Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Lightspeed
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Lightspeed
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2026:30901 - Security Advisory
Issued:
2026-06-29
Updated:
2026-06-29

RHSA-2026:30901 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: flatpak security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for flatpak is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.

Security Fix(es):

  • flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options (CVE-2026-34078)
  • flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation (CVE-2026-34079)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.4 x86_64

Fixes

  • BZ - 2456276 - CVE-2026-34078 flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options
  • BZ - 2456284 - CVE-2026-34079 flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation

CVEs

  • CVE-2026-34078
  • CVE-2026-34079

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4

SRPM
flatpak-1.12.9-2.el8_4.src.rpm SHA-256: d7af51ab37440080cea29dfedcac075b625a75c05118cf56f7a4ac3f10d665fc
x86_64
flatpak-1.12.9-2.el8_4.x86_64.rpm SHA-256: 4bae9b874fea94e08eb67fdddef3f766056e5635628c3ca5501a8659a0a65d60
flatpak-debuginfo-1.12.9-2.el8_4.i686.rpm SHA-256: de6146d43b9f450ac79bb04f22f0537a96804573da8864f3bae15a4c3954ffef
flatpak-debuginfo-1.12.9-2.el8_4.x86_64.rpm SHA-256: 9d238c597cacfa3148e4d993051960d4817e116185dfe09060612e4fd13bd31b
flatpak-debugsource-1.12.9-2.el8_4.i686.rpm SHA-256: 514183fb631bcc9938699decee700213b4f0d6ed4f22ea174fd53a5d1da43627
flatpak-debugsource-1.12.9-2.el8_4.x86_64.rpm SHA-256: fd38e03d0b938793f2997f9635c60d27f520b79e1554a48eefe2805c01b4af13
flatpak-libs-1.12.9-2.el8_4.i686.rpm SHA-256: c06e187d0e3fd4a50e1d338366751009909c5ef0de124b8612b402b7a9eca330
flatpak-libs-1.12.9-2.el8_4.x86_64.rpm SHA-256: 915762079b78f62e781dc4b61a4f6412051f29949c3a604ec68c84e1851b203b
flatpak-libs-debuginfo-1.12.9-2.el8_4.i686.rpm SHA-256: 84f9f26d64940f0221608d358a1f27b26a255c843f9e350884a7755dc8618b27
flatpak-libs-debuginfo-1.12.9-2.el8_4.x86_64.rpm SHA-256: d7434261df7bcd20884eb2438de7a0e8beda756553f21fe1b9e59fe14a8308fc
flatpak-selinux-1.12.9-2.el8_4.noarch.rpm SHA-256: 4b1560d801df4f1925954b3983c7c88d1cc35bc3800153762a2ef70ccef28a01
flatpak-session-helper-1.12.9-2.el8_4.x86_64.rpm SHA-256: 7eac502ba69a6aa2ce36789551cd6d9989c22d6b0fbdd205d5492f5fb9c21d02
flatpak-session-helper-debuginfo-1.12.9-2.el8_4.i686.rpm SHA-256: 9c3e85f65edfb4b26cbe81a23707e3fb8fe1fd406dff6dd822b64fa43caf7d88
flatpak-session-helper-debuginfo-1.12.9-2.el8_4.x86_64.rpm SHA-256: fc0a775d0bfac5ce487ae12ebb77ddf0d6919151ad3398129be76e4ca25711ba
flatpak-tests-debuginfo-1.12.9-2.el8_4.i686.rpm SHA-256: 86f020081209a44019c831eaebc7dafdccad11aa411efe8f06925616d63404c7
flatpak-tests-debuginfo-1.12.9-2.el8_4.x86_64.rpm SHA-256: ea8062a5c1a1a5ba4753e8e65680a6326c4691997873289b12f933ff9bea6955

Red Hat Enterprise Linux Server - AUS 8.4

SRPM
flatpak-1.12.9-2.el8_4.src.rpm SHA-256: d7af51ab37440080cea29dfedcac075b625a75c05118cf56f7a4ac3f10d665fc
x86_64
flatpak-1.12.9-2.el8_4.x86_64.rpm SHA-256: 4bae9b874fea94e08eb67fdddef3f766056e5635628c3ca5501a8659a0a65d60
flatpak-debuginfo-1.12.9-2.el8_4.i686.rpm SHA-256: de6146d43b9f450ac79bb04f22f0537a96804573da8864f3bae15a4c3954ffef
flatpak-debuginfo-1.12.9-2.el8_4.x86_64.rpm SHA-256: 9d238c597cacfa3148e4d993051960d4817e116185dfe09060612e4fd13bd31b
flatpak-debugsource-1.12.9-2.el8_4.i686.rpm SHA-256: 514183fb631bcc9938699decee700213b4f0d6ed4f22ea174fd53a5d1da43627
flatpak-debugsource-1.12.9-2.el8_4.x86_64.rpm SHA-256: fd38e03d0b938793f2997f9635c60d27f520b79e1554a48eefe2805c01b4af13
flatpak-libs-1.12.9-2.el8_4.i686.rpm SHA-256: c06e187d0e3fd4a50e1d338366751009909c5ef0de124b8612b402b7a9eca330
flatpak-libs-1.12.9-2.el8_4.x86_64.rpm SHA-256: 915762079b78f62e781dc4b61a4f6412051f29949c3a604ec68c84e1851b203b
flatpak-libs-debuginfo-1.12.9-2.el8_4.i686.rpm SHA-256: 84f9f26d64940f0221608d358a1f27b26a255c843f9e350884a7755dc8618b27
flatpak-libs-debuginfo-1.12.9-2.el8_4.x86_64.rpm SHA-256: d7434261df7bcd20884eb2438de7a0e8beda756553f21fe1b9e59fe14a8308fc
flatpak-selinux-1.12.9-2.el8_4.noarch.rpm SHA-256: 4b1560d801df4f1925954b3983c7c88d1cc35bc3800153762a2ef70ccef28a01
flatpak-session-helper-1.12.9-2.el8_4.x86_64.rpm SHA-256: 7eac502ba69a6aa2ce36789551cd6d9989c22d6b0fbdd205d5492f5fb9c21d02
flatpak-session-helper-debuginfo-1.12.9-2.el8_4.i686.rpm SHA-256: 9c3e85f65edfb4b26cbe81a23707e3fb8fe1fd406dff6dd822b64fa43caf7d88
flatpak-session-helper-debuginfo-1.12.9-2.el8_4.x86_64.rpm SHA-256: fc0a775d0bfac5ce487ae12ebb77ddf0d6919151ad3398129be76e4ca25711ba
flatpak-tests-debuginfo-1.12.9-2.el8_4.i686.rpm SHA-256: 86f020081209a44019c831eaebc7dafdccad11aa411efe8f06925616d63404c7
flatpak-tests-debuginfo-1.12.9-2.el8_4.x86_64.rpm SHA-256: ea8062a5c1a1a5ba4753e8e65680a6326c4691997873289b12f933ff9bea6955

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2026 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility