RHSA-2022:7458: Red Hat Security Advisory: flatpak-builder security and bug fix update

Skip to navigation Skip to main content

Utilities

• Subscriptions
• Downloads
• Containers
• Support Cases

Infrastructure and Management

• Red Hat Enterprise Linux
• Red Hat Virtualization
• Red Hat Identity Management
• Red Hat Directory Server
• Red Hat Certificate System
• Red Hat Satellite
• Red Hat Subscription Management
• Red Hat Update Infrastructure
• Red Hat Insights
• Red Hat Ansible Automation Platform

Cloud Computing

• Red Hat OpenShift
• Red Hat CloudForms
• Red Hat OpenStack Platform
• Red Hat OpenShift Container Platform
• Red Hat OpenShift Data Science
• Red Hat OpenShift Online
• Red Hat OpenShift Dedicated
• Red Hat Advanced Cluster Security for Kubernetes
• Red Hat Advanced Cluster Management for Kubernetes
• Red Hat Quay
• Red Hat CodeReady Workspaces
• Red Hat OpenShift Service on AWS

Storage

• Red Hat Gluster Storage
• Red Hat Hyperconverged Infrastructure
• Red Hat Ceph Storage
• Red Hat OpenShift Data Foundation

Runtimes

• Red Hat Runtimes
• Red Hat JBoss Enterprise Application Platform
• Red Hat Data Grid
• Red Hat JBoss Web Server
• Red Hat Single Sign On
• Red Hat support for Spring Boot
• Red Hat build of Node.js
• Red Hat build of Thorntail
• Red Hat build of Eclipse Vert.x
• Red Hat build of OpenJDK
• Red Hat build of Quarkus

Integration and Automation

• Red Hat Process Automation
• Red Hat Process Automation Manager
• Red Hat Decision Manager

All Products

Issued:

2022-11-08

Updated:

2022-11-08

RHSA-2022:7458 - Security Advisory

• Overview
• Updated Packages

Synopsis

Moderate: flatpak-builder security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for flatpak-builder is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Flatpak-builder is a tool for building flatpaks from sources.

Security Fix(es):

• flatpak: flatpak-builder --mirror-screenshots-url can access files outside the build directory (CVE-2022-21682)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.

Affected Products

• Red Hat Enterprise Linux for x86_64 8 x86_64
• Red Hat Enterprise Linux for IBM z Systems 8 s390x
• Red Hat Enterprise Linux for Power, little endian 8 ppc64le
• Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

• BZ - 2041592 - CVE-2022-21682 flatpak: flatpak-builder --mirror-screenshots-url can access files outside the build directory
• BZ - 2047312 - Update flatpak-builder to 1.0.14

References

• https://access.redhat.com/security/updates/classification/#moderate
• https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index

Red Hat Enterprise Linux for x86_64 8

SRPM

flatpak-builder-1.0.14-2.el8.src.rpm

SHA-256: 9a7d27f7fbe1c47602758f77ff5406c99e82a6633dd618b7e63d943f74612f42

x86_64

flatpak-builder-1.0.14-2.el8.x86_64.rpm

SHA-256: 300e2a892854b92679149e72e493289448ae9a7a7a71c72a6db7358c041d3b3c

flatpak-builder-debuginfo-1.0.14-2.el8.x86_64.rpm

SHA-256: 1aa0d460c2dafce577cd6a5acbc99f6943a1f24fd2f30b62c48d1b93e9d35385

flatpak-builder-debugsource-1.0.14-2.el8.x86_64.rpm

SHA-256: fa357c8cbe5198f39c66e8e2eda5cca875e56e2ea094bebbc096d2dd87166702

Red Hat Enterprise Linux for IBM z Systems 8

SRPM

flatpak-builder-1.0.14-2.el8.src.rpm

SHA-256: 9a7d27f7fbe1c47602758f77ff5406c99e82a6633dd618b7e63d943f74612f42

s390x

flatpak-builder-1.0.14-2.el8.s390x.rpm

SHA-256: eb2ba35916133f4a7d25e498967b47e0ce8b8ea2c96e804059241966257d6835

flatpak-builder-debuginfo-1.0.14-2.el8.s390x.rpm

SHA-256: 0af3c5785474df4200419bf4a77c04a3a0e32506f290d1a3832f3c05f2698bc8

flatpak-builder-debugsource-1.0.14-2.el8.s390x.rpm

SHA-256: 58f57afe644c1db25b93dac21f8b851306d8d75cee1973ba7c221ba6f2703812

Red Hat Enterprise Linux for Power, little endian 8

SRPM

flatpak-builder-1.0.14-2.el8.src.rpm

SHA-256: 9a7d27f7fbe1c47602758f77ff5406c99e82a6633dd618b7e63d943f74612f42

ppc64le

flatpak-builder-1.0.14-2.el8.ppc64le.rpm

SHA-256: 48b59f294a693b106440a22c466fa95b2b3941ca623d878702c0024d91871300

flatpak-builder-debuginfo-1.0.14-2.el8.ppc64le.rpm

SHA-256: cf3ed31f17ac19819a39a6d78b492fdbbd59d54bc4c9bad9bf400d09af1f6219

flatpak-builder-debugsource-1.0.14-2.el8.ppc64le.rpm

SHA-256: 75f108b063d814006bd17fcc99027c5cebb82c501fcf38b418731a005a6bef97

Red Hat Enterprise Linux for ARM 64 8

SRPM

flatpak-builder-1.0.14-2.el8.src.rpm

SHA-256: 9a7d27f7fbe1c47602758f77ff5406c99e82a6633dd618b7e63d943f74612f42

aarch64

flatpak-builder-1.0.14-2.el8.aarch64.rpm

SHA-256: e05e585c651b0db34b95da9ae4313673c6e479b4eab5069300d41055f2bb9f14

flatpak-builder-debuginfo-1.0.14-2.el8.aarch64.rpm

SHA-256: d0d1467101fc2376411bbf34d526b53d7817a7148fad018739f1662a1d40ece0

flatpak-builder-debugsource-1.0.14-2.el8.aarch64.rpm

SHA-256: da649e5cab94bbeeb275b8ed453a5fa488b30550ad650b5bb05573acfd27419c

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.