Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-28101 (GCVE-0-2023-28101)
Vulnerability from cvelistv5 – Published: 2023-03-16 15:55 – Updated: 2025-02-25 14:55
VLAI?
EPSS
Title
Flatpak metadata with ANSI control codes can cause misleading terminal output
Summary
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the `flatpak(1)` command-line interface by setting other permissions to crafted values that contain non-printable control characters such as `ESC`. A fix is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, use a GUI like GNOME Software rather than the command-line interface, or only install apps whose maintainers you trust.
Severity ?
5 (Medium)
CWE
- CWE-116 - Improper Encoding or Escaping of Output
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/flatpak/flatpak/security/advis… | x_refsource_CONFIRM |
| https://github.com/flatpak/flatpak/commit/409e341… | x_refsource_MISC |
| https://github.com/flatpak/flatpak/commit/6cac99d… | x_refsource_MISC |
| https://github.com/flatpak/flatpak/commit/7fe63f2… | x_refsource_MISC |
| https://security.gentoo.org/glsa/202312-12 |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:24.112Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/flatpak/flatpak/security/advisories/GHSA-h43h-fwqx-mpp8",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/flatpak/flatpak/security/advisories/GHSA-h43h-fwqx-mpp8"
},
{
"name": "https://github.com/flatpak/flatpak/commit/409e34187de2b2b2c4ef34c79f417be698830f6c",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/flatpak/flatpak/commit/409e34187de2b2b2c4ef34c79f417be698830f6c"
},
{
"name": "https://github.com/flatpak/flatpak/commit/6cac99dafe6003c8a4bd5666341c217876536869",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/flatpak/flatpak/commit/6cac99dafe6003c8a4bd5666341c217876536869"
},
{
"name": "https://github.com/flatpak/flatpak/commit/7fe63f2e8f1fd2dafc31d45154cf0b191ebec66c",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/flatpak/flatpak/commit/7fe63f2e8f1fd2dafc31d45154cf0b191ebec66c"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202312-12"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28101",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T14:29:25.331087Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T14:55:35.911Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "flatpak",
"vendor": "flatpak",
"versions": [
{
"status": "affected",
"version": "\u003c 1.10.8"
},
{
"status": "affected",
"version": "\u003e= 1.12.0, \u003c 1.12.8"
},
{
"status": "affected",
"version": "\u003e= 1.14.0, \u003c 1.14.4"
},
{
"status": "affected",
"version": "\u003e= 1.15.0, \u003c 1.15.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the `flatpak(1)` command-line interface by setting other permissions to crafted values that contain non-printable control characters such as `ESC`. A fix is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, use a GUI like GNOME Software rather than the command-line interface, or only install apps whose maintainers you trust."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116: Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-23T10:06:26.709Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/flatpak/flatpak/security/advisories/GHSA-h43h-fwqx-mpp8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/flatpak/flatpak/security/advisories/GHSA-h43h-fwqx-mpp8"
},
{
"name": "https://github.com/flatpak/flatpak/commit/409e34187de2b2b2c4ef34c79f417be698830f6c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/flatpak/flatpak/commit/409e34187de2b2b2c4ef34c79f417be698830f6c"
},
{
"name": "https://github.com/flatpak/flatpak/commit/6cac99dafe6003c8a4bd5666341c217876536869",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/flatpak/flatpak/commit/6cac99dafe6003c8a4bd5666341c217876536869"
},
{
"name": "https://github.com/flatpak/flatpak/commit/7fe63f2e8f1fd2dafc31d45154cf0b191ebec66c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/flatpak/flatpak/commit/7fe63f2e8f1fd2dafc31d45154cf0b191ebec66c"
},
{
"url": "https://security.gentoo.org/glsa/202312-12"
}
],
"source": {
"advisory": "GHSA-h43h-fwqx-mpp8",
"discovery": "UNKNOWN"
},
"title": "Flatpak metadata with ANSI control codes can cause misleading terminal output"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-28101",
"datePublished": "2023-03-16T15:55:53.576Z",
"dateReserved": "2023-03-10T18:34:29.226Z",
"dateUpdated": "2025-02-25T14:55:35.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-28101",
"date": "2026-05-20",
"epss": "0.00244",
"percentile": "0.47611"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:flatpak:flatpak:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.10.8\", \"matchCriteriaId\": \"D7C3C072-DE21-4063-A561-44CA1E5AE584\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:flatpak:flatpak:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.12.0\", \"versionEndExcluding\": \"1.12.8\", \"matchCriteriaId\": \"3572AF68-883F-44B3-95F8-5062ED29D5F9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:flatpak:flatpak:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.14.0\", \"versionEndExcluding\": \"1.14.4\", \"matchCriteriaId\": \"50573059-1A6E-40DA-9D68-9D054DCC71BE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:flatpak:flatpak:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.15.0\", \"versionEndExcluding\": \"1.15.4\", \"matchCriteriaId\": \"02CAAC00-232B-45A2-86ED-1EE9DC1F0128\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the `flatpak(1)` command-line interface by setting other permissions to crafted values that contain non-printable control characters such as `ESC`. A fix is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, use a GUI like GNOME Software rather than the command-line interface, or only install apps whose maintainers you trust.\"}]",
"id": "CVE-2023-28101",
"lastModified": "2024-11-21T07:54:24.340",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N\", \"baseScore\": 5.0, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.1, \"impactScore\": 1.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 1.4}]}",
"published": "2023-03-16T16:15:12.650",
"references": "[{\"url\": \"https://github.com/flatpak/flatpak/commit/409e34187de2b2b2c4ef34c79f417be698830f6c\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/flatpak/flatpak/commit/6cac99dafe6003c8a4bd5666341c217876536869\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/flatpak/flatpak/commit/7fe63f2e8f1fd2dafc31d45154cf0b191ebec66c\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/flatpak/flatpak/security/advisories/GHSA-h43h-fwqx-mpp8\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202312-12\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/flatpak/flatpak/commit/409e34187de2b2b2c4ef34c79f417be698830f6c\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/flatpak/flatpak/commit/6cac99dafe6003c8a4bd5666341c217876536869\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/flatpak/flatpak/commit/7fe63f2e8f1fd2dafc31d45154cf0b191ebec66c\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/flatpak/flatpak/security/advisories/GHSA-h43h-fwqx-mpp8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202312-12\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-116\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-28101\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-03-16T16:15:12.650\",\"lastModified\":\"2024-11-21T07:54:24.340\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the `flatpak(1)` command-line interface by setting other permissions to crafted values that contain non-printable control characters such as `ESC`. A fix is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, use a GUI like GNOME Software rather than the command-line interface, or only install apps whose maintainers you trust.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N\",\"baseScore\":5.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.1,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-116\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:flatpak:flatpak:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.10.8\",\"matchCriteriaId\":\"D7C3C072-DE21-4063-A561-44CA1E5AE584\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:flatpak:flatpak:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.12.0\",\"versionEndExcluding\":\"1.12.8\",\"matchCriteriaId\":\"3572AF68-883F-44B3-95F8-5062ED29D5F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:flatpak:flatpak:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.14.0\",\"versionEndExcluding\":\"1.14.4\",\"matchCriteriaId\":\"50573059-1A6E-40DA-9D68-9D054DCC71BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:flatpak:flatpak:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.15.0\",\"versionEndExcluding\":\"1.15.4\",\"matchCriteriaId\":\"02CAAC00-232B-45A2-86ED-1EE9DC1F0128\"}]}]}],\"references\":[{\"url\":\"https://github.com/flatpak/flatpak/commit/409e34187de2b2b2c4ef34c79f417be698830f6c\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/flatpak/flatpak/commit/6cac99dafe6003c8a4bd5666341c217876536869\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/flatpak/flatpak/commit/7fe63f2e8f1fd2dafc31d45154cf0b191ebec66c\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/flatpak/flatpak/security/advisories/GHSA-h43h-fwqx-mpp8\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202312-12\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/flatpak/flatpak/commit/409e34187de2b2b2c4ef34c79f417be698830f6c\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/flatpak/flatpak/commit/6cac99dafe6003c8a4bd5666341c217876536869\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/flatpak/flatpak/commit/7fe63f2e8f1fd2dafc31d45154cf0b191ebec66c\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/flatpak/flatpak/security/advisories/GHSA-h43h-fwqx-mpp8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202312-12\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/flatpak/flatpak/security/advisories/GHSA-h43h-fwqx-mpp8\", \"name\": \"https://github.com/flatpak/flatpak/security/advisories/GHSA-h43h-fwqx-mpp8\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/flatpak/flatpak/commit/409e34187de2b2b2c4ef34c79f417be698830f6c\", \"name\": \"https://github.com/flatpak/flatpak/commit/409e34187de2b2b2c4ef34c79f417be698830f6c\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/flatpak/flatpak/commit/6cac99dafe6003c8a4bd5666341c217876536869\", \"name\": \"https://github.com/flatpak/flatpak/commit/6cac99dafe6003c8a4bd5666341c217876536869\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/flatpak/flatpak/commit/7fe63f2e8f1fd2dafc31d45154cf0b191ebec66c\", \"name\": \"https://github.com/flatpak/flatpak/commit/7fe63f2e8f1fd2dafc31d45154cf0b191ebec66c\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202312-12\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T12:30:24.112Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-28101\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-25T14:29:25.331087Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-25T14:29:26.740Z\"}}], \"cna\": {\"title\": \"Flatpak metadata with ANSI control codes can cause misleading terminal output\", \"source\": {\"advisory\": \"GHSA-h43h-fwqx-mpp8\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"flatpak\", \"product\": \"flatpak\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.10.8\"}, {\"status\": \"affected\", \"version\": \"\u003e= 1.12.0, \u003c 1.12.8\"}, {\"status\": \"affected\", \"version\": \"\u003e= 1.14.0, \u003c 1.14.4\"}, {\"status\": \"affected\", \"version\": \"\u003e= 1.15.0, \u003c 1.15.4\"}]}], \"references\": [{\"url\": \"https://github.com/flatpak/flatpak/security/advisories/GHSA-h43h-fwqx-mpp8\", \"name\": \"https://github.com/flatpak/flatpak/security/advisories/GHSA-h43h-fwqx-mpp8\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/flatpak/flatpak/commit/409e34187de2b2b2c4ef34c79f417be698830f6c\", \"name\": \"https://github.com/flatpak/flatpak/commit/409e34187de2b2b2c4ef34c79f417be698830f6c\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/flatpak/flatpak/commit/6cac99dafe6003c8a4bd5666341c217876536869\", \"name\": \"https://github.com/flatpak/flatpak/commit/6cac99dafe6003c8a4bd5666341c217876536869\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/flatpak/flatpak/commit/7fe63f2e8f1fd2dafc31d45154cf0b191ebec66c\", \"name\": \"https://github.com/flatpak/flatpak/commit/7fe63f2e8f1fd2dafc31d45154cf0b191ebec66c\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://security.gentoo.org/glsa/202312-12\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the `flatpak(1)` command-line interface by setting other permissions to crafted values that contain non-printable control characters such as `ESC`. A fix is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, use a GUI like GNOME Software rather than the command-line interface, or only install apps whose maintainers you trust.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-116\", \"description\": \"CWE-116: Improper Encoding or Escaping of Output\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2023-12-23T10:06:26.709Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-28101\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-25T14:55:35.911Z\", \"dateReserved\": \"2023-03-10T18:34:29.226Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2023-03-16T15:55:53.576Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
alsa-2023:6518
Vulnerability from osv_almalinux
Published
2023-11-07 00:00
Modified
2023-11-14 12:11
Summary
Moderate: flatpak security, bug fix, and enhancement update
Details
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.
The following packages have been upgraded to a later upstream version: flatpak (1.12.8). (BZ#2221792)
Security Fix(es):
- flatpak: TIOCLINUX can send commands outside sandbox if running on a virtual console (CVE-2023-28100)
- flatpak: Metadata with ANSI control codes can cause misleading terminal output (CVE-2023-28101)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "flatpak"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.12.8-1.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "flatpak-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.12.8-1.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "flatpak-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.12.8-1.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "flatpak-selinux"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.12.8-1.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "flatpak-session-helper"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.12.8-1.el9"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.\n\nThe following packages have been upgraded to a later upstream version: flatpak (1.12.8). (BZ#2221792)\n\nSecurity Fix(es):\n\n* flatpak: TIOCLINUX can send commands outside sandbox if running on a virtual console (CVE-2023-28100)\n* flatpak: Metadata with ANSI control codes can cause misleading terminal output (CVE-2023-28101)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
"id": "ALSA-2023:6518",
"modified": "2023-11-14T12:11:19Z",
"published": "2023-11-07T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2023:6518"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-28100"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-28101"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2179219"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2179220"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2023-6518.html"
}
],
"related": [
"CVE-2023-28100",
"CVE-2023-28101"
],
"summary": "Moderate: flatpak security, bug fix, and enhancement update"
}
alsa-2023:7038
Vulnerability from osv_almalinux
Published
2023-11-14 00:00
Modified
2023-11-23 10:22
Summary
Moderate: flatpak security, bug fix, and enhancement update
Details
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.
The following packages have been upgraded to a later upstream version: flatpak (1.10.8). (BZ#2222103)
Security Fix(es):
- flatpak: TIOCLINUX can send commands outside sandbox if running on a virtual console (CVE-2023-28100)
- flatpak: Metadata with ANSI control codes can cause misleading terminal output (CVE-2023-28101)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
References
| URL | Type | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "flatpak"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.10.8-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "flatpak-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.10.8-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "flatpak-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.10.8-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "flatpak-selinux"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.10.8-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "flatpak-session-helper"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.10.8-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.\n\nThe following packages have been upgraded to a later upstream version: flatpak (1.10.8). (BZ#2222103)\n\nSecurity Fix(es):\n\n* flatpak: TIOCLINUX can send commands outside sandbox if running on a virtual console (CVE-2023-28100)\n* flatpak: Metadata with ANSI control codes can cause misleading terminal output (CVE-2023-28101)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
"id": "ALSA-2023:7038",
"modified": "2023-11-23T10:22:41Z",
"published": "2023-11-14T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2023:7038"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-28100"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-28101"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2179219"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2179220"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2023-7038.html"
}
],
"related": [
"CVE-2023-28100",
"CVE-2023-28101"
],
"summary": "Moderate: flatpak security, bug fix, and enhancement update"
}
BDU:2024-04882
Vulnerability from fstec - Published: 16.03.2023
VLAI Severity ?
Title
Уязвимость компонента App инструмента для управления приложениями и средами Flatpak, позволяющая нарушителю оказать воздействие на целостность данных
Description
Уязвимость компонента App инструмента для управления приложениями и средами Flatpak связана с повышением и скрытием разрешений. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, оказать воздействие на целостность данных
Severity ?
Vendor
ООО «Ред Софт», Сообщество свободного программного обеспечения, АО «НТЦ ИТ РОСА», АО "НППКТ"
Software Name
РЕД ОС (запись в едином реестре российских программ №3751), Flatpak, ROSA Virtualization 3.0 (запись в едином реестре российских программ №21308), ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)
Software Version
7.3 (РЕД ОС), до 1.10.8 (Flatpak), от 1.12.0 до 1.12.8 (Flatpak), от 1.14.0 до 1.14.4 (Flatpak), от 1.15.0 до 1.15.4 (Flatpak), 3.0 (ROSA Virtualization 3.0), до 2.14 (ОСОН ОСнова Оnyx)
Possible Mitigations
Для Flatpak:
https://github.com/flatpak/flatpak/commit/409e34187de2b2b2c4ef34c79f417be698830f6c
https://github.com/flatpak/flatpak/commit/6cac99dafe6003c8a4bd5666341c217876536869
https://github.com/flatpak/flatpak/commit/7fe63f2e8f1fd2dafc31d45154cf0b191ebec66c
https://github.com/flatpak/flatpak/security/advisories/GHSA-h43h-fwqx-mpp8
Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Для программной системы управления средой виртуализации с подсистемой безагентного резервного копирования виртуальных машин «ROSA Virtualization 3.0»: https://abf.rosa.ru/advisories/ROSA-SA-2025-2798
Обновление программного обеспечения flatpak до версии 1.10.8-0+deb11u3.osnova2u1
Reference
https://github.com/flatpak/flatpak/commit/409e34187de2b2b2c4ef34c79f417be698830f6c
https://github.com/flatpak/flatpak/commit/6cac99dafe6003c8a4bd5666341c217876536869
https://github.com/flatpak/flatpak/commit/7fe63f2e8f1fd2dafc31d45154cf0b191ebec66c
https://github.com/flatpak/flatpak/security/advisories/GHSA-h43h-fwqx-mpp8
https://redos.red-soft.ru/support/secure/
https://abf.rosa.ru/advisories/ROSA-SA-2025-2798
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.14/
CWE
CWE-116
{
"CVSS 2.0": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7.3 (\u0420\u0415\u0414 \u041e\u0421), \u0434\u043e 1.10.8 (Flatpak), \u043e\u0442 1.12.0 \u0434\u043e 1.12.8 (Flatpak), \u043e\u0442 1.14.0 \u0434\u043e 1.14.4 (Flatpak), \u043e\u0442 1.15.0 \u0434\u043e 1.15.4 (Flatpak), 3.0 (ROSA Virtualization 3.0), \u0434\u043e 2.14 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f Flatpak:\nhttps://github.com/flatpak/flatpak/commit/409e34187de2b2b2c4ef34c79f417be698830f6c \nhttps://github.com/flatpak/flatpak/commit/6cac99dafe6003c8a4bd5666341c217876536869 \nhttps://github.com/flatpak/flatpak/commit/7fe63f2e8f1fd2dafc31d45154cf0b191ebec66c \nhttps://github.com/flatpak/flatpak/security/advisories/GHSA-h43h-fwqx-mpp8\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0440\u0435\u0434\u043e\u0439 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441 \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c\u043e\u0439 \u0431\u0435\u0437\u0430\u0433\u0435\u043d\u0442\u043d\u043e\u0433\u043e \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u043c\u0430\u0448\u0438\u043d \u00abROSA Virtualization 3.0\u00bb: https://abf.rosa.ru/advisories/ROSA-SA-2025-2798\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f flatpak \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.10.8-0+deb11u3.osnova2u1",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "16.03.2023",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "24.10.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "28.06.2024",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-04882",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-28101",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "\u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Flatpak, ROSA Virtualization 3.0 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211621308), \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb ROSA Virtualization 3.0 3.0 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211621308), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.14 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 App \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u043c\u0438 \u0438 \u0441\u0440\u0435\u0434\u0430\u043c\u0438 Flatpak, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0445",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0435 \u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0438\u043b\u0438 \u0441\u043e\u043a\u0440\u044b\u0442\u0438\u0435 \u0432\u044b\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-116)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 App \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u043c\u0438 \u0438 \u0441\u0440\u0435\u0434\u0430\u043c\u0438 Flatpak \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435\u043c \u0438 \u0441\u043a\u0440\u044b\u0442\u0438\u0435\u043c \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u0439. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0445",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/flatpak/flatpak/commit/409e34187de2b2b2c4ef34c79f417be698830f6c\nhttps://github.com/flatpak/flatpak/commit/6cac99dafe6003c8a4bd5666341c217876536869\nhttps://github.com/flatpak/flatpak/commit/7fe63f2e8f1fd2dafc31d45154cf0b191ebec66c\nhttps://github.com/flatpak/flatpak/security/advisories/GHSA-h43h-fwqx-mpp8\nhttps://redos.red-soft.ru/support/secure/\nhttps://abf.rosa.ru/advisories/ROSA-SA-2025-2798\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.14/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438/\u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-116",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,3)"
}
FKIE_CVE-2023-28101
Vulnerability from fkie_nvd - Published: 2023-03-16 16:15 - Updated: 2024-11-21 07:54
Severity ?
5.0 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the `flatpak(1)` command-line interface by setting other permissions to crafted values that contain non-printable control characters such as `ESC`. A fix is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, use a GUI like GNOME Software rather than the command-line interface, or only install apps whose maintainers you trust.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/flatpak/flatpak/commit/409e34187de2b2b2c4ef34c79f417be698830f6c | Patch | |
| security-advisories@github.com | https://github.com/flatpak/flatpak/commit/6cac99dafe6003c8a4bd5666341c217876536869 | Patch | |
| security-advisories@github.com | https://github.com/flatpak/flatpak/commit/7fe63f2e8f1fd2dafc31d45154cf0b191ebec66c | Patch | |
| security-advisories@github.com | https://github.com/flatpak/flatpak/security/advisories/GHSA-h43h-fwqx-mpp8 | Patch, Vendor Advisory | |
| security-advisories@github.com | https://security.gentoo.org/glsa/202312-12 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/flatpak/flatpak/commit/409e34187de2b2b2c4ef34c79f417be698830f6c | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/flatpak/flatpak/commit/6cac99dafe6003c8a4bd5666341c217876536869 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/flatpak/flatpak/commit/7fe63f2e8f1fd2dafc31d45154cf0b191ebec66c | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/flatpak/flatpak/security/advisories/GHSA-h43h-fwqx-mpp8 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202312-12 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:flatpak:flatpak:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7C3C072-DE21-4063-A561-44CA1E5AE584",
"versionEndExcluding": "1.10.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:flatpak:flatpak:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3572AF68-883F-44B3-95F8-5062ED29D5F9",
"versionEndExcluding": "1.12.8",
"versionStartIncluding": "1.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:flatpak:flatpak:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50573059-1A6E-40DA-9D68-9D054DCC71BE",
"versionEndExcluding": "1.14.4",
"versionStartIncluding": "1.14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:flatpak:flatpak:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02CAAC00-232B-45A2-86ED-1EE9DC1F0128",
"versionEndExcluding": "1.15.4",
"versionStartIncluding": "1.15.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the `flatpak(1)` command-line interface by setting other permissions to crafted values that contain non-printable control characters such as `ESC`. A fix is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, use a GUI like GNOME Software rather than the command-line interface, or only install apps whose maintainers you trust."
}
],
"id": "CVE-2023-28101",
"lastModified": "2024-11-21T07:54:24.340",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-16T16:15:12.650",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/flatpak/flatpak/commit/409e34187de2b2b2c4ef34c79f417be698830f6c"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/flatpak/flatpak/commit/6cac99dafe6003c8a4bd5666341c217876536869"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/flatpak/flatpak/commit/7fe63f2e8f1fd2dafc31d45154cf0b191ebec66c"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/flatpak/flatpak/security/advisories/GHSA-h43h-fwqx-mpp8"
},
{
"source": "security-advisories@github.com",
"url": "https://security.gentoo.org/glsa/202312-12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/flatpak/flatpak/commit/409e34187de2b2b2c4ef34c79f417be698830f6c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/flatpak/flatpak/commit/6cac99dafe6003c8a4bd5666341c217876536869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/flatpak/flatpak/commit/7fe63f2e8f1fd2dafc31d45154cf0b191ebec66c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/flatpak/flatpak/security/advisories/GHSA-h43h-fwqx-mpp8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202312-12"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-116"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
GSD-2023-28101
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the `flatpak(1)` command-line interface by setting other permissions to crafted values that contain non-printable control characters such as `ESC`. A fix is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, use a GUI like GNOME Software rather than the command-line interface, or only install apps whose maintainers you trust.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-28101",
"id": "GSD-2023-28101"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-28101"
],
"details": "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the `flatpak(1)` command-line interface by setting other permissions to crafted values that contain non-printable control characters such as `ESC`. A fix is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, use a GUI like GNOME Software rather than the command-line interface, or only install apps whose maintainers you trust.",
"id": "GSD-2023-28101",
"modified": "2023-12-13T01:20:47.113119Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2023-28101",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "flatpak",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "\u003c 1.10.8"
},
{
"version_affected": "=",
"version_value": "\u003e= 1.12.0, \u003c 1.12.8"
},
{
"version_affected": "=",
"version_value": "\u003e= 1.14.0, \u003c 1.14.4"
},
{
"version_affected": "=",
"version_value": "\u003e= 1.15.0, \u003c 1.15.4"
}
]
}
}
]
},
"vendor_name": "flatpak"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the `flatpak(1)` command-line interface by setting other permissions to crafted values that contain non-printable control characters such as `ESC`. A fix is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, use a GUI like GNOME Software rather than the command-line interface, or only install apps whose maintainers you trust."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-116",
"lang": "eng",
"value": "CWE-116: Improper Encoding or Escaping of Output"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/flatpak/flatpak/security/advisories/GHSA-h43h-fwqx-mpp8",
"refsource": "MISC",
"url": "https://github.com/flatpak/flatpak/security/advisories/GHSA-h43h-fwqx-mpp8"
},
{
"name": "https://github.com/flatpak/flatpak/commit/409e34187de2b2b2c4ef34c79f417be698830f6c",
"refsource": "MISC",
"url": "https://github.com/flatpak/flatpak/commit/409e34187de2b2b2c4ef34c79f417be698830f6c"
},
{
"name": "https://github.com/flatpak/flatpak/commit/6cac99dafe6003c8a4bd5666341c217876536869",
"refsource": "MISC",
"url": "https://github.com/flatpak/flatpak/commit/6cac99dafe6003c8a4bd5666341c217876536869"
},
{
"name": "https://github.com/flatpak/flatpak/commit/7fe63f2e8f1fd2dafc31d45154cf0b191ebec66c",
"refsource": "MISC",
"url": "https://github.com/flatpak/flatpak/commit/7fe63f2e8f1fd2dafc31d45154cf0b191ebec66c"
},
{
"name": "https://security.gentoo.org/glsa/202312-12",
"refsource": "MISC",
"url": "https://security.gentoo.org/glsa/202312-12"
}
]
},
"source": {
"advisory": "GHSA-h43h-fwqx-mpp8",
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:flatpak:flatpak:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7C3C072-DE21-4063-A561-44CA1E5AE584",
"versionEndExcluding": "1.10.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:flatpak:flatpak:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3572AF68-883F-44B3-95F8-5062ED29D5F9",
"versionEndExcluding": "1.12.8",
"versionStartIncluding": "1.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:flatpak:flatpak:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50573059-1A6E-40DA-9D68-9D054DCC71BE",
"versionEndExcluding": "1.14.4",
"versionStartIncluding": "1.14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:flatpak:flatpak:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02CAAC00-232B-45A2-86ED-1EE9DC1F0128",
"versionEndExcluding": "1.15.4",
"versionStartIncluding": "1.15.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the `flatpak(1)` command-line interface by setting other permissions to crafted values that contain non-printable control characters such as `ESC`. A fix is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, use a GUI like GNOME Software rather than the command-line interface, or only install apps whose maintainers you trust."
}
],
"id": "CVE-2023-28101",
"lastModified": "2023-12-23T10:15:09.857",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2023-03-16T16:15:12.650",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/flatpak/flatpak/commit/409e34187de2b2b2c4ef34c79f417be698830f6c"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/flatpak/flatpak/commit/6cac99dafe6003c8a4bd5666341c217876536869"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/flatpak/flatpak/commit/7fe63f2e8f1fd2dafc31d45154cf0b191ebec66c"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/flatpak/flatpak/security/advisories/GHSA-h43h-fwqx-mpp8"
},
{
"source": "security-advisories@github.com",
"url": "https://security.gentoo.org/glsa/202312-12"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-116"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
}
}
}
OPENSUSE-SU-2024:12800-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
flatpak-1.14.4-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: flatpak-1.14.4-1.1 on GA media
Description of the patch: These are all security issues fixed in the flatpak-1.14.4-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-12800
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.6 (High)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:flatpak-1.14.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:flatpak-1.14.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:flatpak-1.14.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:flatpak-1.14.4-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:flatpak-devel-1.14.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:flatpak-devel-1.14.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:flatpak-devel-1.14.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:flatpak-devel-1.14.4-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:flatpak-remote-flathub-1.14.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:flatpak-remote-flathub-1.14.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:flatpak-remote-flathub-1.14.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:flatpak-remote-flathub-1.14.4-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:flatpak-zsh-completion-1.14.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:flatpak-zsh-completion-1.14.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:flatpak-zsh-completion-1.14.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:flatpak-zsh-completion-1.14.4-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libflatpak0-1.14.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libflatpak0-1.14.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libflatpak0-1.14.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libflatpak0-1.14.4-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:system-user-flatpak-1.14.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:system-user-flatpak-1.14.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:system-user-flatpak-1.14.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:system-user-flatpak-1.14.4-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.14.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.14.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.14.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.14.4-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.3 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:flatpak-1.14.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:flatpak-1.14.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:flatpak-1.14.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:flatpak-1.14.4-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:flatpak-devel-1.14.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:flatpak-devel-1.14.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:flatpak-devel-1.14.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:flatpak-devel-1.14.4-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:flatpak-remote-flathub-1.14.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:flatpak-remote-flathub-1.14.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:flatpak-remote-flathub-1.14.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:flatpak-remote-flathub-1.14.4-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:flatpak-zsh-completion-1.14.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:flatpak-zsh-completion-1.14.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:flatpak-zsh-completion-1.14.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:flatpak-zsh-completion-1.14.4-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libflatpak0-1.14.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libflatpak0-1.14.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libflatpak0-1.14.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libflatpak0-1.14.4-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:system-user-flatpak-1.14.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:system-user-flatpak-1.14.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:system-user-flatpak-1.14.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:system-user-flatpak-1.14.4-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.14.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.14.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.14.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.14.4-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
8 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2023-28100/ | self |
| https://www.suse.com/security/cve/CVE-2023-28101/ | self |
| https://www.suse.com/security/cve/CVE-2023-28100 | external |
| https://bugzilla.suse.com/1209411 | external |
| https://www.suse.com/security/cve/CVE-2023-28101 | external |
| https://bugzilla.suse.com/1209410 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "flatpak-1.14.4-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the flatpak-1.14.4-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-12800",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12800-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-28100 page",
"url": "https://www.suse.com/security/cve/CVE-2023-28100/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-28101 page",
"url": "https://www.suse.com/security/cve/CVE-2023-28101/"
}
],
"title": "flatpak-1.14.4-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:12800-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "flatpak-1.14.4-1.1.aarch64",
"product": {
"name": "flatpak-1.14.4-1.1.aarch64",
"product_id": "flatpak-1.14.4-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "flatpak-devel-1.14.4-1.1.aarch64",
"product": {
"name": "flatpak-devel-1.14.4-1.1.aarch64",
"product_id": "flatpak-devel-1.14.4-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "flatpak-remote-flathub-1.14.4-1.1.aarch64",
"product": {
"name": "flatpak-remote-flathub-1.14.4-1.1.aarch64",
"product_id": "flatpak-remote-flathub-1.14.4-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "flatpak-zsh-completion-1.14.4-1.1.aarch64",
"product": {
"name": "flatpak-zsh-completion-1.14.4-1.1.aarch64",
"product_id": "flatpak-zsh-completion-1.14.4-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libflatpak0-1.14.4-1.1.aarch64",
"product": {
"name": "libflatpak0-1.14.4-1.1.aarch64",
"product_id": "libflatpak0-1.14.4-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "system-user-flatpak-1.14.4-1.1.aarch64",
"product": {
"name": "system-user-flatpak-1.14.4-1.1.aarch64",
"product_id": "system-user-flatpak-1.14.4-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Flatpak-1_0-1.14.4-1.1.aarch64",
"product": {
"name": "typelib-1_0-Flatpak-1_0-1.14.4-1.1.aarch64",
"product_id": "typelib-1_0-Flatpak-1_0-1.14.4-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "flatpak-1.14.4-1.1.ppc64le",
"product": {
"name": "flatpak-1.14.4-1.1.ppc64le",
"product_id": "flatpak-1.14.4-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "flatpak-devel-1.14.4-1.1.ppc64le",
"product": {
"name": "flatpak-devel-1.14.4-1.1.ppc64le",
"product_id": "flatpak-devel-1.14.4-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "flatpak-remote-flathub-1.14.4-1.1.ppc64le",
"product": {
"name": "flatpak-remote-flathub-1.14.4-1.1.ppc64le",
"product_id": "flatpak-remote-flathub-1.14.4-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "flatpak-zsh-completion-1.14.4-1.1.ppc64le",
"product": {
"name": "flatpak-zsh-completion-1.14.4-1.1.ppc64le",
"product_id": "flatpak-zsh-completion-1.14.4-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libflatpak0-1.14.4-1.1.ppc64le",
"product": {
"name": "libflatpak0-1.14.4-1.1.ppc64le",
"product_id": "libflatpak0-1.14.4-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "system-user-flatpak-1.14.4-1.1.ppc64le",
"product": {
"name": "system-user-flatpak-1.14.4-1.1.ppc64le",
"product_id": "system-user-flatpak-1.14.4-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Flatpak-1_0-1.14.4-1.1.ppc64le",
"product": {
"name": "typelib-1_0-Flatpak-1_0-1.14.4-1.1.ppc64le",
"product_id": "typelib-1_0-Flatpak-1_0-1.14.4-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "flatpak-1.14.4-1.1.s390x",
"product": {
"name": "flatpak-1.14.4-1.1.s390x",
"product_id": "flatpak-1.14.4-1.1.s390x"
}
},
{
"category": "product_version",
"name": "flatpak-devel-1.14.4-1.1.s390x",
"product": {
"name": "flatpak-devel-1.14.4-1.1.s390x",
"product_id": "flatpak-devel-1.14.4-1.1.s390x"
}
},
{
"category": "product_version",
"name": "flatpak-remote-flathub-1.14.4-1.1.s390x",
"product": {
"name": "flatpak-remote-flathub-1.14.4-1.1.s390x",
"product_id": "flatpak-remote-flathub-1.14.4-1.1.s390x"
}
},
{
"category": "product_version",
"name": "flatpak-zsh-completion-1.14.4-1.1.s390x",
"product": {
"name": "flatpak-zsh-completion-1.14.4-1.1.s390x",
"product_id": "flatpak-zsh-completion-1.14.4-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libflatpak0-1.14.4-1.1.s390x",
"product": {
"name": "libflatpak0-1.14.4-1.1.s390x",
"product_id": "libflatpak0-1.14.4-1.1.s390x"
}
},
{
"category": "product_version",
"name": "system-user-flatpak-1.14.4-1.1.s390x",
"product": {
"name": "system-user-flatpak-1.14.4-1.1.s390x",
"product_id": "system-user-flatpak-1.14.4-1.1.s390x"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Flatpak-1_0-1.14.4-1.1.s390x",
"product": {
"name": "typelib-1_0-Flatpak-1_0-1.14.4-1.1.s390x",
"product_id": "typelib-1_0-Flatpak-1_0-1.14.4-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "flatpak-1.14.4-1.1.x86_64",
"product": {
"name": "flatpak-1.14.4-1.1.x86_64",
"product_id": "flatpak-1.14.4-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "flatpak-devel-1.14.4-1.1.x86_64",
"product": {
"name": "flatpak-devel-1.14.4-1.1.x86_64",
"product_id": "flatpak-devel-1.14.4-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "flatpak-remote-flathub-1.14.4-1.1.x86_64",
"product": {
"name": "flatpak-remote-flathub-1.14.4-1.1.x86_64",
"product_id": "flatpak-remote-flathub-1.14.4-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "flatpak-zsh-completion-1.14.4-1.1.x86_64",
"product": {
"name": "flatpak-zsh-completion-1.14.4-1.1.x86_64",
"product_id": "flatpak-zsh-completion-1.14.4-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libflatpak0-1.14.4-1.1.x86_64",
"product": {
"name": "libflatpak0-1.14.4-1.1.x86_64",
"product_id": "libflatpak0-1.14.4-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "system-user-flatpak-1.14.4-1.1.x86_64",
"product": {
"name": "system-user-flatpak-1.14.4-1.1.x86_64",
"product_id": "system-user-flatpak-1.14.4-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Flatpak-1_0-1.14.4-1.1.x86_64",
"product": {
"name": "typelib-1_0-Flatpak-1_0-1.14.4-1.1.x86_64",
"product_id": "typelib-1_0-Flatpak-1_0-1.14.4-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-1.14.4-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:flatpak-1.14.4-1.1.aarch64"
},
"product_reference": "flatpak-1.14.4-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-1.14.4-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:flatpak-1.14.4-1.1.ppc64le"
},
"product_reference": "flatpak-1.14.4-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-1.14.4-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:flatpak-1.14.4-1.1.s390x"
},
"product_reference": "flatpak-1.14.4-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-1.14.4-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:flatpak-1.14.4-1.1.x86_64"
},
"product_reference": "flatpak-1.14.4-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-1.14.4-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:flatpak-devel-1.14.4-1.1.aarch64"
},
"product_reference": "flatpak-devel-1.14.4-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-1.14.4-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:flatpak-devel-1.14.4-1.1.ppc64le"
},
"product_reference": "flatpak-devel-1.14.4-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-1.14.4-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:flatpak-devel-1.14.4-1.1.s390x"
},
"product_reference": "flatpak-devel-1.14.4-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-1.14.4-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:flatpak-devel-1.14.4-1.1.x86_64"
},
"product_reference": "flatpak-devel-1.14.4-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-remote-flathub-1.14.4-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:flatpak-remote-flathub-1.14.4-1.1.aarch64"
},
"product_reference": "flatpak-remote-flathub-1.14.4-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-remote-flathub-1.14.4-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:flatpak-remote-flathub-1.14.4-1.1.ppc64le"
},
"product_reference": "flatpak-remote-flathub-1.14.4-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-remote-flathub-1.14.4-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:flatpak-remote-flathub-1.14.4-1.1.s390x"
},
"product_reference": "flatpak-remote-flathub-1.14.4-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-remote-flathub-1.14.4-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:flatpak-remote-flathub-1.14.4-1.1.x86_64"
},
"product_reference": "flatpak-remote-flathub-1.14.4-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-zsh-completion-1.14.4-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:flatpak-zsh-completion-1.14.4-1.1.aarch64"
},
"product_reference": "flatpak-zsh-completion-1.14.4-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-zsh-completion-1.14.4-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:flatpak-zsh-completion-1.14.4-1.1.ppc64le"
},
"product_reference": "flatpak-zsh-completion-1.14.4-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-zsh-completion-1.14.4-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:flatpak-zsh-completion-1.14.4-1.1.s390x"
},
"product_reference": "flatpak-zsh-completion-1.14.4-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-zsh-completion-1.14.4-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:flatpak-zsh-completion-1.14.4-1.1.x86_64"
},
"product_reference": "flatpak-zsh-completion-1.14.4-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libflatpak0-1.14.4-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libflatpak0-1.14.4-1.1.aarch64"
},
"product_reference": "libflatpak0-1.14.4-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libflatpak0-1.14.4-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libflatpak0-1.14.4-1.1.ppc64le"
},
"product_reference": "libflatpak0-1.14.4-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libflatpak0-1.14.4-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libflatpak0-1.14.4-1.1.s390x"
},
"product_reference": "libflatpak0-1.14.4-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libflatpak0-1.14.4-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libflatpak0-1.14.4-1.1.x86_64"
},
"product_reference": "libflatpak0-1.14.4-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-user-flatpak-1.14.4-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:system-user-flatpak-1.14.4-1.1.aarch64"
},
"product_reference": "system-user-flatpak-1.14.4-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-user-flatpak-1.14.4-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:system-user-flatpak-1.14.4-1.1.ppc64le"
},
"product_reference": "system-user-flatpak-1.14.4-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-user-flatpak-1.14.4-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:system-user-flatpak-1.14.4-1.1.s390x"
},
"product_reference": "system-user-flatpak-1.14.4-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-user-flatpak-1.14.4-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:system-user-flatpak-1.14.4-1.1.x86_64"
},
"product_reference": "system-user-flatpak-1.14.4-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Flatpak-1_0-1.14.4-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.14.4-1.1.aarch64"
},
"product_reference": "typelib-1_0-Flatpak-1_0-1.14.4-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Flatpak-1_0-1.14.4-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.14.4-1.1.ppc64le"
},
"product_reference": "typelib-1_0-Flatpak-1_0-1.14.4-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Flatpak-1_0-1.14.4-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.14.4-1.1.s390x"
},
"product_reference": "typelib-1_0-Flatpak-1_0-1.14.4-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Flatpak-1_0-1.14.4-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.14.4-1.1.x86_64"
},
"product_reference": "typelib-1_0-Flatpak-1_0-1.14.4-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-28100",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-28100"
}
],
"notes": [
{
"category": "general",
"text": "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4 contain a vulnerability similar to CVE-2017-5226, but using the `TIOCLINUX` ioctl command instead of `TIOCSTI`. If a Flatpak app is run on a Linux virtual console such as `/dev/tty1`, it can copy text from the virtual console and paste it into the command buffer, from which the command might be run after the Flatpak app has exited. Ordinary graphical terminal emulators like xterm, gnome-terminal and Konsole are unaffected. This vulnerability is specific to the Linux virtual consoles `/dev/tty1`, `/dev/tty2` and so on. A patch is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, don\u0027t run Flatpak on a Linux virtual console. Flatpak is primarily designed to be used in a Wayland or X11 graphical environment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:flatpak-1.14.4-1.1.aarch64",
"openSUSE Tumbleweed:flatpak-1.14.4-1.1.ppc64le",
"openSUSE Tumbleweed:flatpak-1.14.4-1.1.s390x",
"openSUSE Tumbleweed:flatpak-1.14.4-1.1.x86_64",
"openSUSE Tumbleweed:flatpak-devel-1.14.4-1.1.aarch64",
"openSUSE Tumbleweed:flatpak-devel-1.14.4-1.1.ppc64le",
"openSUSE Tumbleweed:flatpak-devel-1.14.4-1.1.s390x",
"openSUSE Tumbleweed:flatpak-devel-1.14.4-1.1.x86_64",
"openSUSE Tumbleweed:flatpak-remote-flathub-1.14.4-1.1.aarch64",
"openSUSE Tumbleweed:flatpak-remote-flathub-1.14.4-1.1.ppc64le",
"openSUSE Tumbleweed:flatpak-remote-flathub-1.14.4-1.1.s390x",
"openSUSE Tumbleweed:flatpak-remote-flathub-1.14.4-1.1.x86_64",
"openSUSE Tumbleweed:flatpak-zsh-completion-1.14.4-1.1.aarch64",
"openSUSE Tumbleweed:flatpak-zsh-completion-1.14.4-1.1.ppc64le",
"openSUSE Tumbleweed:flatpak-zsh-completion-1.14.4-1.1.s390x",
"openSUSE Tumbleweed:flatpak-zsh-completion-1.14.4-1.1.x86_64",
"openSUSE Tumbleweed:libflatpak0-1.14.4-1.1.aarch64",
"openSUSE Tumbleweed:libflatpak0-1.14.4-1.1.ppc64le",
"openSUSE Tumbleweed:libflatpak0-1.14.4-1.1.s390x",
"openSUSE Tumbleweed:libflatpak0-1.14.4-1.1.x86_64",
"openSUSE Tumbleweed:system-user-flatpak-1.14.4-1.1.aarch64",
"openSUSE Tumbleweed:system-user-flatpak-1.14.4-1.1.ppc64le",
"openSUSE Tumbleweed:system-user-flatpak-1.14.4-1.1.s390x",
"openSUSE Tumbleweed:system-user-flatpak-1.14.4-1.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.14.4-1.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.14.4-1.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.14.4-1.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.14.4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-28100",
"url": "https://www.suse.com/security/cve/CVE-2023-28100"
},
{
"category": "external",
"summary": "SUSE Bug 1209411 for CVE-2023-28100",
"url": "https://bugzilla.suse.com/1209411"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:flatpak-1.14.4-1.1.aarch64",
"openSUSE Tumbleweed:flatpak-1.14.4-1.1.ppc64le",
"openSUSE Tumbleweed:flatpak-1.14.4-1.1.s390x",
"openSUSE Tumbleweed:flatpak-1.14.4-1.1.x86_64",
"openSUSE Tumbleweed:flatpak-devel-1.14.4-1.1.aarch64",
"openSUSE Tumbleweed:flatpak-devel-1.14.4-1.1.ppc64le",
"openSUSE Tumbleweed:flatpak-devel-1.14.4-1.1.s390x",
"openSUSE Tumbleweed:flatpak-devel-1.14.4-1.1.x86_64",
"openSUSE Tumbleweed:flatpak-remote-flathub-1.14.4-1.1.aarch64",
"openSUSE Tumbleweed:flatpak-remote-flathub-1.14.4-1.1.ppc64le",
"openSUSE Tumbleweed:flatpak-remote-flathub-1.14.4-1.1.s390x",
"openSUSE Tumbleweed:flatpak-remote-flathub-1.14.4-1.1.x86_64",
"openSUSE Tumbleweed:flatpak-zsh-completion-1.14.4-1.1.aarch64",
"openSUSE Tumbleweed:flatpak-zsh-completion-1.14.4-1.1.ppc64le",
"openSUSE Tumbleweed:flatpak-zsh-completion-1.14.4-1.1.s390x",
"openSUSE Tumbleweed:flatpak-zsh-completion-1.14.4-1.1.x86_64",
"openSUSE Tumbleweed:libflatpak0-1.14.4-1.1.aarch64",
"openSUSE Tumbleweed:libflatpak0-1.14.4-1.1.ppc64le",
"openSUSE Tumbleweed:libflatpak0-1.14.4-1.1.s390x",
"openSUSE Tumbleweed:libflatpak0-1.14.4-1.1.x86_64",
"openSUSE Tumbleweed:system-user-flatpak-1.14.4-1.1.aarch64",
"openSUSE Tumbleweed:system-user-flatpak-1.14.4-1.1.ppc64le",
"openSUSE Tumbleweed:system-user-flatpak-1.14.4-1.1.s390x",
"openSUSE Tumbleweed:system-user-flatpak-1.14.4-1.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.14.4-1.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.14.4-1.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.14.4-1.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.14.4-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:flatpak-1.14.4-1.1.aarch64",
"openSUSE Tumbleweed:flatpak-1.14.4-1.1.ppc64le",
"openSUSE Tumbleweed:flatpak-1.14.4-1.1.s390x",
"openSUSE Tumbleweed:flatpak-1.14.4-1.1.x86_64",
"openSUSE Tumbleweed:flatpak-devel-1.14.4-1.1.aarch64",
"openSUSE Tumbleweed:flatpak-devel-1.14.4-1.1.ppc64le",
"openSUSE Tumbleweed:flatpak-devel-1.14.4-1.1.s390x",
"openSUSE Tumbleweed:flatpak-devel-1.14.4-1.1.x86_64",
"openSUSE Tumbleweed:flatpak-remote-flathub-1.14.4-1.1.aarch64",
"openSUSE Tumbleweed:flatpak-remote-flathub-1.14.4-1.1.ppc64le",
"openSUSE Tumbleweed:flatpak-remote-flathub-1.14.4-1.1.s390x",
"openSUSE Tumbleweed:flatpak-remote-flathub-1.14.4-1.1.x86_64",
"openSUSE Tumbleweed:flatpak-zsh-completion-1.14.4-1.1.aarch64",
"openSUSE Tumbleweed:flatpak-zsh-completion-1.14.4-1.1.ppc64le",
"openSUSE Tumbleweed:flatpak-zsh-completion-1.14.4-1.1.s390x",
"openSUSE Tumbleweed:flatpak-zsh-completion-1.14.4-1.1.x86_64",
"openSUSE Tumbleweed:libflatpak0-1.14.4-1.1.aarch64",
"openSUSE Tumbleweed:libflatpak0-1.14.4-1.1.ppc64le",
"openSUSE Tumbleweed:libflatpak0-1.14.4-1.1.s390x",
"openSUSE Tumbleweed:libflatpak0-1.14.4-1.1.x86_64",
"openSUSE Tumbleweed:system-user-flatpak-1.14.4-1.1.aarch64",
"openSUSE Tumbleweed:system-user-flatpak-1.14.4-1.1.ppc64le",
"openSUSE Tumbleweed:system-user-flatpak-1.14.4-1.1.s390x",
"openSUSE Tumbleweed:system-user-flatpak-1.14.4-1.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.14.4-1.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.14.4-1.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.14.4-1.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.14.4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-28100"
},
{
"cve": "CVE-2023-28101",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-28101"
}
],
"notes": [
{
"category": "general",
"text": "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the `flatpak(1)` command-line interface by setting other permissions to crafted values that contain non-printable control characters such as `ESC`. A fix is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, use a GUI like GNOME Software rather than the command-line interface, or only install apps whose maintainers you trust.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:flatpak-1.14.4-1.1.aarch64",
"openSUSE Tumbleweed:flatpak-1.14.4-1.1.ppc64le",
"openSUSE Tumbleweed:flatpak-1.14.4-1.1.s390x",
"openSUSE Tumbleweed:flatpak-1.14.4-1.1.x86_64",
"openSUSE Tumbleweed:flatpak-devel-1.14.4-1.1.aarch64",
"openSUSE Tumbleweed:flatpak-devel-1.14.4-1.1.ppc64le",
"openSUSE Tumbleweed:flatpak-devel-1.14.4-1.1.s390x",
"openSUSE Tumbleweed:flatpak-devel-1.14.4-1.1.x86_64",
"openSUSE Tumbleweed:flatpak-remote-flathub-1.14.4-1.1.aarch64",
"openSUSE Tumbleweed:flatpak-remote-flathub-1.14.4-1.1.ppc64le",
"openSUSE Tumbleweed:flatpak-remote-flathub-1.14.4-1.1.s390x",
"openSUSE Tumbleweed:flatpak-remote-flathub-1.14.4-1.1.x86_64",
"openSUSE Tumbleweed:flatpak-zsh-completion-1.14.4-1.1.aarch64",
"openSUSE Tumbleweed:flatpak-zsh-completion-1.14.4-1.1.ppc64le",
"openSUSE Tumbleweed:flatpak-zsh-completion-1.14.4-1.1.s390x",
"openSUSE Tumbleweed:flatpak-zsh-completion-1.14.4-1.1.x86_64",
"openSUSE Tumbleweed:libflatpak0-1.14.4-1.1.aarch64",
"openSUSE Tumbleweed:libflatpak0-1.14.4-1.1.ppc64le",
"openSUSE Tumbleweed:libflatpak0-1.14.4-1.1.s390x",
"openSUSE Tumbleweed:libflatpak0-1.14.4-1.1.x86_64",
"openSUSE Tumbleweed:system-user-flatpak-1.14.4-1.1.aarch64",
"openSUSE Tumbleweed:system-user-flatpak-1.14.4-1.1.ppc64le",
"openSUSE Tumbleweed:system-user-flatpak-1.14.4-1.1.s390x",
"openSUSE Tumbleweed:system-user-flatpak-1.14.4-1.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.14.4-1.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.14.4-1.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.14.4-1.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.14.4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-28101",
"url": "https://www.suse.com/security/cve/CVE-2023-28101"
},
{
"category": "external",
"summary": "SUSE Bug 1209410 for CVE-2023-28101",
"url": "https://bugzilla.suse.com/1209410"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:flatpak-1.14.4-1.1.aarch64",
"openSUSE Tumbleweed:flatpak-1.14.4-1.1.ppc64le",
"openSUSE Tumbleweed:flatpak-1.14.4-1.1.s390x",
"openSUSE Tumbleweed:flatpak-1.14.4-1.1.x86_64",
"openSUSE Tumbleweed:flatpak-devel-1.14.4-1.1.aarch64",
"openSUSE Tumbleweed:flatpak-devel-1.14.4-1.1.ppc64le",
"openSUSE Tumbleweed:flatpak-devel-1.14.4-1.1.s390x",
"openSUSE Tumbleweed:flatpak-devel-1.14.4-1.1.x86_64",
"openSUSE Tumbleweed:flatpak-remote-flathub-1.14.4-1.1.aarch64",
"openSUSE Tumbleweed:flatpak-remote-flathub-1.14.4-1.1.ppc64le",
"openSUSE Tumbleweed:flatpak-remote-flathub-1.14.4-1.1.s390x",
"openSUSE Tumbleweed:flatpak-remote-flathub-1.14.4-1.1.x86_64",
"openSUSE Tumbleweed:flatpak-zsh-completion-1.14.4-1.1.aarch64",
"openSUSE Tumbleweed:flatpak-zsh-completion-1.14.4-1.1.ppc64le",
"openSUSE Tumbleweed:flatpak-zsh-completion-1.14.4-1.1.s390x",
"openSUSE Tumbleweed:flatpak-zsh-completion-1.14.4-1.1.x86_64",
"openSUSE Tumbleweed:libflatpak0-1.14.4-1.1.aarch64",
"openSUSE Tumbleweed:libflatpak0-1.14.4-1.1.ppc64le",
"openSUSE Tumbleweed:libflatpak0-1.14.4-1.1.s390x",
"openSUSE Tumbleweed:libflatpak0-1.14.4-1.1.x86_64",
"openSUSE Tumbleweed:system-user-flatpak-1.14.4-1.1.aarch64",
"openSUSE Tumbleweed:system-user-flatpak-1.14.4-1.1.ppc64le",
"openSUSE Tumbleweed:system-user-flatpak-1.14.4-1.1.s390x",
"openSUSE Tumbleweed:system-user-flatpak-1.14.4-1.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.14.4-1.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.14.4-1.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.14.4-1.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.14.4-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:flatpak-1.14.4-1.1.aarch64",
"openSUSE Tumbleweed:flatpak-1.14.4-1.1.ppc64le",
"openSUSE Tumbleweed:flatpak-1.14.4-1.1.s390x",
"openSUSE Tumbleweed:flatpak-1.14.4-1.1.x86_64",
"openSUSE Tumbleweed:flatpak-devel-1.14.4-1.1.aarch64",
"openSUSE Tumbleweed:flatpak-devel-1.14.4-1.1.ppc64le",
"openSUSE Tumbleweed:flatpak-devel-1.14.4-1.1.s390x",
"openSUSE Tumbleweed:flatpak-devel-1.14.4-1.1.x86_64",
"openSUSE Tumbleweed:flatpak-remote-flathub-1.14.4-1.1.aarch64",
"openSUSE Tumbleweed:flatpak-remote-flathub-1.14.4-1.1.ppc64le",
"openSUSE Tumbleweed:flatpak-remote-flathub-1.14.4-1.1.s390x",
"openSUSE Tumbleweed:flatpak-remote-flathub-1.14.4-1.1.x86_64",
"openSUSE Tumbleweed:flatpak-zsh-completion-1.14.4-1.1.aarch64",
"openSUSE Tumbleweed:flatpak-zsh-completion-1.14.4-1.1.ppc64le",
"openSUSE Tumbleweed:flatpak-zsh-completion-1.14.4-1.1.s390x",
"openSUSE Tumbleweed:flatpak-zsh-completion-1.14.4-1.1.x86_64",
"openSUSE Tumbleweed:libflatpak0-1.14.4-1.1.aarch64",
"openSUSE Tumbleweed:libflatpak0-1.14.4-1.1.ppc64le",
"openSUSE Tumbleweed:libflatpak0-1.14.4-1.1.s390x",
"openSUSE Tumbleweed:libflatpak0-1.14.4-1.1.x86_64",
"openSUSE Tumbleweed:system-user-flatpak-1.14.4-1.1.aarch64",
"openSUSE Tumbleweed:system-user-flatpak-1.14.4-1.1.ppc64le",
"openSUSE Tumbleweed:system-user-flatpak-1.14.4-1.1.s390x",
"openSUSE Tumbleweed:system-user-flatpak-1.14.4-1.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.14.4-1.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.14.4-1.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.14.4-1.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-Flatpak-1_0-1.14.4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-28101"
}
]
}
RHSA-2023:6518
Vulnerability from csaf_redhat - Published: 2023-11-07 08:49 - Updated: 2025-11-21 18:49Summary
Red Hat Security Advisory: flatpak security, bug fix, and enhancement update
Severity
Moderate
Notes
Topic: An update for flatpak is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.
The following packages have been upgraded to a later upstream version: flatpak (1.12.8). (BZ#2221792)
Security Fix(es):
* flatpak: TIOCLINUX can send commands outside sandbox if running on a virtual console (CVE-2023-28100)
* flatpak: Metadata with ANSI control codes can cause misleading terminal output (CVE-2023-28101)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.3 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Flatpak, a system for building, distributing, and running sandboxed desktop applications on Linux. It contains a vulnerability similar to CVE-2017-5226 but using the `TIOCLINUX` ioctl command instead of `TIOCSTI.` If a Flatpak app is run on a Linux virtual console such as `/dev/tty1`, it can copy text from the virtual console and paste it into the command buffer, from which the command might be run after the Flatpak app has exited. Ordinary graphical terminal emulators like xterm, gnome-terminal, and Konsole are unaffected. This vulnerability is specific to the Linux virtual consoles `/dev/tty1`, `/dev/tty2`, and others.
6.5 (Medium)
Affected products
Fixed
94 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-selinux-0:1.12.8-1.el9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-selinux-0:1.12.8-1.el9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Flatpak, a system for building, distributing, and running sandboxed desktop applications on Linux. Suppose an attacker publishes a Flatpak app with elevated permissions. In that case, they can hide those permissions from users of the `flatpak(1)` command-line interface by setting other permissions to crafted values that contain non-printable control characters such as `ESC.`
6.2 (Medium)
Affected products
Fixed
94 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-selinux-0:1.12.8-1.el9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-selinux-0:1.12.8-1.el9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
17 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2023:6518 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://access.redhat.com/documentation/en-us/red… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2179219 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2179220 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2221792 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2023-28100 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2179220 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-28100 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-28100 | external |
| https://github.com/flatpak/flatpak/security/advis… | external |
| https://access.redhat.com/security/cve/CVE-2023-28101 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2179219 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-28101 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-28101 | external |
| https://github.com/flatpak/flatpak/security/advis… | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for flatpak is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.\n\nThe following packages have been upgraded to a later upstream version: flatpak (1.12.8). (BZ#2221792)\n\nSecurity Fix(es):\n\n* flatpak: TIOCLINUX can send commands outside sandbox if running on a virtual console (CVE-2023-28100)\n\n* flatpak: Metadata with ANSI control codes can cause misleading terminal output (CVE-2023-28101)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.3 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6518",
"url": "https://access.redhat.com/errata/RHSA-2023:6518"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.3_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.3_release_notes/index"
},
{
"category": "external",
"summary": "2179219",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179219"
},
{
"category": "external",
"summary": "2179220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179220"
},
{
"category": "external",
"summary": "2221792",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221792"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6518.json"
}
],
"title": "Red Hat Security Advisory: flatpak security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2025-11-21T18:49:13+00:00",
"generator": {
"date": "2025-11-21T18:49:13+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2023:6518",
"initial_release_date": "2023-11-07T08:49:11+00:00",
"revision_history": [
{
"date": "2023-11-07T08:49:11+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-11-07T08:49:11+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:49:13+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat CodeReady Linux Builder (v. 9)",
"product": {
"name": "Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "flatpak-0:1.12.8-1.el9.aarch64",
"product": {
"name": "flatpak-0:1.12.8-1.el9.aarch64",
"product_id": "flatpak-0:1.12.8-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak@1.12.8-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "flatpak-libs-0:1.12.8-1.el9.aarch64",
"product": {
"name": "flatpak-libs-0:1.12.8-1.el9.aarch64",
"product_id": "flatpak-libs-0:1.12.8-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-libs@1.12.8-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "flatpak-session-helper-0:1.12.8-1.el9.aarch64",
"product": {
"name": "flatpak-session-helper-0:1.12.8-1.el9.aarch64",
"product_id": "flatpak-session-helper-0:1.12.8-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-session-helper@1.12.8-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "flatpak-debugsource-0:1.12.8-1.el9.aarch64",
"product": {
"name": "flatpak-debugsource-0:1.12.8-1.el9.aarch64",
"product_id": "flatpak-debugsource-0:1.12.8-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-debugsource@1.12.8-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "flatpak-debuginfo-0:1.12.8-1.el9.aarch64",
"product": {
"name": "flatpak-debuginfo-0:1.12.8-1.el9.aarch64",
"product_id": "flatpak-debuginfo-0:1.12.8-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-debuginfo@1.12.8-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64",
"product": {
"name": "flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64",
"product_id": "flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-libs-debuginfo@1.12.8-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64",
"product": {
"name": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64",
"product_id": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-session-helper-debuginfo@1.12.8-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64",
"product": {
"name": "flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64",
"product_id": "flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-tests-debuginfo@1.12.8-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "flatpak-devel-0:1.12.8-1.el9.aarch64",
"product": {
"name": "flatpak-devel-0:1.12.8-1.el9.aarch64",
"product_id": "flatpak-devel-0:1.12.8-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-devel@1.12.8-1.el9?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "flatpak-0:1.12.8-1.el9.ppc64le",
"product": {
"name": "flatpak-0:1.12.8-1.el9.ppc64le",
"product_id": "flatpak-0:1.12.8-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak@1.12.8-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "flatpak-libs-0:1.12.8-1.el9.ppc64le",
"product": {
"name": "flatpak-libs-0:1.12.8-1.el9.ppc64le",
"product_id": "flatpak-libs-0:1.12.8-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-libs@1.12.8-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "flatpak-session-helper-0:1.12.8-1.el9.ppc64le",
"product": {
"name": "flatpak-session-helper-0:1.12.8-1.el9.ppc64le",
"product_id": "flatpak-session-helper-0:1.12.8-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-session-helper@1.12.8-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "flatpak-debugsource-0:1.12.8-1.el9.ppc64le",
"product": {
"name": "flatpak-debugsource-0:1.12.8-1.el9.ppc64le",
"product_id": "flatpak-debugsource-0:1.12.8-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-debugsource@1.12.8-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "flatpak-debuginfo-0:1.12.8-1.el9.ppc64le",
"product": {
"name": "flatpak-debuginfo-0:1.12.8-1.el9.ppc64le",
"product_id": "flatpak-debuginfo-0:1.12.8-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-debuginfo@1.12.8-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le",
"product": {
"name": "flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le",
"product_id": "flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-libs-debuginfo@1.12.8-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le",
"product": {
"name": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le",
"product_id": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-session-helper-debuginfo@1.12.8-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le",
"product": {
"name": "flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le",
"product_id": "flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-tests-debuginfo@1.12.8-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "flatpak-devel-0:1.12.8-1.el9.ppc64le",
"product": {
"name": "flatpak-devel-0:1.12.8-1.el9.ppc64le",
"product_id": "flatpak-devel-0:1.12.8-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-devel@1.12.8-1.el9?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "flatpak-0:1.12.8-1.el9.src",
"product": {
"name": "flatpak-0:1.12.8-1.el9.src",
"product_id": "flatpak-0:1.12.8-1.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak@1.12.8-1.el9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "flatpak-0:1.12.8-1.el9.x86_64",
"product": {
"name": "flatpak-0:1.12.8-1.el9.x86_64",
"product_id": "flatpak-0:1.12.8-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak@1.12.8-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "flatpak-libs-0:1.12.8-1.el9.x86_64",
"product": {
"name": "flatpak-libs-0:1.12.8-1.el9.x86_64",
"product_id": "flatpak-libs-0:1.12.8-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-libs@1.12.8-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "flatpak-session-helper-0:1.12.8-1.el9.x86_64",
"product": {
"name": "flatpak-session-helper-0:1.12.8-1.el9.x86_64",
"product_id": "flatpak-session-helper-0:1.12.8-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-session-helper@1.12.8-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "flatpak-debugsource-0:1.12.8-1.el9.x86_64",
"product": {
"name": "flatpak-debugsource-0:1.12.8-1.el9.x86_64",
"product_id": "flatpak-debugsource-0:1.12.8-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-debugsource@1.12.8-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "flatpak-debuginfo-0:1.12.8-1.el9.x86_64",
"product": {
"name": "flatpak-debuginfo-0:1.12.8-1.el9.x86_64",
"product_id": "flatpak-debuginfo-0:1.12.8-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-debuginfo@1.12.8-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64",
"product": {
"name": "flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64",
"product_id": "flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-libs-debuginfo@1.12.8-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64",
"product": {
"name": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64",
"product_id": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-session-helper-debuginfo@1.12.8-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64",
"product": {
"name": "flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64",
"product_id": "flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-tests-debuginfo@1.12.8-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "flatpak-devel-0:1.12.8-1.el9.x86_64",
"product": {
"name": "flatpak-devel-0:1.12.8-1.el9.x86_64",
"product_id": "flatpak-devel-0:1.12.8-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-devel@1.12.8-1.el9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "flatpak-libs-0:1.12.8-1.el9.i686",
"product": {
"name": "flatpak-libs-0:1.12.8-1.el9.i686",
"product_id": "flatpak-libs-0:1.12.8-1.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-libs@1.12.8-1.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "flatpak-debugsource-0:1.12.8-1.el9.i686",
"product": {
"name": "flatpak-debugsource-0:1.12.8-1.el9.i686",
"product_id": "flatpak-debugsource-0:1.12.8-1.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-debugsource@1.12.8-1.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "flatpak-debuginfo-0:1.12.8-1.el9.i686",
"product": {
"name": "flatpak-debuginfo-0:1.12.8-1.el9.i686",
"product_id": "flatpak-debuginfo-0:1.12.8-1.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-debuginfo@1.12.8-1.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "flatpak-libs-debuginfo-0:1.12.8-1.el9.i686",
"product": {
"name": "flatpak-libs-debuginfo-0:1.12.8-1.el9.i686",
"product_id": "flatpak-libs-debuginfo-0:1.12.8-1.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-libs-debuginfo@1.12.8-1.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686",
"product": {
"name": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686",
"product_id": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-session-helper-debuginfo@1.12.8-1.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "flatpak-tests-debuginfo-0:1.12.8-1.el9.i686",
"product": {
"name": "flatpak-tests-debuginfo-0:1.12.8-1.el9.i686",
"product_id": "flatpak-tests-debuginfo-0:1.12.8-1.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-tests-debuginfo@1.12.8-1.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "flatpak-0:1.12.8-1.el9.i686",
"product": {
"name": "flatpak-0:1.12.8-1.el9.i686",
"product_id": "flatpak-0:1.12.8-1.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak@1.12.8-1.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "flatpak-devel-0:1.12.8-1.el9.i686",
"product": {
"name": "flatpak-devel-0:1.12.8-1.el9.i686",
"product_id": "flatpak-devel-0:1.12.8-1.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-devel@1.12.8-1.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "flatpak-session-helper-0:1.12.8-1.el9.i686",
"product": {
"name": "flatpak-session-helper-0:1.12.8-1.el9.i686",
"product_id": "flatpak-session-helper-0:1.12.8-1.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-session-helper@1.12.8-1.el9?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "flatpak-0:1.12.8-1.el9.s390x",
"product": {
"name": "flatpak-0:1.12.8-1.el9.s390x",
"product_id": "flatpak-0:1.12.8-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak@1.12.8-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "flatpak-libs-0:1.12.8-1.el9.s390x",
"product": {
"name": "flatpak-libs-0:1.12.8-1.el9.s390x",
"product_id": "flatpak-libs-0:1.12.8-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-libs@1.12.8-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "flatpak-session-helper-0:1.12.8-1.el9.s390x",
"product": {
"name": "flatpak-session-helper-0:1.12.8-1.el9.s390x",
"product_id": "flatpak-session-helper-0:1.12.8-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-session-helper@1.12.8-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "flatpak-debugsource-0:1.12.8-1.el9.s390x",
"product": {
"name": "flatpak-debugsource-0:1.12.8-1.el9.s390x",
"product_id": "flatpak-debugsource-0:1.12.8-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-debugsource@1.12.8-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "flatpak-debuginfo-0:1.12.8-1.el9.s390x",
"product": {
"name": "flatpak-debuginfo-0:1.12.8-1.el9.s390x",
"product_id": "flatpak-debuginfo-0:1.12.8-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-debuginfo@1.12.8-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x",
"product": {
"name": "flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x",
"product_id": "flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-libs-debuginfo@1.12.8-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x",
"product": {
"name": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x",
"product_id": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-session-helper-debuginfo@1.12.8-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x",
"product": {
"name": "flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x",
"product_id": "flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-tests-debuginfo@1.12.8-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "flatpak-devel-0:1.12.8-1.el9.s390x",
"product": {
"name": "flatpak-devel-0:1.12.8-1.el9.s390x",
"product_id": "flatpak-devel-0:1.12.8-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-devel@1.12.8-1.el9?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "flatpak-selinux-0:1.12.8-1.el9.noarch",
"product": {
"name": "flatpak-selinux-0:1.12.8-1.el9.noarch",
"product_id": "flatpak-selinux-0:1.12.8-1.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-selinux@1.12.8-1.el9?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-0:1.12.8-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.aarch64"
},
"product_reference": "flatpak-0:1.12.8-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-0:1.12.8-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.i686"
},
"product_reference": "flatpak-0:1.12.8-1.el9.i686",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-0:1.12.8-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.ppc64le"
},
"product_reference": "flatpak-0:1.12.8-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-0:1.12.8-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.s390x"
},
"product_reference": "flatpak-0:1.12.8-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-0:1.12.8-1.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.src"
},
"product_reference": "flatpak-0:1.12.8-1.el9.src",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-0:1.12.8-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.x86_64"
},
"product_reference": "flatpak-0:1.12.8-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debuginfo-0:1.12.8-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.aarch64"
},
"product_reference": "flatpak-debuginfo-0:1.12.8-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debuginfo-0:1.12.8-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.i686"
},
"product_reference": "flatpak-debuginfo-0:1.12.8-1.el9.i686",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debuginfo-0:1.12.8-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.ppc64le"
},
"product_reference": "flatpak-debuginfo-0:1.12.8-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debuginfo-0:1.12.8-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.s390x"
},
"product_reference": "flatpak-debuginfo-0:1.12.8-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debuginfo-0:1.12.8-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.x86_64"
},
"product_reference": "flatpak-debuginfo-0:1.12.8-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debugsource-0:1.12.8-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.aarch64"
},
"product_reference": "flatpak-debugsource-0:1.12.8-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debugsource-0:1.12.8-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.i686"
},
"product_reference": "flatpak-debugsource-0:1.12.8-1.el9.i686",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debugsource-0:1.12.8-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.ppc64le"
},
"product_reference": "flatpak-debugsource-0:1.12.8-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debugsource-0:1.12.8-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.s390x"
},
"product_reference": "flatpak-debugsource-0:1.12.8-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debugsource-0:1.12.8-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.x86_64"
},
"product_reference": "flatpak-debugsource-0:1.12.8-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-0:1.12.8-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.aarch64"
},
"product_reference": "flatpak-devel-0:1.12.8-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-0:1.12.8-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.i686"
},
"product_reference": "flatpak-devel-0:1.12.8-1.el9.i686",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-0:1.12.8-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.ppc64le"
},
"product_reference": "flatpak-devel-0:1.12.8-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-0:1.12.8-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.s390x"
},
"product_reference": "flatpak-devel-0:1.12.8-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-0:1.12.8-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.x86_64"
},
"product_reference": "flatpak-devel-0:1.12.8-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-0:1.12.8-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.aarch64"
},
"product_reference": "flatpak-libs-0:1.12.8-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-0:1.12.8-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.i686"
},
"product_reference": "flatpak-libs-0:1.12.8-1.el9.i686",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-0:1.12.8-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.ppc64le"
},
"product_reference": "flatpak-libs-0:1.12.8-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-0:1.12.8-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.s390x"
},
"product_reference": "flatpak-libs-0:1.12.8-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-0:1.12.8-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.x86_64"
},
"product_reference": "flatpak-libs-0:1.12.8-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64"
},
"product_reference": "flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-debuginfo-0:1.12.8-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.i686"
},
"product_reference": "flatpak-libs-debuginfo-0:1.12.8-1.el9.i686",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le"
},
"product_reference": "flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x"
},
"product_reference": "flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64"
},
"product_reference": "flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-selinux-0:1.12.8-1.el9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-selinux-0:1.12.8-1.el9.noarch"
},
"product_reference": "flatpak-selinux-0:1.12.8-1.el9.noarch",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-0:1.12.8-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.aarch64"
},
"product_reference": "flatpak-session-helper-0:1.12.8-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-0:1.12.8-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.i686"
},
"product_reference": "flatpak-session-helper-0:1.12.8-1.el9.i686",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-0:1.12.8-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.ppc64le"
},
"product_reference": "flatpak-session-helper-0:1.12.8-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-0:1.12.8-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.s390x"
},
"product_reference": "flatpak-session-helper-0:1.12.8-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-0:1.12.8-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.x86_64"
},
"product_reference": "flatpak-session-helper-0:1.12.8-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64"
},
"product_reference": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686"
},
"product_reference": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le"
},
"product_reference": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x"
},
"product_reference": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64"
},
"product_reference": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64"
},
"product_reference": "flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-tests-debuginfo-0:1.12.8-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.i686"
},
"product_reference": "flatpak-tests-debuginfo-0:1.12.8-1.el9.i686",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le"
},
"product_reference": "flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x"
},
"product_reference": "flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64"
},
"product_reference": "flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-0:1.12.8-1.el9.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.aarch64"
},
"product_reference": "flatpak-0:1.12.8-1.el9.aarch64",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-0:1.12.8-1.el9.i686 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.i686"
},
"product_reference": "flatpak-0:1.12.8-1.el9.i686",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-0:1.12.8-1.el9.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.ppc64le"
},
