Explore top 10 tips to secure your open-source projects now. Read More
×
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-21757 http://linux.oracle.com/errata/ELSA-2026-21757.html The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network: x86_64: flatpak-1.16.0-9.el10_2.1.x86_64.rpm flatpak-devel-1.16.0-9.el10_2.1.x86_64.rpm flatpak-libs-1.16.0-9.el10_2.1.x86_64.rpm flatpak-selinux-1.16.0-9.el10_2.1.noarch.rpm flatpak-session-helper-1.16.0-9.el10_2.1.x86_64.rpm aarch64: flatpak-1.16.0-9.el10_2.1.aarch64.rpm flatpak-devel-1.16.0-9.el10_2.1.aarch64.rpm flatpak-libs-1.16.0-9.el10_2.1.aarch64.rpm flatpak-selinux-1.16.0-9.el10_2.1.noarch.rpm flatpak-session-helper-1.16.0-9.el10_2.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol10/SRPMS-updates/flatpak-1.16.0-9.el10_2.1.src.rpm Related CVEs: CVE-2026-34078 CVE-2026-34079 Description of changes: [1.16.0-9.1] - Fix arbitrary code execution via crafted symlinks in sandbox-expose options Resolves: RHEL-165630 - Fix arbitrary file deletion on host via improper cache file path validation Resolves: RHEL-170157 _______________________________________________ El-errata mailing list
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-21755 http://linux.oracle.com/errata/ELSA-2026-21755.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: flatpak-1.12.9-4.el9_8.1.i686.rpm flatpak-1.12.9-4.el9_8.1.x86_64.rpm flatpak-devel-1.12.9-4.el9_8.1.i686.rpm flatpak-devel-1.12.9-4.el9_8.1.x86_64.rpm flatpak-libs-1.12.9-4.el9_8.1.i686.rpm flatpak-libs-1.12.9-4.el9_8.1.x86_64.rpm flatpak-selinux-1.12.9-4.el9_8.1.noarch.rpm flatpak-session-helper-1.12.9-4.el9_8.1.i686.rpm flatpak-session-helper-1.12.9-4.el9_8.1.x86_64.rpm aarch64: flatpak-1.12.9-4.el9_8.1.aarch64.rpm flatpak-devel-1.12.9-4.el9_8.1.aarch64.rpm flatpak-libs-1.12.9-4.el9_8.1.aarch64.rpm flatpak-selinux-1.12.9-4.el9_8.1.noarch.rpm flatpak-session-helper-1.12.9-4.el9_8.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/flatpak-1.12.9-4.el9_8.1.src.rpm Related CVEs: CVE-2026-34078 CVE-2026-34079 Description of changes: [1.12.9-4.1] - Fix arbitrary code execution via crafted symlinks in sandbox-expose options Resolves: RHEL-165643 - Fix arbitrary file deletion on host via improper cache file path validation Resolves: RHEL-170171 _______________________________________________ El-errata mailing list
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-21756 http://linux.oracle.com/errata/ELSA-2026-21756.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: flatpak-1.12.9-4.el8_10.i686.rpm flatpak-1.12.9-4.el8_10.x86_64.rpm flatpak-devel-1.12.9-4.el8_10.i686.rpm flatpak-devel-1.12.9-4.el8_10.x86_64.rpm flatpak-libs-1.12.9-4.el8_10.i686.rpm flatpak-libs-1.12.9-4.el8_10.x86_64.rpm flatpak-selinux-1.12.9-4.el8_10.noarch.rpm flatpak-session-helper-1.12.9-4.el8_10.i686.rpm flatpak-session-helper-1.12.9-4.el8_10.x86_64.rpm aarch64: flatpak-1.12.9-4.el8_10.aarch64.rpm flatpak-devel-1.12.9-4.el8_10.aarch64.rpm flatpak-libs-1.12.9-4.el8_10.aarch64.rpm flatpak-selinux-1.12.9-4.el8_10.noarch.rpm flatpak-session-helper-1.12.9-4.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/flatpak-1.12.9-4.el8_10.src.rpm Related CVEs: CVE-2026-34078 CVE-2026-34079 Description of changes: [1.12.9-4] - Fix arbitrary code execution via crafted symlinks in sandbox-expose options Resolves: RHEL-165633 - Fix arbitrary file deletion on host via improper cache file path validation Resolves: RHEL-170160 _______________________________________________ El-errata mailing list
MGASA-2026-0133 - Updated flatpak packages fix security vulnerabilities. MGASA-2026-0133 - Updated flatpak packages fix security vulnerabilities Publication date: 14 May 2026 URL: https://advisories.mageia.org/MGASA-2026-0133.html Type: security Affected Mageia releases: 9 CVE: CVE-2026-34078, CVE-2026-34079 Description: Complete sandbox escape leading to host file access and code execution in the host context. (CVE-2026-34078) Arbitrary file deletion on the host filesystem. (CVE-2026-34079) References: - https://bugs.mageia.org/show_bug.cgi?id=35336 - https://www.openwall.com/lists/oss-security/2026/04/09/3 - https://github.com/flatpak/flatpak/security/advisories/GHSA-cc2q-qc34-jprg - https://github.com/flatpak/flatpak/security/advisories/GHSA-p29x-r292-46pp - https://github.com/flatpak/flatpak/security/advisories/GHSA-2fxp-43j9-pwvc - https://github.com/flatpak/flatpak/security/advisories/GHSA-89xm-3m96-w3jg - https://lists.debian.org/debian-security-announce/2026/msg00133.html - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34078 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34079 SRPMS: - 9/core/flatpak-1.14.10-1.1.mga9 . Updated flatpak packages for Mageia address critical sandbox escape and arbitrary file access issues.. Mageia flatpak security update sandbox escape arbitrary file deletion. . Severity: Important. LinuxSecurity.com Team
An update that solves two vulnerabilities can now be installed.. # Security update for flatpak Announcement ID: SUSE-SU-2026:1713-1 Release Date: 2026-05-06T12:06:56Z Rating: important References: * bsc#1261769 * bsc#1261770 Cross-References: * CVE-2026-34078 * CVE-2026-34079 CVSS scores: * CVE-2026-34078 ( SUSE ): 6.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H * CVE-2026-34078 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34078 ( NVD ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34078 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2026-34079 ( SUSE ): 4.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N * CVE-2026-34079 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L * CVE-2026-34079 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34079 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-34079 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for flatpak fixes the following issues: * CVE-2026-34078: Arbitrary code execution via crafted symlinks in sandbox- expose options (bsc#1261769). * CVE-2026-34079: Arbitrary file deletion on host via improper cache file path validation (bsc#1261770). ## Patch Instructions: To install this SUSEupdate use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1713=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1713=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libflatpak0-1.4.2-3.12.2 * typelib-1_0-Flatpak-1_0-1.4.2-3.12.2 * flatpak-debugsource-1.4.2-3.12.2 * libflatpak0-debuginfo-1.4.2-3.12.2 * flatpak-debuginfo-1.4.2-3.12.2 * flatpak-1.4.2-3.12.2 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libflatpak0-1.4.2-3.12.2 * typelib-1_0-Flatpak-1_0-1.4.2-3.12.2 * flatpak-debugsource-1.4.2-3.12.2 * libflatpak0-debuginfo-1.4.2-3.12.2 * flatpak-debuginfo-1.4.2-3.12.2 * flatpak-1.4.2-3.12.2 ## References: * https://www.suse.com/security/cve/CVE-2026-34078.html * https://www.suse.com/security/cve/CVE-2026-34079.html * https://bugzilla.suse.com/show_bug.cgi?id=1261769 * https://bugzilla.suse.com/show_bug.cgi?id=1261770 . Arbitrary code execution and file deletion vulnerabilities in flatpak fixed in SUSE Linux update.. SUSE update, flatpak security, code execution risk, file deletion issue. . Severity: Important. LinuxSecurity.com Team
Update to 1.16.6 Fixes for CVE-2026-34078, CVE-2026-34079, GHSA-2fxp-43j9-pwvc and GHSA-89xm-3m96-w3jg. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-2a3e305ac4 2026-04-28 01:11:18.587345+00:00 -------------------------------------------------------------------------------- Name : flatpak Product : Fedora 42 Version : 1.16.6 Release : 1.fc42 URL : https://flatpak.org/ Summary : Application deployment framework for desktop apps Description : flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information. -------------------------------------------------------------------------------- Update Information: Update to 1.16.6 Fixes for CVE-2026-34078, CVE-2026-34079, GHSA-2fxp-43j9-pwvc and GHSA-89xm-3m96-w3jg -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 10 2026 Michael Catanzaro - 1.16.6-1 - Update to 1.16.6 * Wed Apr 8 2026 David King - 1.16.4-1 - Update to 1.16.4 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2456383 - CVE-2026-34078 flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2456383 [ 2 ] Bug #2456394 - CVE-2026-34079 flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2456394 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-2a3e305ac4' at the command line. For more information, refer to the dnf documentation availableat http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
