256: 75f108b063d814006bd17fcc99027c5cebb82c501fcf38b418731a005a6bef97 |
Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10
| SRPM |
|
flatpak-builder-1.0.14-2.el8.src.rpm
|
SHA-256: 9a7d27f7fbe1c47602758f77ff5406c99e82a6633dd618b7e63d943f74612f42 |
| s390x |
|
flatpak-builder-1.0.14-2.el8.s390x.rpm
|
SHA-256: eb2ba35916133f4a7d25e498967b47e0ce8b8ea2c96e804059241966257d6835 |
|
flatpak-builder-debuginfo-1.0.14-2.el8.s390x.rpm
|
SHA-256: 0af3c5785474df4200419bf4a77c04a3a0e32506f290d1a3832f3c05f2698bc8 |
|
flatpak-builder-debugsource-1.0.14-2.el8.s390x.rpm
|
SHA-256: 58f57afe644c1db25b93dac21f8b851306d8d75cee1973ba7c221ba6f2703812 |