"product_reference": "flatpak-0:1.12.8-1.el9.ppc64le",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-0:1.12.8-1.el9.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.s390x"
},
"product_reference": "flatpak-0:1.12.8-1.el9.s390x",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-0:1.12.8-1.el9.src as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.src"
},
"product_reference": "flatpak-0:1.12.8-1.el9.src",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-0:1.12.8-1.el9.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.x86_64"
},
"product_reference": "flatpak-0:1.12.8-1.el9.x86_64",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debuginfo-0:1.12.8-1.el9.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.aarch64"
},
"product_reference": "flatpak-debuginfo-0:1.12.8-1.el9.aarch64",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debuginfo-0:1.12.8-1.el9.i686 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.i686"
},
"product_reference": "flatpak-debuginfo-0:1.12.8-1.el9.i686",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debuginfo-0:1.12.8-1.el9.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.ppc64le"
},
"product_reference": "flatpak-debuginfo-0:1.12.8-1.el9.ppc64le",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debuginfo-0:1.12.8-1.el9.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.s390x"
},
"product_reference": "flatpak-debuginfo-0:1.12.8-1.el9.s390x",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debuginfo-0:1.12.8-1.el9.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.x86_64"
},
"product_reference": "flatpak-debuginfo-0:1.12.8-1.el9.x86_64",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debugsource-0:1.12.8-1.el9.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.aarch64"
},
"product_reference": "flatpak-debugsource-0:1.12.8-1.el9.aarch64",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debugsource-0:1.12.8-1.el9.i686 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.i686"
},
"product_reference": "flatpak-debugsource-0:1.12.8-1.el9.i686",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debugsource-0:1.12.8-1.el9.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.ppc64le"
},
"product_reference": "flatpak-debugsource-0:1.12.8-1.el9.ppc64le",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debugsource-0:1.12.8-1.el9.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.s390x"
},
"product_reference": "flatpak-debugsource-0:1.12.8-1.el9.s390x",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debugsource-0:1.12.8-1.el9.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.x86_64"
},
"product_reference": "flatpak-debugsource-0:1.12.8-1.el9.x86_64",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-0:1.12.8-1.el9.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.aarch64"
},
"product_reference": "flatpak-devel-0:1.12.8-1.el9.aarch64",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-0:1.12.8-1.el9.i686 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.i686"
},
"product_reference": "flatpak-devel-0:1.12.8-1.el9.i686",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-0:1.12.8-1.el9.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.ppc64le"
},
"product_reference": "flatpak-devel-0:1.12.8-1.el9.ppc64le",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-0:1.12.8-1.el9.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.s390x"
},
"product_reference": "flatpak-devel-0:1.12.8-1.el9.s390x",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-0:1.12.8-1.el9.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.x86_64"
},
"product_reference": "flatpak-devel-0:1.12.8-1.el9.x86_64",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-0:1.12.8-1.el9.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.aarch64"
},
"product_reference": "flatpak-libs-0:1.12.8-1.el9.aarch64",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-0:1.12.8-1.el9.i686 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.i686"
},
"product_reference": "flatpak-libs-0:1.12.8-1.el9.i686",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-0:1.12.8-1.el9.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.ppc64le"
},
"product_reference": "flatpak-libs-0:1.12.8-1.el9.ppc64le",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-0:1.12.8-1.el9.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.s390x"
},
"product_reference": "flatpak-libs-0:1.12.8-1.el9.s390x",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-0:1.12.8-1.el9.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.x86_64"
},
"product_reference": "flatpak-libs-0:1.12.8-1.el9.x86_64",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64"
},
"product_reference": "flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-debuginfo-0:1.12.8-1.el9.i686 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.i686"
},
"product_reference": "flatpak-libs-debuginfo-0:1.12.8-1.el9.i686",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le"
},
"product_reference": "flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x"
},
"product_reference": "flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64"
},
"product_reference": "flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-selinux-0:1.12.8-1.el9.noarch as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-selinux-0:1.12.8-1.el9.noarch"
},
"product_reference": "flatpak-selinux-0:1.12.8-1.el9.noarch",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-0:1.12.8-1.el9.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.aarch64"
},
"product_reference": "flatpak-session-helper-0:1.12.8-1.el9.aarch64",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-0:1.12.8-1.el9.i686 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.i686"
},
"product_reference": "flatpak-session-helper-0:1.12.8-1.el9.i686",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-0:1.12.8-1.el9.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.ppc64le"
},
"product_reference": "flatpak-session-helper-0:1.12.8-1.el9.ppc64le",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-0:1.12.8-1.el9.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.s390x"
},
"product_reference": "flatpak-session-helper-0:1.12.8-1.el9.s390x",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-0:1.12.8-1.el9.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.x86_64"
},
"product_reference": "flatpak-session-helper-0:1.12.8-1.el9.x86_64",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64"
},
"product_reference": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686"
},
"product_reference": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le"
},
"product_reference": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x"
},
"product_reference": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64"
},
"product_reference": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64"
},
"product_reference": "flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-tests-debuginfo-0:1.12.8-1.el9.i686 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.i686"
},
"product_reference": "flatpak-tests-debuginfo-0:1.12.8-1.el9.i686",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le"
},
"product_reference": "flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x"
},
"product_reference": "flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64"
},
"product_reference": "flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64",
"relates_to_product_reference": "CRB-9.3.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-28100",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-03-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2179220"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Flatpak, a system for building, distributing, and running sandboxed desktop applications on Linux. It contains a vulnerability similar to CVE-2017-5226 but using the `TIOCLINUX` ioctl command instead of `TIOCSTI.` If a Flatpak app is run on a Linux virtual console such as `/dev/tty1`, it can copy text from the virtual console and paste it into the command buffer, from which the command might be run after the Flatpak app has exited. Ordinary graphical terminal emulators like xterm, gnome-terminal, and Konsole are unaffected. This vulnerability is specific to the Linux virtual consoles `/dev/tty1`, `/dev/tty2`, and others.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flatpak: TIOCLINUX can send commands outside sandbox if running on a virtual console",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.src",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-selinux-0:1.12.8-1.el9.noarch",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.src",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-selinux-0:1.12.8-1.el9.noarch",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-28100"
},
{
"category": "external",
"summary": "RHBZ#2179220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-28100",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28100"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28100",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28100"
},
{
"category": "external",
"summary": "https://github.com/flatpak/flatpak/security/advisories/GHSA-7qpw-3vjv-xrqp",
"url": "https://github.com/flatpak/flatpak/security/advisories/GHSA-7qpw-3vjv-xrqp"
}
],
"release_date": "2023-03-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-07T08:49:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.src",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-selinux-0:1.12.8-1.el9.noarch",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.src",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-selinux-0:1.12.8-1.el9.noarch",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6518"
},
{
"category": "workaround",
"details": "Don\u0027t run Flatpak on a Linux virtual console. Flatpak is primarily designed to be used in a Wayland or X11 graphical environment.",
"product_ids": [
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.src",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-selinux-0:1.12.8-1.el9.noarch",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.src",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-selinux-0:1.12.8-1.el9.noarch",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.src",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-selinux-0:1.12.8-1.el9.noarch",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.src",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-selinux-0:1.12.8-1.el9.noarch",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "flatpak: TIOCLINUX can send commands outside sandbox if running on a virtual console"
},
{
"cve": "CVE-2023-28101",
"cwe": {
"id": "CWE-116",
"name": "Improper Encoding or Escaping of Output"
},
"discovery_date": "2023-03-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2179219"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Flatpak, a system for building, distributing, and running sandboxed desktop applications on Linux. Suppose an attacker publishes a Flatpak app with elevated permissions. In that case, they can hide those permissions from users of the `flatpak(1)` command-line interface by setting other permissions to crafted values that contain non-printable control characters such as `ESC.`",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flatpak: Metadata with ANSI control codes can cause misleading terminal output",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.src",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-selinux-0:1.12.8-1.el9.noarch",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.src",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-selinux-0:1.12.8-1.el9.noarch",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-28101"
},
{
"category": "external",
"summary": "RHBZ#2179219",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179219"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-28101",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28101"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28101",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28101"
},
{
"category": "external",
"summary": "https://github.com/flatpak/flatpak/security/advisories/GHSA-h43h-fwqx-mpp8",
"url": "https://github.com/flatpak/flatpak/security/advisories/GHSA-h43h-fwqx-mpp8"
}
],
"release_date": "2023-03-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-07T08:49:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.src",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-selinux-0:1.12.8-1.el9.noarch",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.src",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-selinux-0:1.12.8-1.el9.noarch",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6518"
},
{
"category": "workaround",
"details": "Use a GUI like GNOME Software rather than the command-line interface, or only install apps whose maintainers you trust.",
"product_ids": [
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.src",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-selinux-0:1.12.8-1.el9.noarch",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.src",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-selinux-0:1.12.8-1.el9.noarch",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.src",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-selinux-0:1.12.8-1.el9.noarch",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.src",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-selinux-0:1.12.8-1.el9.noarch",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "flatpak: Metadata with ANSI control codes can cause misleading terminal output"
}
]
}
RHSA-2023:7038
Vulnerability from csaf_redhat - Published: 2023-11-14 15:47 - Updated: 2025-11-21 18:50Summary
Red Hat Security Advisory: flatpak security, bug fix, and enhancement update
Severity
Moderate
Notes
Topic: An update for flatpak is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.
The following packages have been upgraded to a later upstream version: flatpak (1.10.8). (BZ#2222103)
Security Fix(es):
* flatpak: TIOCLINUX can send commands outside sandbox if running on a virtual console (CVE-2023-28100)
* flatpak: Metadata with ANSI control codes can cause misleading terminal output (CVE-2023-28101)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Flatpak, a system for building, distributing, and running sandboxed desktop applications on Linux. It contains a vulnerability similar to CVE-2017-5226 but using the `TIOCLINUX` ioctl command instead of `TIOCSTI.` If a Flatpak app is run on a Linux virtual console such as `/dev/tty1`, it can copy text from the virtual console and paste it into the command buffer, from which the command might be run after the Flatpak app has exited. Ordinary graphical terminal emulators like xterm, gnome-terminal, and Konsole are unaffected. This vulnerability is specific to the Linux virtual consoles `/dev/tty1`, `/dev/tty2`, and others.
6.5 (Medium)
Affected products
Fixed
94 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-selinux-0:1.10.8-1.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-selinux-0:1.10.8-1.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Flatpak, a system for building, distributing, and running sandboxed desktop applications on Linux. Suppose an attacker publishes a Flatpak app with elevated permissions. In that case, they can hide those permissions from users of the `flatpak(1)` command-line interface by setting other permissions to crafted values that contain non-printable control characters such as `ESC.`
6.2 (Medium)
Affected products
Fixed
94 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-selinux-0:1.10.8-1.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-selinux-0:1.10.8-1.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
17 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2023:7038 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://access.redhat.com/documentation/en-us/red… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2179219 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2179220 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2222103 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2023-28100 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2179220 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-28100 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-28100 | external |
| https://github.com/flatpak/flatpak/security/advis… | external |
| https://access.redhat.com/security/cve/CVE-2023-28101 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2179219 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-28101 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-28101 | external |
| https://github.com/flatpak/flatpak/security/advis… | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for flatpak is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.\n\nThe following packages have been upgraded to a later upstream version: flatpak (1.10.8). (BZ#2222103)\n\nSecurity Fix(es):\n\n* flatpak: TIOCLINUX can send commands outside sandbox if running on a virtual console (CVE-2023-28100)\n\n* flatpak: Metadata with ANSI control codes can cause misleading terminal output (CVE-2023-28101)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:7038",
"url": "https://access.redhat.com/errata/RHSA-2023:7038"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.9_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.9_release_notes/index"
},
{
"category": "external",
"summary": "2179219",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179219"
},
{
"category": "external",
"summary": "2179220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179220"
},
{
"category": "external",
"summary": "2222103",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222103"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7038.json"
}
],
"title": "Red Hat Security Advisory: flatpak security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2025-11-21T18:50:21+00:00",
"generator": {
"date": "2025-11-21T18:50:21+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2023:7038",
"initial_release_date": "2023-11-14T15:47:04+00:00",
"revision_history": [
{
"date": "2023-11-14T15:47:04+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-11-14T15:47:04+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:50:21+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat CodeReady Linux Builder (v. 8)",
"product": {
"name": "Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.9.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "flatpak-0:1.10.8-1.el8.i686",
"product": {
"name": "flatpak-0:1.10.8-1.el8.i686",
"product_id": "flatpak-0:1.10.8-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak@1.10.8-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "flatpak-devel-0:1.10.8-1.el8.i686",
"product": {
"name": "flatpak-devel-0:1.10.8-1.el8.i686",
"product_id": "flatpak-devel-0:1.10.8-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-devel@1.10.8-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "flatpak-session-helper-0:1.10.8-1.el8.i686",
"product": {
"name": "flatpak-session-helper-0:1.10.8-1.el8.i686",
"product_id": "flatpak-session-helper-0:1.10.8-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-session-helper@1.10.8-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "flatpak-debugsource-0:1.10.8-1.el8.i686",
"product": {
"name": "flatpak-debugsource-0:1.10.8-1.el8.i686",
"product_id": "flatpak-debugsource-0:1.10.8-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-debugsource@1.10.8-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "flatpak-debuginfo-0:1.10.8-1.el8.i686",
"product": {
"name": "flatpak-debuginfo-0:1.10.8-1.el8.i686",
"product_id": "flatpak-debuginfo-0:1.10.8-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-debuginfo@1.10.8-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "flatpak-libs-debuginfo-0:1.10.8-1.el8.i686",
"product": {
"name": "flatpak-libs-debuginfo-0:1.10.8-1.el8.i686",
"product_id": "flatpak-libs-debuginfo-0:1.10.8-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-libs-debuginfo@1.10.8-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "flatpak-session-helper-debuginfo-0:1.10.8-1.el8.i686",
"product": {
"name": "flatpak-session-helper-debuginfo-0:1.10.8-1.el8.i686",
"product_id": "flatpak-session-helper-debuginfo-0:1.10.8-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-session-helper-debuginfo@1.10.8-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "flatpak-tests-debuginfo-0:1.10.8-1.el8.i686",
"product": {
"name": "flatpak-tests-debuginfo-0:1.10.8-1.el8.i686",
"product_id": "flatpak-tests-debuginfo-0:1.10.8-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-tests-debuginfo@1.10.8-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "flatpak-libs-0:1.10.8-1.el8.i686",
"product": {
"name": "flatpak-libs-0:1.10.8-1.el8.i686",
"product_id": "flatpak-libs-0:1.10.8-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-libs@1.10.8-1.el8?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "flatpak-devel-0:1.10.8-1.el8.x86_64",
"product": {
"name": "flatpak-devel-0:1.10.8-1.el8.x86_64",
"product_id": "flatpak-devel-0:1.10.8-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-devel@1.10.8-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "flatpak-debugsource-0:1.10.8-1.el8.x86_64",
"product": {
"name": "flatpak-debugsource-0:1.10.8-1.el8.x86_64",
"product_id": "flatpak-debugsource-0:1.10.8-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-debugsource@1.10.8-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "flatpak-debuginfo-0:1.10.8-1.el8.x86_64",
"product": {
"name": "flatpak-debuginfo-0:1.10.8-1.el8.x86_64",
"product_id": "flatpak-debuginfo-0:1.10.8-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-debuginfo@1.10.8-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "flatpak-libs-debuginfo-0:1.10.8-1.el8.x86_64",
"product": {
"name": "flatpak-libs-debuginfo-0:1.10.8-1.el8.x86_64",
"product_id": "flatpak-libs-debuginfo-0:1.10.8-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-libs-debuginfo@1.10.8-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "flatpak-session-helper-debuginfo-0:1.10.8-1.el8.x86_64",
"product": {
"name": "flatpak-session-helper-debuginfo-0:1.10.8-1.el8.x86_64",
"product_id": "flatpak-session-helper-debuginfo-0:1.10.8-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-session-helper-debuginfo@1.10.8-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "flatpak-tests-debuginfo-0:1.10.8-1.el8.x86_64",
"product": {
"name": "flatpak-tests-debuginfo-0:1.10.8-1.el8.x86_64",
"product_id": "flatpak-tests-debuginfo-0:1.10.8-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-tests-debuginfo@1.10.8-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "flatpak-0:1.10.8-1.el8.x86_64",
"product": {
"name": "flatpak-0:1.10.8-1.el8.x86_64",
"product_id": "flatpak-0:1.10.8-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak@1.10.8-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "flatpak-libs-0:1.10.8-1.el8.x86_64",
"product": {
"name": "flatpak-libs-0:1.10.8-1.el8.x86_64",
"product_id": "flatpak-libs-0:1.10.8-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-libs@1.10.8-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "flatpak-session-helper-0:1.10.8-1.el8.x86_64",
"product": {
"name": "flatpak-session-helper-0:1.10.8-1.el8.x86_64",
"product_id": "flatpak-session-helper-0:1.10.8-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-session-helper@1.10.8-1.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "flatpak-devel-0:1.10.8-1.el8.aarch64",
"product": {
"name": "flatpak-devel-0:1.10.8-1.el8.aarch64",
"product_id": "flatpak-devel-0:1.10.8-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-devel@1.10.8-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "flatpak-debugsource-0:1.10.8-1.el8.aarch64",
"product": {
"name": "flatpak-debugsource-0:1.10.8-1.el8.aarch64",
"product_id": "flatpak-debugsource-0:1.10.8-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-debugsource@1.10.8-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "flatpak-debuginfo-0:1.10.8-1.el8.aarch64",
"product": {
"name": "flatpak-debuginfo-0:1.10.8-1.el8.aarch64",
"product_id": "flatpak-debuginfo-0:1.10.8-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-debuginfo@1.10.8-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "flatpak-libs-debuginfo-0:1.10.8-1.el8.aarch64",
"product": {
"name": "flatpak-libs-debuginfo-0:1.10.8-1.el8.aarch64",
"product_id": "flatpak-libs-debuginfo-0:1.10.8-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-libs-debuginfo@1.10.8-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "flatpak-session-helper-debuginfo-0:1.10.8-1.el8.aarch64",
