This update for xdg-desktop-portal fixes the following issue:
* CVE-2026-40354: File deletion via symlink attack (bsc#1262045).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2105=1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* xdg-desktop-portal-1.10.1-150400.3.11.1
* xdg-desktop-portal-debugsource-1.10.1-150400.3.11.1
* xdg-desktop-portal-debuginfo-1.10.1-150400.3.11.1
* xdg-desktop-portal-devel-1.10.1-150400.3.11.1
* openSUSE Leap 15.4 (noarch)
* xdg-desktop-portal-lang-1.10.1-150400.3.11.1
* bsc#1262045
## References:
* https://www.suse.com/security/cve/CVE-2026-40354.html
* https://bugzilla.suse.com/show_bug.cgi?id=1262045
Get the latest Linux and open source security news straight to your inbox.