An update that solves two vulnerabilities can now be installed.. # Security update for flatpak Announcement ID: SUSE-SU-2026:1600-1 Release Date: 2026-04-24T11:46:10Z Rating: important References: * bsc#1261769 * bsc#1261770 Cross-References: * CVE-2026-34078 * CVE-2026-34079 CVSS scores: * CVE-2026-34078 ( SUSE ): 6.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H * CVE-2026-34078 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34078 ( NVD ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34079 ( SUSE ): 4.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N * CVE-2026-34079 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L * CVE-2026-34079 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34079 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-34079 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * Desktop Applications Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for flatpak fixes the following issues: * CVE-2026-34078: Arbitrary code execution via crafted symlinks in sandbox- expose options (bsc#1261769). * CVE-2026-34079: Arbitrary file deletion on host via improper cache file path validation (bsc#1261770). ##Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1600=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-1600=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1600=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1600=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * flatpak-1.16.0-150600.3.9.1 * typelib-1_0-Flatpak-1_0-1.16.0-150600.3.9.1 * libflatpak0-1.16.0-150600.3.9.1 * flatpak-debuginfo-1.16.0-150600.3.9.1 * libflatpak0-debuginfo-1.16.0-150600.3.9.1 * flatpak-devel-1.16.0-150600.3.9.1 * flatpak-debugsource-1.16.0-150600.3.9.1 * openSUSE Leap 15.6 (noarch) * flatpak-zsh-completion-1.16.0-150600.3.9.1 * system-user-flatpak-1.16.0-150600.3.9.1 * flatpak-remote-flathub-1.16.0-150600.3.9.1 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * flatpak-1.16.0-150600.3.9.1 * typelib-1_0-Flatpak-1_0-1.16.0-150600.3.9.1 * libflatpak0-1.16.0-150600.3.9.1 * flatpak-debuginfo-1.16.0-150600.3.9.1 * libflatpak0-debuginfo-1.16.0-150600.3.9.1 * flatpak-devel-1.16.0-150600.3.9.1 * flatpak-debugsource-1.16.0-150600.3.9.1 * Desktop Applications Module 15-SP7 (noarch) * flatpak-zsh-completion-1.16.0-150600.3.9.1 * system-user-flatpak-1.16.0-150600.3.9.1 * flatpak-remote-flathub-1.16.0-150600.3.9.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * flatpak-1.16.0-150600.3.9.1 * typelib-1_0-Flatpak-1_0-1.16.0-150600.3.9.1 * libflatpak0-1.16.0-150600.3.9.1 * flatpak-debuginfo-1.16.0-150600.3.9.1 * libflatpak0-debuginfo-1.16.0-150600.3.9.1 * flatpak-devel-1.16.0-150600.3.9.1 * flatpak-debugsource-1.16.0-150600.3.9.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * flatpak-zsh-completion-1.16.0-150600.3.9.1 * system-user-flatpak-1.16.0-150600.3.9.1 * flatpak-remote-flathub-1.16.0-150600.3.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * flatpak-1.16.0-150600.3.9.1 * typelib-1_0-Flatpak-1_0-1.16.0-150600.3.9.1 * libflatpak0-1.16.0-150600.3.9.1 * flatpak-debuginfo-1.16.0-150600.3.9.1 * libflatpak0-debuginfo-1.16.0-150600.3.9.1 * flatpak-devel-1.16.0-150600.3.9.1 * flatpak-debugsource-1.16.0-150600.3.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * flatpak-zsh-completion-1.16.0-150600.3.9.1 * system-user-flatpak-1.16.0-150600.3.9.1 * flatpak-remote-flathub-1.16.0-150600.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34078.html * https://www.suse.com/security/cve/CVE-2026-34079.html * https://bugzilla.suse.com/show_bug.cgi?id=1261769 * https://bugzilla.suse.com/show_bug.cgi?id=1261770 . Update for flatpak addresses important issues including arbitrary file deletion and code execution exploits.. flatpak security update, SUSE vulnerabilities, application patching security, Linux application security. . Severity: Important. LinuxSecurity.com Team