"product": {
"name": "flatpak-session-helper-debuginfo-0:1.10.8-1.el8.aarch64",
"product_id": "flatpak-session-helper-debuginfo-0:1.10.8-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-session-helper-debuginfo@1.10.8-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "flatpak-tests-debuginfo-0:1.10.8-1.el8.aarch64",
"product": {
"name": "flatpak-tests-debuginfo-0:1.10.8-1.el8.aarch64",
"product_id": "flatpak-tests-debuginfo-0:1.10.8-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-tests-debuginfo@1.10.8-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "flatpak-0:1.10.8-1.el8.aarch64",
"product": {
"name": "flatpak-0:1.10.8-1.el8.aarch64",
"product_id": "flatpak-0:1.10.8-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak@1.10.8-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "flatpak-libs-0:1.10.8-1.el8.aarch64",
"product": {
"name": "flatpak-libs-0:1.10.8-1.el8.aarch64",
"product_id": "flatpak-libs-0:1.10.8-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-libs@1.10.8-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "flatpak-session-helper-0:1.10.8-1.el8.aarch64",
"product": {
"name": "flatpak-session-helper-0:1.10.8-1.el8.aarch64",
"product_id": "flatpak-session-helper-0:1.10.8-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-session-helper@1.10.8-1.el8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "flatpak-devel-0:1.10.8-1.el8.ppc64le",
"product": {
"name": "flatpak-devel-0:1.10.8-1.el8.ppc64le",
"product_id": "flatpak-devel-0:1.10.8-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-devel@1.10.8-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "flatpak-debugsource-0:1.10.8-1.el8.ppc64le",
"product": {
"name": "flatpak-debugsource-0:1.10.8-1.el8.ppc64le",
"product_id": "flatpak-debugsource-0:1.10.8-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-debugsource@1.10.8-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "flatpak-debuginfo-0:1.10.8-1.el8.ppc64le",
"product": {
"name": "flatpak-debuginfo-0:1.10.8-1.el8.ppc64le",
"product_id": "flatpak-debuginfo-0:1.10.8-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-debuginfo@1.10.8-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "flatpak-libs-debuginfo-0:1.10.8-1.el8.ppc64le",
"product": {
"name": "flatpak-libs-debuginfo-0:1.10.8-1.el8.ppc64le",
"product_id": "flatpak-libs-debuginfo-0:1.10.8-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-libs-debuginfo@1.10.8-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "flatpak-session-helper-debuginfo-0:1.10.8-1.el8.ppc64le",
"product": {
"name": "flatpak-session-helper-debuginfo-0:1.10.8-1.el8.ppc64le",
"product_id": "flatpak-session-helper-debuginfo-0:1.10.8-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-session-helper-debuginfo@1.10.8-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "flatpak-tests-debuginfo-0:1.10.8-1.el8.ppc64le",
"product": {
"name": "flatpak-tests-debuginfo-0:1.10.8-1.el8.ppc64le",
"product_id": "flatpak-tests-debuginfo-0:1.10.8-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-tests-debuginfo@1.10.8-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "flatpak-0:1.10.8-1.el8.ppc64le",
"product": {
"name": "flatpak-0:1.10.8-1.el8.ppc64le",
"product_id": "flatpak-0:1.10.8-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak@1.10.8-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "flatpak-libs-0:1.10.8-1.el8.ppc64le",
"product": {
"name": "flatpak-libs-0:1.10.8-1.el8.ppc64le",
"product_id": "flatpak-libs-0:1.10.8-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-libs@1.10.8-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "flatpak-session-helper-0:1.10.8-1.el8.ppc64le",
"product": {
"name": "flatpak-session-helper-0:1.10.8-1.el8.ppc64le",
"product_id": "flatpak-session-helper-0:1.10.8-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-session-helper@1.10.8-1.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "flatpak-devel-0:1.10.8-1.el8.s390x",
"product": {
"name": "flatpak-devel-0:1.10.8-1.el8.s390x",
"product_id": "flatpak-devel-0:1.10.8-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-devel@1.10.8-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "flatpak-debugsource-0:1.10.8-1.el8.s390x",
"product": {
"name": "flatpak-debugsource-0:1.10.8-1.el8.s390x",
"product_id": "flatpak-debugsource-0:1.10.8-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-debugsource@1.10.8-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "flatpak-debuginfo-0:1.10.8-1.el8.s390x",
"product": {
"name": "flatpak-debuginfo-0:1.10.8-1.el8.s390x",
"product_id": "flatpak-debuginfo-0:1.10.8-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-debuginfo@1.10.8-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "flatpak-libs-debuginfo-0:1.10.8-1.el8.s390x",
"product": {
"name": "flatpak-libs-debuginfo-0:1.10.8-1.el8.s390x",
"product_id": "flatpak-libs-debuginfo-0:1.10.8-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-libs-debuginfo@1.10.8-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "flatpak-session-helper-debuginfo-0:1.10.8-1.el8.s390x",
"product": {
"name": "flatpak-session-helper-debuginfo-0:1.10.8-1.el8.s390x",
"product_id": "flatpak-session-helper-debuginfo-0:1.10.8-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-session-helper-debuginfo@1.10.8-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "flatpak-tests-debuginfo-0:1.10.8-1.el8.s390x",
"product": {
"name": "flatpak-tests-debuginfo-0:1.10.8-1.el8.s390x",
"product_id": "flatpak-tests-debuginfo-0:1.10.8-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-tests-debuginfo@1.10.8-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "flatpak-0:1.10.8-1.el8.s390x",
"product": {
"name": "flatpak-0:1.10.8-1.el8.s390x",
"product_id": "flatpak-0:1.10.8-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak@1.10.8-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "flatpak-libs-0:1.10.8-1.el8.s390x",
"product": {
"name": "flatpak-libs-0:1.10.8-1.el8.s390x",
"product_id": "flatpak-libs-0:1.10.8-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-libs@1.10.8-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "flatpak-session-helper-0:1.10.8-1.el8.s390x",
"product": {
"name": "flatpak-session-helper-0:1.10.8-1.el8.s390x",
"product_id": "flatpak-session-helper-0:1.10.8-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-session-helper@1.10.8-1.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "flatpak-0:1.10.8-1.el8.src",
"product": {
"name": "flatpak-0:1.10.8-1.el8.src",
"product_id": "flatpak-0:1.10.8-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak@1.10.8-1.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "flatpak-selinux-0:1.10.8-1.el8.noarch",
"product": {
"name": "flatpak-selinux-0:1.10.8-1.el8.noarch",
"product_id": "flatpak-selinux-0:1.10.8-1.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-selinux@1.10.8-1.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-0:1.10.8-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.aarch64"
},
"product_reference": "flatpak-0:1.10.8-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-0:1.10.8-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.i686"
},
"product_reference": "flatpak-0:1.10.8-1.el8.i686",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-0:1.10.8-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.ppc64le"
},
"product_reference": "flatpak-0:1.10.8-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-0:1.10.8-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.s390x"
},
"product_reference": "flatpak-0:1.10.8-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-0:1.10.8-1.el8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.src"
},
"product_reference": "flatpak-0:1.10.8-1.el8.src",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-0:1.10.8-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.x86_64"
},
"product_reference": "flatpak-0:1.10.8-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debuginfo-0:1.10.8-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.aarch64"
},
"product_reference": "flatpak-debuginfo-0:1.10.8-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debuginfo-0:1.10.8-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.i686"
},
"product_reference": "flatpak-debuginfo-0:1.10.8-1.el8.i686",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debuginfo-0:1.10.8-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.ppc64le"
},
"product_reference": "flatpak-debuginfo-0:1.10.8-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debuginfo-0:1.10.8-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.s390x"
},
"product_reference": "flatpak-debuginfo-0:1.10.8-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debuginfo-0:1.10.8-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.x86_64"
},
"product_reference": "flatpak-debuginfo-0:1.10.8-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debugsource-0:1.10.8-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.aarch64"
},
"product_reference": "flatpak-debugsource-0:1.10.8-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debugsource-0:1.10.8-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.i686"
},
"product_reference": "flatpak-debugsource-0:1.10.8-1.el8.i686",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debugsource-0:1.10.8-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.ppc64le"
},
"product_reference": "flatpak-debugsource-0:1.10.8-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debugsource-0:1.10.8-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.s390x"
},
"product_reference": "flatpak-debugsource-0:1.10.8-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debugsource-0:1.10.8-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.x86_64"
},
"product_reference": "flatpak-debugsource-0:1.10.8-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-0:1.10.8-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.aarch64"
},
"product_reference": "flatpak-devel-0:1.10.8-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-0:1.10.8-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.i686"
},
"product_reference": "flatpak-devel-0:1.10.8-1.el8.i686",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-0:1.10.8-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.ppc64le"
},
"product_reference": "flatpak-devel-0:1.10.8-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-0:1.10.8-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.s390x"
},
"product_reference": "flatpak-devel-0:1.10.8-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-0:1.10.8-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.x86_64"
},
"product_reference": "flatpak-devel-0:1.10.8-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-0:1.10.8-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.aarch64"
},
"product_reference": "flatpak-libs-0:1.10.8-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-0:1.10.8-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.i686"
},
"product_reference": "flatpak-libs-0:1.10.8-1.el8.i686",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-0:1.10.8-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.ppc64le"
},
"product_reference": "flatpak-libs-0:1.10.8-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-0:1.10.8-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.s390x"
},
"product_reference": "flatpak-libs-0:1.10.8-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-0:1.10.8-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.x86_64"
},
"product_reference": "flatpak-libs-0:1.10.8-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-debuginfo-0:1.10.8-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.aarch64"
},
"product_reference": "flatpak-libs-debuginfo-0:1.10.8-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-debuginfo-0:1.10.8-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.i686"
},
"product_reference": "flatpak-libs-debuginfo-0:1.10.8-1.el8.i686",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-debuginfo-0:1.10.8-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.ppc64le"
},
"product_reference": "flatpak-libs-debuginfo-0:1.10.8-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-debuginfo-0:1.10.8-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.s390x"
},
"product_reference": "flatpak-libs-debuginfo-0:1.10.8-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-debuginfo-0:1.10.8-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.x86_64"
},
"product_reference": "flatpak-libs-debuginfo-0:1.10.8-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-selinux-0:1.10.8-1.el8.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:flatpak-selinux-0:1.10.8-1.el8.noarch"
},
"product_reference": "flatpak-selinux-0:1.10.8-1.el8.noarch",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-0:1.10.8-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.aarch64"
},
"product_reference": "flatpak-session-helper-0:1.10.8-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-0:1.10.8-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.i686"
},
"product_reference": "flatpak-session-helper-0:1.10.8-1.el8.i686",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-0:1.10.8-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.ppc64le"
},
"product_reference": "flatpak-session-helper-0:1.10.8-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-0:1.10.8-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.s390x"
},
"product_reference": "flatpak-session-helper-0:1.10.8-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-0:1.10.8-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.x86_64"
},
"product_reference": "flatpak-session-helper-0:1.10.8-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-debuginfo-0:1.10.8-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.aarch64"
},
"product_reference": "flatpak-session-helper-debuginfo-0:1.10.8-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-debuginfo-0:1.10.8-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.i686"
},
"product_reference": "flatpak-session-helper-debuginfo-0:1.10.8-1.el8.i686",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-debuginfo-0:1.10.8-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.ppc64le"
},
"product_reference": "flatpak-session-helper-debuginfo-0:1.10.8-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-debuginfo-0:1.10.8-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.s390x"
},
"product_reference": "flatpak-session-helper-debuginfo-0:1.10.8-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-debuginfo-0:1.10.8-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.x86_64"
},
"product_reference": "flatpak-session-helper-debuginfo-0:1.10.8-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-tests-debuginfo-0:1.10.8-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.aarch64"
},
"product_reference": "flatpak-tests-debuginfo-0:1.10.8-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-tests-debuginfo-0:1.10.8-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.i686"
},
"product_reference": "flatpak-tests-debuginfo-0:1.10.8-1.el8.i686",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-tests-debuginfo-0:1.10.8-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.ppc64le"
},
"product_reference": "flatpak-tests-debuginfo-0:1.10.8-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-tests-debuginfo-0:1.10.8-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.s390x"
},
"product_reference": "flatpak-tests-debuginfo-0:1.10.8-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-tests-debuginfo-0:1.10.8-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.x86_64"
},
"product_reference": "flatpak-tests-debuginfo-0:1.10.8-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-0:1.10.8-1.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.aarch64"
},
"product_reference": "flatpak-0:1.10.8-1.el8.aarch64",
"relates_to_product_reference": "CRB-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-0:1.10.8-1.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.i686"
},
"product_reference": "flatpak-0:1.10.8-1.el8.i686",
"relates_to_product_reference": "CRB-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-0:1.10.8-1.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.ppc64le"
},
"product_reference": "flatpak-0:1.10.8-1.el8.ppc64le",
"relates_to_product_reference": "CRB-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-0:1.10.8-1.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.s390x"
},
"product_reference": "flatpak-0:1.10.8-1.el8.s390x",
"relates_to_product_reference": "CRB-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-0:1.10.8-1.el8.src as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.src"
},
"product_reference": "flatpak-0:1.10.8-1.el8.src",
"relates_to_product_reference": "CRB-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-0:1.10.8-1.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.x86_64"
},
"product_reference": "flatpak-0:1.10.8-1.el8.x86_64",
"relates_to_product_reference": "CRB-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debuginfo-0:1.10.8-1.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.aarch64"
},
"product_reference": "flatpak-debuginfo-0:1.10.8-1.el8.aarch64",
"relates_to_product_reference": "CRB-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debuginfo-0:1.10.8-1.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.i686"
},
"product_reference": "flatpak-debuginfo-0:1.10.8-1.el8.i686",
"relates_to_product_reference": "CRB-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debuginfo-0:1.10.8-1.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.ppc64le"
},
"product_reference": "flatpak-debuginfo-0:1.10.8-1.el8.ppc64le",
"relates_to_product_reference": "CRB-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debuginfo-0:1.10.8-1.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.s390x"
},
"product_reference": "flatpak-debuginfo-0:1.10.8-1.el8.s390x",
"relates_to_product_reference": "CRB-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debuginfo-0:1.10.8-1.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.x86_64"
},
"product_reference": "flatpak-debuginfo-0:1.10.8-1.el8.x86_64",
"relates_to_product_reference": "CRB-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debugsource-0:1.10.8-1.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.aarch64"
},
"product_reference": "flatpak-debugsource-0:1.10.8-1.el8.aarch64",
"relates_to_product_reference": "CRB-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debugsource-0:1.10.8-1.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.i686"
},
"product_reference": "flatpak-debugsource-0:1.10.8-1.el8.i686",
"relates_to_product_reference": "CRB-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debugsource-0:1.10.8-1.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.ppc64le"
},
"product_reference": "flatpak-debugsource-0:1.10.8-1.el8.ppc64le",
"relates_to_product_reference": "CRB-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debugsource-0:1.10.8-1.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.s390x"
},
"product_reference": "flatpak-debugsource-0:1.10.8-1.el8.s390x",
"relates_to_product_reference": "CRB-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debugsource-0:1.10.8-1.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.x86_64"
},
"product_reference": "flatpak-debugsource-0:1.10.8-1.el8.x86_64",
"relates_to_product_reference": "CRB-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-0:1.10.8-1.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.aarch64"
},
"product_reference": "flatpak-devel-0:1.10.8-1.el8.aarch64",
"relates_to_product_reference": "CRB-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-0:1.10.8-1.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.i686"
},
"product_reference": "flatpak-devel-0:1.10.8-1.el8.i686",
"relates_to_product_reference": "CRB-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-0:1.10.8-1.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.ppc64le"
},
"product_reference": "flatpak-devel-0:1.10.8-1.el8.ppc64le",
"relates_to_product_reference": "CRB-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-0:1.10.8-1.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.s390x"
},
"product_reference": "flatpak-devel-0:1.10.8-1.el8.s390x",
"relates_to_product_reference": "CRB-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-0:1.10.8-1.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.x86_64"
},
"product_reference": "flatpak-devel-0:1.10.8-1.el8.x86_64",
"relates_to_product_reference": "CRB-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-0:1.10.8-1.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.aarch64"
},
"product_reference": "flatpak-libs-0:1.10.8-1.el8.aarch64",
"relates_to_product_reference": "CRB-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-0:1.10.8-1.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.i686"
},
"product_reference": "flatpak-libs-0:1.10.8-1.el8.i686",
"relates_to_product_reference": "CRB-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-0:1.10.8-1.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.ppc64le"
},
"product_reference": "flatpak-libs-0:1.10.8-1.el8.ppc64le",
"relates_to_product_reference": "CRB-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-0:1.10.8-1.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.s390x"
},
"product_reference": "flatpak-libs-0:1.10.8-1.el8.s390x",
"relates_to_product_reference": "CRB-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-0:1.10.8-1.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.x86_64"
},
"product_reference": "flatpak-libs-0:1.10.8-1.el8.x86_64",
"relates_to_product_reference": "CRB-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-debuginfo-0:1.10.8-1.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.aarch64"
},
"product_reference": "flatpak-libs-debuginfo-0:1.10.8-1.el8.aarch64",
"relates_to_product_reference": "CRB-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-debuginfo-0:1.10.8-1.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.i686"
},
"product_reference": "flatpak-libs-debuginfo-0:1.10.8-1.el8.i686",
"relates_to_product_reference": "CRB-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-debuginfo-0:1.10.8-1.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.ppc64le"
},
"product_reference": "flatpak-libs-debuginfo-0:1.10.8-1.el8.ppc64le",
"relates_to_product_reference": "CRB-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-debuginfo-0:1.10.8-1.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.s390x"
},
"product_reference": "flatpak-libs-debuginfo-0:1.10.8-1.el8.s390x",
"relates_to_product_reference": "CRB-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-debuginfo-0:1.10.8-1.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.x86_64"
},
"product_reference": "flatpak-libs-debuginfo-0:1.10.8-1.el8.x86_64",
"relates_to_product_reference": "CRB-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-selinux-0:1.10.8-1.el8.noarch as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.9.0.GA:flatpak-selinux-0:1.10.8-1.el8.noarch"
},
"product_reference": "flatpak-selinux-0:1.10.8-1.el8.noarch",
"relates_to_product_reference": "CRB-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-0:1.10.8-1.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.aarch64"
},
"product_reference": "flatpak-session-helper-0:1.10.8-1.el8.aarch64",
"relates_to_product_reference": "CRB-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-0:1.10.8-1.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.i686"
},
"product_reference": "flatpak-session-helper-0:1.10.8-1.el8.i686",
"relates_to_product_reference": "CRB-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-0:1.10.8-1.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.ppc64le"
},
"product_reference": "flatpak-session-helper-0:1.10.8-1.el8.ppc64le",
"relates_to_product_reference": "CRB-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-0:1.10.8-1.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.s390x"
},
"product_reference": "flatpak-session-helper-0:1.10.8-1.el8.s390x",
"relates_to_product_reference": "CRB-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-0:1.10.8-1.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.x86_64"
},
"product_reference": "flatpak-session-helper-0:1.10.8-1.el8.x86_64",
"relates_to_product_reference": "CRB-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-debuginfo-0:1.10.8-1.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.aarch64"
},
"product_reference": "flatpak-session-helper-debuginfo-0:1.10.8-1.el8.aarch64",
