Flatpak Product Security Update Advisory

Apr 22 2024

Overview

We have released a security update to address a vulnerability in Flatpak products. users of affected products are advised to update to the latest version.

Affected Products

Flatpak

versions prior to 1.10.9
versions 1.12.x prior to 1.12.9
versions 1.14.x prior to 1.14.6
versions 1.15.x prior to 1.15.8

*occurs when using xdg-desktop-portal with Flatpak

Resolved Vulnerabilities

Sandbox Escape Vulnerability via RequestBackground Portal and Argument Injection (CVE-2024-32462)

Vulnerability Patches

Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

Flatpak

1.10.x at least version 1.10.9 or later
1.12.x with version 1.12.9 or at least
version 1.14.6 or at least 1.14.6 of 1.14.x
version 1.15.8

Referenced Sites

[1] CVE-2024-32462: Sandbox escape via RequestBackground portal and CWE-88

https://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj

[2] [SECURITY] Fedora 40 Update: flatpak-1.15.8-1.fc40

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFNSCFJVMAQK5AF55JBN7OSJP3CREDBD/

Flatpak Product Security Update Advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Google Chrome Browser (124.0.6367.60/.61) Security Update Advisory

WordPress Forminator plugin security update advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

Google Chrome Browser (124.0.6367.60/.61) Security Update Advisory

WordPress Forminator plugin security update advisory