An update that solves two vulnerabilities can now be installed.. # Security update for flatpak Announcement ID: SUSE-SU-2026:1541-1 Release Date: 2026-04-22T07:22:36Z Rating: important References: * bsc#1261769 * bsc#1261770 Cross-References: * CVE-2026-34078 * CVE-2026-34079 CVSS scores: * CVE-2026-34078 ( SUSE ): 6.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H * CVE-2026-34078 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34078 ( NVD ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34079 ( SUSE ): 4.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N * CVE-2026-34079 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L * CVE-2026-34079 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34079 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-34079 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for flatpak fixes the following issues: * CVE-2026-34078: improper processing of app-controlled symlinks by sandbox- expose can lead to sandbox escape, host file access and code execution in the host context (bsc#1261769). * CVE-2026-34079: improper removal of outdated cache filesallows for arbitrary file deletion on the host filesystem (bsc#1261770). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1541=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1541=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1541=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1541=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1541=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libflatpak0-1.16.0-150500.3.18.1 * flatpak-debuginfo-1.16.0-150500.3.18.1 * flatpak-debugsource-1.16.0-150500.3.18.1 * flatpak-devel-1.16.0-150500.3.18.1 * flatpak-1.16.0-150500.3.18.1 * libflatpak0-debuginfo-1.16.0-150500.3.18.1 * typelib-1_0-Flatpak-1_0-1.16.0-150500.3.18.1 * openSUSE Leap 15.5 (noarch) * flatpak-zsh-completion-1.16.0-150500.3.18.1 * flatpak-remote-flathub-1.16.0-150500.3.18.1 * system-user-flatpak-1.16.0-150500.3.18.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libflatpak0-1.16.0-150500.3.18.1 * flatpak-debuginfo-1.16.0-150500.3.18.1 * flatpak-debugsource-1.16.0-150500.3.18.1 * flatpak-devel-1.16.0-150500.3.18.1 * flatpak-1.16.0-150500.3.18.1 * libflatpak0-debuginfo-1.16.0-150500.3.18.1 * typelib-1_0-Flatpak-1_0-1.16.0-150500.3.18.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * flatpak-zsh-completion-1.16.0-150500.3.18.1 * flatpak-remote-flathub-1.16.0-150500.3.18.1 *system-user-flatpak-1.16.0-150500.3.18.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libflatpak0-1.16.0-150500.3.18.1 * flatpak-debuginfo-1.16.0-150500.3.18.1 * flatpak-debugsource-1.16.0-150500.3.18.1 * flatpak-devel-1.16.0-150500.3.18.1 * flatpak-1.16.0-150500.3.18.1 * libflatpak0-debuginfo-1.16.0-150500.3.18.1 * typelib-1_0-Flatpak-1_0-1.16.0-150500.3.18.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * flatpak-zsh-completion-1.16.0-150500.3.18.1 * flatpak-remote-flathub-1.16.0-150500.3.18.1 * system-user-flatpak-1.16.0-150500.3.18.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libflatpak0-1.16.0-150500.3.18.1 * flatpak-debuginfo-1.16.0-150500.3.18.1 * flatpak-debugsource-1.16.0-150500.3.18.1 * flatpak-devel-1.16.0-150500.3.18.1 * flatpak-1.16.0-150500.3.18.1 * libflatpak0-debuginfo-1.16.0-150500.3.18.1 * typelib-1_0-Flatpak-1_0-1.16.0-150500.3.18.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * flatpak-zsh-completion-1.16.0-150500.3.18.1 * flatpak-remote-flathub-1.16.0-150500.3.18.1 * system-user-flatpak-1.16.0-150500.3.18.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libflatpak0-1.16.0-150500.3.18.1 * flatpak-debuginfo-1.16.0-150500.3.18.1 * flatpak-debugsource-1.16.0-150500.3.18.1 * flatpak-devel-1.16.0-150500.3.18.1 * flatpak-1.16.0-150500.3.18.1 * libflatpak0-debuginfo-1.16.0-150500.3.18.1 * typelib-1_0-Flatpak-1_0-1.16.0-150500.3.18.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * flatpak-zsh-completion-1.16.0-150500.3.18.1 * flatpak-remote-flathub-1.16.0-150500.3.18.1 * system-user-flatpak-1.16.0-150500.3.18.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34078.html * https://www.suse.com/security/cve/CVE-2026-34079.html * https://bugzilla.suse.com/show_bug.cgi?id=1261769 *https://bugzilla.suse.com/show_bug.cgi?id=1261770 . Critical update for flatpak addresses important security issues in SUSE, enhancing host system protection against exploits.. flatpak security update,suse vulnerabilities,suse flatpak patch. . Severity: Important. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.