"relates_to_product_reference": "CRB-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-debuginfo-0:1.10.8-1.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.i686"
},
"product_reference": "flatpak-session-helper-debuginfo-0:1.10.8-1.el8.i686",
"relates_to_product_reference": "CRB-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-debuginfo-0:1.10.8-1.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.ppc64le"
},
"product_reference": "flatpak-session-helper-debuginfo-0:1.10.8-1.el8.ppc64le",
"relates_to_product_reference": "CRB-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-debuginfo-0:1.10.8-1.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.s390x"
},
"product_reference": "flatpak-session-helper-debuginfo-0:1.10.8-1.el8.s390x",
"relates_to_product_reference": "CRB-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-debuginfo-0:1.10.8-1.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.x86_64"
},
"product_reference": "flatpak-session-helper-debuginfo-0:1.10.8-1.el8.x86_64",
"relates_to_product_reference": "CRB-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-tests-debuginfo-0:1.10.8-1.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.aarch64"
},
"product_reference": "flatpak-tests-debuginfo-0:1.10.8-1.el8.aarch64",
"relates_to_product_reference": "CRB-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-tests-debuginfo-0:1.10.8-1.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.i686"
},
"product_reference": "flatpak-tests-debuginfo-0:1.10.8-1.el8.i686",
"relates_to_product_reference": "CRB-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-tests-debuginfo-0:1.10.8-1.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.ppc64le"
},
"product_reference": "flatpak-tests-debuginfo-0:1.10.8-1.el8.ppc64le",
"relates_to_product_reference": "CRB-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-tests-debuginfo-0:1.10.8-1.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.s390x"
},
"product_reference": "flatpak-tests-debuginfo-0:1.10.8-1.el8.s390x",
"relates_to_product_reference": "CRB-8.9.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-tests-debuginfo-0:1.10.8-1.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.x86_64"
},
"product_reference": "flatpak-tests-debuginfo-0:1.10.8-1.el8.x86_64",
"relates_to_product_reference": "CRB-8.9.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-28100",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-03-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2179220"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Flatpak, a system for building, distributing, and running sandboxed desktop applications on Linux. It contains a vulnerability similar to CVE-2017-5226 but using the `TIOCLINUX` ioctl command instead of `TIOCSTI.` If a Flatpak app is run on a Linux virtual console such as `/dev/tty1`, it can copy text from the virtual console and paste it into the command buffer, from which the command might be run after the Flatpak app has exited. Ordinary graphical terminal emulators like xterm, gnome-terminal, and Konsole are unaffected. This vulnerability is specific to the Linux virtual consoles `/dev/tty1`, `/dev/tty2`, and others.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flatpak: TIOCLINUX can send commands outside sandbox if running on a virtual console",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.src",
"AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-selinux-0:1.10.8-1.el8.noarch",
"AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.src",
"CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-selinux-0:1.10.8-1.el8.noarch",
"CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-28100"
},
{
"category": "external",
"summary": "RHBZ#2179220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-28100",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28100"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28100",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28100"
},
{
"category": "external",
"summary": "https://github.com/flatpak/flatpak/security/advisories/GHSA-7qpw-3vjv-xrqp",
"url": "https://github.com/flatpak/flatpak/security/advisories/GHSA-7qpw-3vjv-xrqp"
}
],
"release_date": "2023-03-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-14T15:47:04+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.src",
"AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-selinux-0:1.10.8-1.el8.noarch",
"AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.src",
"CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-selinux-0:1.10.8-1.el8.noarch",
"CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7038"
},
{
"category": "workaround",
"details": "Don\u0027t run Flatpak on a Linux virtual console. Flatpak is primarily designed to be used in a Wayland or X11 graphical environment.",
"product_ids": [
"AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.src",
"AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-selinux-0:1.10.8-1.el8.noarch",
"AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.src",
"CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-selinux-0:1.10.8-1.el8.noarch",
"CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.src",
"AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-selinux-0:1.10.8-1.el8.noarch",
"AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.src",
"CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-selinux-0:1.10.8-1.el8.noarch",
"CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "flatpak: TIOCLINUX can send commands outside sandbox if running on a virtual console"
},
{
"cve": "CVE-2023-28101",
"cwe": {
"id": "CWE-116",
"name": "Improper Encoding or Escaping of Output"
},
"discovery_date": "2023-03-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2179219"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Flatpak, a system for building, distributing, and running sandboxed desktop applications on Linux. Suppose an attacker publishes a Flatpak app with elevated permissions. In that case, they can hide those permissions from users of the `flatpak(1)` command-line interface by setting other permissions to crafted values that contain non-printable control characters such as `ESC.`",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flatpak: Metadata with ANSI control codes can cause misleading terminal output",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.src",
"AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-selinux-0:1.10.8-1.el8.noarch",
"AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.src",
"CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-selinux-0:1.10.8-1.el8.noarch",
"CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-28101"
},
{
"category": "external",
"summary": "RHBZ#2179219",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179219"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-28101",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28101"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28101",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28101"
},
{
"category": "external",
"summary": "https://github.com/flatpak/flatpak/security/advisories/GHSA-h43h-fwqx-mpp8",
"url": "https://github.com/flatpak/flatpak/security/advisories/GHSA-h43h-fwqx-mpp8"
}
],
"release_date": "2023-03-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-14T15:47:04+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.src",
"AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-selinux-0:1.10.8-1.el8.noarch",
"AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.src",
"CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-selinux-0:1.10.8-1.el8.noarch",
"CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7038"
},
{
"category": "workaround",
"details": "Use a GUI like GNOME Software rather than the command-line interface, or only install apps whose maintainers you trust.",
"product_ids": [
"AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.src",
"AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-selinux-0:1.10.8-1.el8.noarch",
"AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.src",
"CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-selinux-0:1.10.8-1.el8.noarch",
"CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.src",
"AppStream-8.9.0.GA:flatpak-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-selinux-0:1.10.8-1.el8.noarch",
"AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.x86_64",
"AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.aarch64",
"AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.i686",
"AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.ppc64le",
"AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.s390x",
"AppStream-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.src",
"CRB-8.9.0.GA:flatpak-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-debuginfo-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-debugsource-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-devel-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-libs-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-libs-debuginfo-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-selinux-0:1.10.8-1.el8.noarch",
"CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-session-helper-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-session-helper-debuginfo-0:1.10.8-1.el8.x86_64",
"CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.aarch64",
"CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.i686",
"CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.ppc64le",
"CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.s390x",
"CRB-8.9.0.GA:flatpak-tests-debuginfo-0:1.10.8-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "flatpak: Metadata with ANSI control codes can cause misleading terminal output"
}
]
}
RHSA-2023_6518
Vulnerability from csaf_redhat - Published: 2023-11-07 08:49 - Updated: 2024-11-22 23:57Summary
Red Hat Security Advisory: flatpak security, bug fix, and enhancement update
Severity
Moderate
Notes
Topic: An update for flatpak is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.
The following packages have been upgraded to a later upstream version: flatpak (1.12.8). (BZ#2221792)
Security Fix(es):
* flatpak: TIOCLINUX can send commands outside sandbox if running on a virtual console (CVE-2023-28100)
* flatpak: Metadata with ANSI control codes can cause misleading terminal output (CVE-2023-28101)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.3 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Flatpak, a system for building, distributing, and running sandboxed desktop applications on Linux. It contains a vulnerability similar to CVE-2017-5226 but using the `TIOCLINUX` ioctl command instead of `TIOCSTI.` If a Flatpak app is run on a Linux virtual console such as `/dev/tty1`, it can copy text from the virtual console and paste it into the command buffer, from which the command might be run after the Flatpak app has exited. Ordinary graphical terminal emulators like xterm, gnome-terminal, and Konsole are unaffected. This vulnerability is specific to the Linux virtual consoles `/dev/tty1`, `/dev/tty2`, and others.
6.5 (Medium)
Affected products
Fixed
94 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-selinux-0:1.12.8-1.el9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-selinux-0:1.12.8-1.el9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Flatpak, a system for building, distributing, and running sandboxed desktop applications on Linux. Suppose an attacker publishes a Flatpak app with elevated permissions. In that case, they can hide those permissions from users of the `flatpak(1)` command-line interface by setting other permissions to crafted values that contain non-printable control characters such as `ESC.`
6.2 (Medium)
Affected products
Fixed
94 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-selinux-0:1.12.8-1.el9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-selinux-0:1.12.8-1.el9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
17 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2023:6518 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://access.redhat.com/documentation/en-us/red… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2179219 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2179220 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2221792 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2023-28100 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2179220 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-28100 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-28100 | external |
| https://github.com/flatpak/flatpak/security/advis… | external |
| https://access.redhat.com/security/cve/CVE-2023-28101 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2179219 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-28101 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-28101 | external |
| https://github.com/flatpak/flatpak/security/advis… | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for flatpak is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.\n\nThe following packages have been upgraded to a later upstream version: flatpak (1.12.8). (BZ#2221792)\n\nSecurity Fix(es):\n\n* flatpak: TIOCLINUX can send commands outside sandbox if running on a virtual console (CVE-2023-28100)\n\n* flatpak: Metadata with ANSI control codes can cause misleading terminal output (CVE-2023-28101)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.3 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6518",
"url": "https://access.redhat.com/errata/RHSA-2023:6518"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.3_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.3_release_notes/index"
},
{
"category": "external",
"summary": "2179219",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179219"
},
{
"category": "external",
"summary": "2179220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179220"
},
{
"category": "external",
"summary": "2221792",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221792"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6518.json"
}
],
"title": "Red Hat Security Advisory: flatpak security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2024-11-22T23:57:12+00:00",
"generator": {
"date": "2024-11-22T23:57:12+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2023:6518",
"initial_release_date": "2023-11-07T08:49:11+00:00",
"revision_history": [
{
"date": "2023-11-07T08:49:11+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-11-07T08:49:11+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T23:57:12+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat CodeReady Linux Builder (v. 9)",
"product": {
"name": "Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "flatpak-0:1.12.8-1.el9.aarch64",
"product": {
"name": "flatpak-0:1.12.8-1.el9.aarch64",
"product_id": "flatpak-0:1.12.8-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak@1.12.8-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "flatpak-libs-0:1.12.8-1.el9.aarch64",
"product": {
"name": "flatpak-libs-0:1.12.8-1.el9.aarch64",
"product_id": "flatpak-libs-0:1.12.8-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-libs@1.12.8-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "flatpak-session-helper-0:1.12.8-1.el9.aarch64",
"product": {
"name": "flatpak-session-helper-0:1.12.8-1.el9.aarch64",
"product_id": "flatpak-session-helper-0:1.12.8-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-session-helper@1.12.8-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "flatpak-debugsource-0:1.12.8-1.el9.aarch64",
"product": {
"name": "flatpak-debugsource-0:1.12.8-1.el9.aarch64",
"product_id": "flatpak-debugsource-0:1.12.8-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-debugsource@1.12.8-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "flatpak-debuginfo-0:1.12.8-1.el9.aarch64",
"product": {
"name": "flatpak-debuginfo-0:1.12.8-1.el9.aarch64",
"product_id": "flatpak-debuginfo-0:1.12.8-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-debuginfo@1.12.8-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64",
"product": {
"name": "flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64",
"product_id": "flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-libs-debuginfo@1.12.8-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64",
"product": {
"name": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64",
"product_id": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-session-helper-debuginfo@1.12.8-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64",
"product": {
"name": "flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64",
"product_id": "flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-tests-debuginfo@1.12.8-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "flatpak-devel-0:1.12.8-1.el9.aarch64",
"product": {
"name": "flatpak-devel-0:1.12.8-1.el9.aarch64",
"product_id": "flatpak-devel-0:1.12.8-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-devel@1.12.8-1.el9?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "flatpak-0:1.12.8-1.el9.ppc64le",
"product": {
"name": "flatpak-0:1.12.8-1.el9.ppc64le",
"product_id": "flatpak-0:1.12.8-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak@1.12.8-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "flatpak-libs-0:1.12.8-1.el9.ppc64le",
"product": {
"name": "flatpak-libs-0:1.12.8-1.el9.ppc64le",
"product_id": "flatpak-libs-0:1.12.8-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-libs@1.12.8-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "flatpak-session-helper-0:1.12.8-1.el9.ppc64le",
"product": {
"name": "flatpak-session-helper-0:1.12.8-1.el9.ppc64le",
"product_id": "flatpak-session-helper-0:1.12.8-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-session-helper@1.12.8-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "flatpak-debugsource-0:1.12.8-1.el9.ppc64le",
"product": {
"name": "flatpak-debugsource-0:1.12.8-1.el9.ppc64le",
"product_id": "flatpak-debugsource-0:1.12.8-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-debugsource@1.12.8-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "flatpak-debuginfo-0:1.12.8-1.el9.ppc64le",
"product": {
"name": "flatpak-debuginfo-0:1.12.8-1.el9.ppc64le",
"product_id": "flatpak-debuginfo-0:1.12.8-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-debuginfo@1.12.8-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le",
"product": {
"name": "flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le",
"product_id": "flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-libs-debuginfo@1.12.8-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le",
"product": {
"name": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le",
"product_id": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-session-helper-debuginfo@1.12.8-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le",
"product": {
"name": "flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le",
"product_id": "flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-tests-debuginfo@1.12.8-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "flatpak-devel-0:1.12.8-1.el9.ppc64le",
"product": {
"name": "flatpak-devel-0:1.12.8-1.el9.ppc64le",
"product_id": "flatpak-devel-0:1.12.8-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-devel@1.12.8-1.el9?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "flatpak-0:1.12.8-1.el9.src",
"product": {
"name": "flatpak-0:1.12.8-1.el9.src",
"product_id": "flatpak-0:1.12.8-1.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak@1.12.8-1.el9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "flatpak-0:1.12.8-1.el9.x86_64",
"product": {
"name": "flatpak-0:1.12.8-1.el9.x86_64",
"product_id": "flatpak-0:1.12.8-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak@1.12.8-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "flatpak-libs-0:1.12.8-1.el9.x86_64",
"product": {
"name": "flatpak-libs-0:1.12.8-1.el9.x86_64",
"product_id": "flatpak-libs-0:1.12.8-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-libs@1.12.8-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "flatpak-session-helper-0:1.12.8-1.el9.x86_64",
"product": {
"name": "flatpak-session-helper-0:1.12.8-1.el9.x86_64",
"product_id": "flatpak-session-helper-0:1.12.8-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-session-helper@1.12.8-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "flatpak-debugsource-0:1.12.8-1.el9.x86_64",
"product": {
"name": "flatpak-debugsource-0:1.12.8-1.el9.x86_64",
"product_id": "flatpak-debugsource-0:1.12.8-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-debugsource@1.12.8-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "flatpak-debuginfo-0:1.12.8-1.el9.x86_64",
"product": {
"name": "flatpak-debuginfo-0:1.12.8-1.el9.x86_64",
"product_id": "flatpak-debuginfo-0:1.12.8-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-debuginfo@1.12.8-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64",
"product": {
"name": "flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64",
"product_id": "flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-libs-debuginfo@1.12.8-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64",
"product": {
"name": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64",
"product_id": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-session-helper-debuginfo@1.12.8-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64",
"product": {
"name": "flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64",
"product_id": "flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-tests-debuginfo@1.12.8-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "flatpak-devel-0:1.12.8-1.el9.x86_64",
"product": {
"name": "flatpak-devel-0:1.12.8-1.el9.x86_64",
"product_id": "flatpak-devel-0:1.12.8-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-devel@1.12.8-1.el9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "flatpak-libs-0:1.12.8-1.el9.i686",
"product": {
"name": "flatpak-libs-0:1.12.8-1.el9.i686",
"product_id": "flatpak-libs-0:1.12.8-1.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-libs@1.12.8-1.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "flatpak-debugsource-0:1.12.8-1.el9.i686",
"product": {
"name": "flatpak-debugsource-0:1.12.8-1.el9.i686",
"product_id": "flatpak-debugsource-0:1.12.8-1.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-debugsource@1.12.8-1.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "flatpak-debuginfo-0:1.12.8-1.el9.i686",
"product": {
"name": "flatpak-debuginfo-0:1.12.8-1.el9.i686",
"product_id": "flatpak-debuginfo-0:1.12.8-1.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-debuginfo@1.12.8-1.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "flatpak-libs-debuginfo-0:1.12.8-1.el9.i686",
"product": {
"name": "flatpak-libs-debuginfo-0:1.12.8-1.el9.i686",
"product_id": "flatpak-libs-debuginfo-0:1.12.8-1.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-libs-debuginfo@1.12.8-1.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686",
"product": {
"name": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686",
"product_id": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-session-helper-debuginfo@1.12.8-1.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "flatpak-tests-debuginfo-0:1.12.8-1.el9.i686",
"product": {
"name": "flatpak-tests-debuginfo-0:1.12.8-1.el9.i686",
"product_id": "flatpak-tests-debuginfo-0:1.12.8-1.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-tests-debuginfo@1.12.8-1.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "flatpak-0:1.12.8-1.el9.i686",
"product": {
"name": "flatpak-0:1.12.8-1.el9.i686",
"product_id": "flatpak-0:1.12.8-1.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak@1.12.8-1.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "flatpak-devel-0:1.12.8-1.el9.i686",
"product": {
"name": "flatpak-devel-0:1.12.8-1.el9.i686",
"product_id": "flatpak-devel-0:1.12.8-1.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-devel@1.12.8-1.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "flatpak-session-helper-0:1.12.8-1.el9.i686",
"product": {
"name": "flatpak-session-helper-0:1.12.8-1.el9.i686",
"product_id": "flatpak-session-helper-0:1.12.8-1.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-session-helper@1.12.8-1.el9?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "flatpak-0:1.12.8-1.el9.s390x",
"product": {
"name": "flatpak-0:1.12.8-1.el9.s390x",
"product_id": "flatpak-0:1.12.8-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak@1.12.8-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "flatpak-libs-0:1.12.8-1.el9.s390x",
"product": {
"name": "flatpak-libs-0:1.12.8-1.el9.s390x",
