FEDORA-2026-2a3e305ac4 — security update for flatpak

stable

flatpak-1.16.6-1.fc42

FEDORA-2026-2a3e305ac4 created by catanzaro a month ago for Fedora 42

Update to 1.16.6

Fixes for CVE-2026-34078, CVE-2026-34079, GHSA-2fxp-43j9-pwvc and GHSA-89xm-3m96-w3jg

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2026-2a3e305ac4

This update has been submitted for testing by catanzaro.

a month ago

This update's test gating status has been changed to 'waiting'.

a month ago

This update has obsoleted flatpak-1.16.4-1.fc42, and has inherited its bugs and notes.

a month ago

This update's test gating status has been changed to 'waiting'.

a month ago

catanzaro edited this update.

a month ago

This update's test gating status has been changed to 'failed'.

a month ago

This update's test gating status has been changed to 'waiting'.

a month ago

This update's test gating status has been changed to 'passed'.

a month ago

This update has been pushed to testing.

a month ago

frantisekz provided feedback 4 weeks ago

karma

This update has been submitted for stable by bodhi.

3 weeks ago

This update has been pushed to stable.

2 weeks ago

Please log in to add feedback.

Metadata

Type

security

Severity

urgent

Karma

Signed

Content Type

RPM

Test Gating

passed

Autopush Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

14 days

Dates

submitted

a month ago

in testing

a month ago

in stable

2 weeks ago

modified

a month ago

approved

3 weeks ago

Builds

flatpak-1.16.6-1.fc42

BZ#2456383 CVE-2026-34078 flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options [fedora-42]

BZ#2456394 CVE-2026-34079 flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation [fedora-42]

flatpak-1.16.6-1.fc42

Automated Test Results

passed