"product_id": "flatpak-libs-0:1.12.8-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-libs@1.12.8-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "flatpak-session-helper-0:1.12.8-1.el9.s390x",
"product": {
"name": "flatpak-session-helper-0:1.12.8-1.el9.s390x",
"product_id": "flatpak-session-helper-0:1.12.8-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-session-helper@1.12.8-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "flatpak-debugsource-0:1.12.8-1.el9.s390x",
"product": {
"name": "flatpak-debugsource-0:1.12.8-1.el9.s390x",
"product_id": "flatpak-debugsource-0:1.12.8-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-debugsource@1.12.8-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "flatpak-debuginfo-0:1.12.8-1.el9.s390x",
"product": {
"name": "flatpak-debuginfo-0:1.12.8-1.el9.s390x",
"product_id": "flatpak-debuginfo-0:1.12.8-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-debuginfo@1.12.8-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x",
"product": {
"name": "flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x",
"product_id": "flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-libs-debuginfo@1.12.8-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x",
"product": {
"name": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x",
"product_id": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-session-helper-debuginfo@1.12.8-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x",
"product": {
"name": "flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x",
"product_id": "flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-tests-debuginfo@1.12.8-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "flatpak-devel-0:1.12.8-1.el9.s390x",
"product": {
"name": "flatpak-devel-0:1.12.8-1.el9.s390x",
"product_id": "flatpak-devel-0:1.12.8-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-devel@1.12.8-1.el9?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "flatpak-selinux-0:1.12.8-1.el9.noarch",
"product": {
"name": "flatpak-selinux-0:1.12.8-1.el9.noarch",
"product_id": "flatpak-selinux-0:1.12.8-1.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flatpak-selinux@1.12.8-1.el9?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-0:1.12.8-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.aarch64"
},
"product_reference": "flatpak-0:1.12.8-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-0:1.12.8-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.i686"
},
"product_reference": "flatpak-0:1.12.8-1.el9.i686",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-0:1.12.8-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.ppc64le"
},
"product_reference": "flatpak-0:1.12.8-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-0:1.12.8-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.s390x"
},
"product_reference": "flatpak-0:1.12.8-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-0:1.12.8-1.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.src"
},
"product_reference": "flatpak-0:1.12.8-1.el9.src",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-0:1.12.8-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.x86_64"
},
"product_reference": "flatpak-0:1.12.8-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debuginfo-0:1.12.8-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.aarch64"
},
"product_reference": "flatpak-debuginfo-0:1.12.8-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debuginfo-0:1.12.8-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.i686"
},
"product_reference": "flatpak-debuginfo-0:1.12.8-1.el9.i686",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debuginfo-0:1.12.8-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.ppc64le"
},
"product_reference": "flatpak-debuginfo-0:1.12.8-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debuginfo-0:1.12.8-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.s390x"
},
"product_reference": "flatpak-debuginfo-0:1.12.8-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debuginfo-0:1.12.8-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.x86_64"
},
"product_reference": "flatpak-debuginfo-0:1.12.8-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debugsource-0:1.12.8-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.aarch64"
},
"product_reference": "flatpak-debugsource-0:1.12.8-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debugsource-0:1.12.8-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.i686"
},
"product_reference": "flatpak-debugsource-0:1.12.8-1.el9.i686",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debugsource-0:1.12.8-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.ppc64le"
},
"product_reference": "flatpak-debugsource-0:1.12.8-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debugsource-0:1.12.8-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.s390x"
},
"product_reference": "flatpak-debugsource-0:1.12.8-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debugsource-0:1.12.8-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.x86_64"
},
"product_reference": "flatpak-debugsource-0:1.12.8-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-0:1.12.8-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.aarch64"
},
"product_reference": "flatpak-devel-0:1.12.8-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-0:1.12.8-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.i686"
},
"product_reference": "flatpak-devel-0:1.12.8-1.el9.i686",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-0:1.12.8-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.ppc64le"
},
"product_reference": "flatpak-devel-0:1.12.8-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-0:1.12.8-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.s390x"
},
"product_reference": "flatpak-devel-0:1.12.8-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-0:1.12.8-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.x86_64"
},
"product_reference": "flatpak-devel-0:1.12.8-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-0:1.12.8-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.aarch64"
},
"product_reference": "flatpak-libs-0:1.12.8-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-0:1.12.8-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.i686"
},
"product_reference": "flatpak-libs-0:1.12.8-1.el9.i686",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-0:1.12.8-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.ppc64le"
},
"product_reference": "flatpak-libs-0:1.12.8-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-0:1.12.8-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.s390x"
},
"product_reference": "flatpak-libs-0:1.12.8-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-0:1.12.8-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.x86_64"
},
"product_reference": "flatpak-libs-0:1.12.8-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64"
},
"product_reference": "flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-debuginfo-0:1.12.8-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.i686"
},
"product_reference": "flatpak-libs-debuginfo-0:1.12.8-1.el9.i686",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le"
},
"product_reference": "flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x"
},
"product_reference": "flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64"
},
"product_reference": "flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-selinux-0:1.12.8-1.el9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-selinux-0:1.12.8-1.el9.noarch"
},
"product_reference": "flatpak-selinux-0:1.12.8-1.el9.noarch",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-0:1.12.8-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.aarch64"
},
"product_reference": "flatpak-session-helper-0:1.12.8-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-0:1.12.8-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.i686"
},
"product_reference": "flatpak-session-helper-0:1.12.8-1.el9.i686",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-0:1.12.8-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.ppc64le"
},
"product_reference": "flatpak-session-helper-0:1.12.8-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-0:1.12.8-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.s390x"
},
"product_reference": "flatpak-session-helper-0:1.12.8-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-0:1.12.8-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.x86_64"
},
"product_reference": "flatpak-session-helper-0:1.12.8-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64"
},
"product_reference": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686"
},
"product_reference": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le"
},
"product_reference": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x"
},
"product_reference": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64"
},
"product_reference": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64"
},
"product_reference": "flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-tests-debuginfo-0:1.12.8-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.i686"
},
"product_reference": "flatpak-tests-debuginfo-0:1.12.8-1.el9.i686",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le"
},
"product_reference": "flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x"
},
"product_reference": "flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64"
},
"product_reference": "flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-0:1.12.8-1.el9.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.aarch64"
},
"product_reference": "flatpak-0:1.12.8-1.el9.aarch64",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-0:1.12.8-1.el9.i686 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.i686"
},
"product_reference": "flatpak-0:1.12.8-1.el9.i686",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-0:1.12.8-1.el9.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.ppc64le"
},
"product_reference": "flatpak-0:1.12.8-1.el9.ppc64le",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-0:1.12.8-1.el9.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.s390x"
},
"product_reference": "flatpak-0:1.12.8-1.el9.s390x",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-0:1.12.8-1.el9.src as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.src"
},
"product_reference": "flatpak-0:1.12.8-1.el9.src",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-0:1.12.8-1.el9.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.x86_64"
},
"product_reference": "flatpak-0:1.12.8-1.el9.x86_64",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debuginfo-0:1.12.8-1.el9.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.aarch64"
},
"product_reference": "flatpak-debuginfo-0:1.12.8-1.el9.aarch64",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debuginfo-0:1.12.8-1.el9.i686 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.i686"
},
"product_reference": "flatpak-debuginfo-0:1.12.8-1.el9.i686",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debuginfo-0:1.12.8-1.el9.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.ppc64le"
},
"product_reference": "flatpak-debuginfo-0:1.12.8-1.el9.ppc64le",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debuginfo-0:1.12.8-1.el9.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.s390x"
},
"product_reference": "flatpak-debuginfo-0:1.12.8-1.el9.s390x",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debuginfo-0:1.12.8-1.el9.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.x86_64"
},
"product_reference": "flatpak-debuginfo-0:1.12.8-1.el9.x86_64",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debugsource-0:1.12.8-1.el9.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.aarch64"
},
"product_reference": "flatpak-debugsource-0:1.12.8-1.el9.aarch64",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debugsource-0:1.12.8-1.el9.i686 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.i686"
},
"product_reference": "flatpak-debugsource-0:1.12.8-1.el9.i686",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debugsource-0:1.12.8-1.el9.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.ppc64le"
},
"product_reference": "flatpak-debugsource-0:1.12.8-1.el9.ppc64le",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debugsource-0:1.12.8-1.el9.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.s390x"
},
"product_reference": "flatpak-debugsource-0:1.12.8-1.el9.s390x",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-debugsource-0:1.12.8-1.el9.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.x86_64"
},
"product_reference": "flatpak-debugsource-0:1.12.8-1.el9.x86_64",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-0:1.12.8-1.el9.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.aarch64"
},
"product_reference": "flatpak-devel-0:1.12.8-1.el9.aarch64",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-0:1.12.8-1.el9.i686 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.i686"
},
"product_reference": "flatpak-devel-0:1.12.8-1.el9.i686",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-0:1.12.8-1.el9.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.ppc64le"
},
"product_reference": "flatpak-devel-0:1.12.8-1.el9.ppc64le",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-0:1.12.8-1.el9.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.s390x"
},
"product_reference": "flatpak-devel-0:1.12.8-1.el9.s390x",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-devel-0:1.12.8-1.el9.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.x86_64"
},
"product_reference": "flatpak-devel-0:1.12.8-1.el9.x86_64",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-0:1.12.8-1.el9.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.aarch64"
},
"product_reference": "flatpak-libs-0:1.12.8-1.el9.aarch64",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-0:1.12.8-1.el9.i686 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.i686"
},
"product_reference": "flatpak-libs-0:1.12.8-1.el9.i686",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-0:1.12.8-1.el9.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.ppc64le"
},
"product_reference": "flatpak-libs-0:1.12.8-1.el9.ppc64le",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-0:1.12.8-1.el9.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.s390x"
},
"product_reference": "flatpak-libs-0:1.12.8-1.el9.s390x",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-0:1.12.8-1.el9.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.x86_64"
},
"product_reference": "flatpak-libs-0:1.12.8-1.el9.x86_64",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64"
},
"product_reference": "flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-debuginfo-0:1.12.8-1.el9.i686 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.i686"
},
"product_reference": "flatpak-libs-debuginfo-0:1.12.8-1.el9.i686",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le"
},
"product_reference": "flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x"
},
"product_reference": "flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64"
},
"product_reference": "flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-selinux-0:1.12.8-1.el9.noarch as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-selinux-0:1.12.8-1.el9.noarch"
},
"product_reference": "flatpak-selinux-0:1.12.8-1.el9.noarch",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-0:1.12.8-1.el9.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.aarch64"
},
"product_reference": "flatpak-session-helper-0:1.12.8-1.el9.aarch64",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-0:1.12.8-1.el9.i686 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.i686"
},
"product_reference": "flatpak-session-helper-0:1.12.8-1.el9.i686",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-0:1.12.8-1.el9.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.ppc64le"
},
"product_reference": "flatpak-session-helper-0:1.12.8-1.el9.ppc64le",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-0:1.12.8-1.el9.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.s390x"
},
"product_reference": "flatpak-session-helper-0:1.12.8-1.el9.s390x",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-0:1.12.8-1.el9.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.x86_64"
},
"product_reference": "flatpak-session-helper-0:1.12.8-1.el9.x86_64",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64"
},
"product_reference": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686"
},
"product_reference": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le"
},
"product_reference": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x"
},
"product_reference": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64"
},
"product_reference": "flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64"
},
"product_reference": "flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-tests-debuginfo-0:1.12.8-1.el9.i686 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.i686"
},
"product_reference": "flatpak-tests-debuginfo-0:1.12.8-1.el9.i686",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le"
},
"product_reference": "flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x"
},
"product_reference": "flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x",
"relates_to_product_reference": "CRB-9.3.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64"
},
"product_reference": "flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64",
"relates_to_product_reference": "CRB-9.3.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-28100",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-03-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2179220"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Flatpak, a system for building, distributing, and running sandboxed desktop applications on Linux. It contains a vulnerability similar to CVE-2017-5226 but using the `TIOCLINUX` ioctl command instead of `TIOCSTI.` If a Flatpak app is run on a Linux virtual console such as `/dev/tty1`, it can copy text from the virtual console and paste it into the command buffer, from which the command might be run after the Flatpak app has exited. Ordinary graphical terminal emulators like xterm, gnome-terminal, and Konsole are unaffected. This vulnerability is specific to the Linux virtual consoles `/dev/tty1`, `/dev/tty2`, and others.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flatpak: TIOCLINUX can send commands outside sandbox if running on a virtual console",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.src",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-selinux-0:1.12.8-1.el9.noarch",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.src",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-selinux-0:1.12.8-1.el9.noarch",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-28100"
},
{
"category": "external",
"summary": "RHBZ#2179220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-28100",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28100"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28100",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28100"
},
{
"category": "external",
"summary": "https://github.com/flatpak/flatpak/security/advisories/GHSA-7qpw-3vjv-xrqp",
"url": "https://github.com/flatpak/flatpak/security/advisories/GHSA-7qpw-3vjv-xrqp"
}
],
"release_date": "2023-03-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-07T08:49:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.src",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-selinux-0:1.12.8-1.el9.noarch",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.src",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-selinux-0:1.12.8-1.el9.noarch",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6518"
},
{
"category": "workaround",
"details": "Don\u0027t run Flatpak on a Linux virtual console. Flatpak is primarily designed to be used in a Wayland or X11 graphical environment.",
"product_ids": [
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.src",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-selinux-0:1.12.8-1.el9.noarch",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.src",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-selinux-0:1.12.8-1.el9.noarch",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.src",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-selinux-0:1.12.8-1.el9.noarch",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.src",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-selinux-0:1.12.8-1.el9.noarch",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "flatpak: TIOCLINUX can send commands outside sandbox if running on a virtual console"
},
{
"cve": "CVE-2023-28101",
"cwe": {
"id": "CWE-116",
"name": "Improper Encoding or Escaping of Output"
},
"discovery_date": "2023-03-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2179219"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Flatpak, a system for building, distributing, and running sandboxed desktop applications on Linux. Suppose an attacker publishes a Flatpak app with elevated permissions. In that case, they can hide those permissions from users of the `flatpak(1)` command-line interface by setting other permissions to crafted values that contain non-printable control characters such as `ESC.`",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flatpak: Metadata with ANSI control codes can cause misleading terminal output",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.src",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-selinux-0:1.12.8-1.el9.noarch",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.src",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-selinux-0:1.12.8-1.el9.noarch",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-28101"
},
{
"category": "external",
"summary": "RHBZ#2179219",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179219"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-28101",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28101"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28101",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28101"
},
{
"category": "external",
"summary": "https://github.com/flatpak/flatpak/security/advisories/GHSA-h43h-fwqx-mpp8",
"url": "https://github.com/flatpak/flatpak/security/advisories/GHSA-h43h-fwqx-mpp8"
}
],
"release_date": "2023-03-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-07T08:49:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.src",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-selinux-0:1.12.8-1.el9.noarch",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.src",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-selinux-0:1.12.8-1.el9.noarch",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6518"
},
{
"category": "workaround",
"details": "Use a GUI like GNOME Software rather than the command-line interface, or only install apps whose maintainers you trust.",
"product_ids": [
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.src",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-selinux-0:1.12.8-1.el9.noarch",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.src",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-selinux-0:1.12.8-1.el9.noarch",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.src",
"AppStream-9.3.0.GA:flatpak-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-selinux-0:1.12.8-1.el9.noarch",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.i686",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x",
"AppStream-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.src",
"CRB-9.3.0.GA:flatpak-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-debugsource-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-devel-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-libs-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-libs-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-selinux-0:1.12.8-1.el9.noarch",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-session-helper-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-session-helper-debuginfo-0:1.12.8-1.el9.x86_64",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.aarch64",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.i686",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.ppc64le",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.s390x",
"CRB-9.3.0.GA:flatpak-tests-debuginfo-0:1.12.8-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "flatpak: Metadata with ANSI control codes can cause misleading terminal output"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…