Security update for flatpak SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2022:0712-1 Final 1 1 2022-03-04T08:31:25Z current 2022-03-04T08:31:25Z 2022-03-04T08:31:25Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for flatpak This update for flatpak fixes the following issues: Update to flatpak 1.10.7: - CVE-2022-21682: Introduce new option --nofilesystem=host:reset to support flatpak-builder 1.2.2 (bsc#1194611). - CVE-2021-43860: A malicious repository could hav sent invalid application metadata in a way that hides some of the app permissions displayed during installation (bsc#1194610). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2022-712,SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-712,SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-712,SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-712,SUSE-SLE-Product-RT-15-SP2-2022-712,SUSE-SLE-Product-SLES-15-SP2-BCL-2022-712,SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-712,SUSE-SLE-Product-SLES_SAP-15-SP2-2022-712,SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-712,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-712,SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-712,SUSE-Storage-7-2022-712 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2022/suse-su-20220712-1/ Link for SUSE-SU-2022:0712-1 https://lists.suse.com/pipermail/sle-security-updates/2022-March/010349.html E-Mail link for SUSE-SU-2022:0712-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1194610 SUSE Bug 1194610 https://bugzilla.suse.com/1194611 SUSE Bug 1194611 https://www.suse.com/security/cve/CVE-2021-43860/ SUSE CVE CVE-2021-43860 page https://www.suse.com/security/cve/CVE-2022-21682/ SUSE CVE CVE-2022-21682 page SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS SUSE Linux Enterprise Module for Desktop Applications 15 SP3 SUSE Linux Enterprise Real Time 15 SP2 SUSE Linux Enterprise Server 15 SP2-BCL SUSE Linux Enterprise Server 15 SP2-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 flatpak-1.10.7-4.12.1 flatpak-devel-1.10.7-4.12.1 flatpak-zsh-completion-1.10.7-4.12.1 libflatpak0-1.10.7-4.12.1 system-user-flatpak-1.10.7-4.12.1 typelib-1_0-Flatpak-1_0-1.10.7-4.12.1 flatpak-1.10.7-4.12.1 as a component of SUSE Enterprise Storage 7 flatpak-devel-1.10.7-4.12.1 as a component of SUSE Enterprise Storage 7 flatpak-zsh-completion-1.10.7-4.12.1 as a component of SUSE Enterprise Storage 7 libflatpak0-1.10.7-4.12.1 as a component of SUSE Enterprise Storage 7 system-user-flatpak-1.10.7-4.12.1 as a component of SUSE Enterprise Storage 7 typelib-1_0-Flatpak-1_0-1.10.7-4.12.1 as a component of SUSE Enterprise Storage 7 flatpak-1.10.7-4.12.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS flatpak-devel-1.10.7-4.12.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS flatpak-zsh-completion-1.10.7-4.12.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS libflatpak0-1.10.7-4.12.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS system-user-flatpak-1.10.7-4.12.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS typelib-1_0-Flatpak-1_0-1.10.7-4.12.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS flatpak-1.10.7-4.12.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS flatpak-devel-1.10.7-4.12.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS flatpak-zsh-completion-1.10.7-4.12.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS libflatpak0-1.10.7-4.12.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS system-user-flatpak-1.10.7-4.12.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS typelib-1_0-Flatpak-1_0-1.10.7-4.12.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS flatpak-1.10.7-4.12.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP3 flatpak-devel-1.10.7-4.12.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP3 flatpak-zsh-completion-1.10.7-4.12.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP3 libflatpak0-1.10.7-4.12.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP3 system-user-flatpak-1.10.7-4.12.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP3 typelib-1_0-Flatpak-1_0-1.10.7-4.12.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP3 flatpak-1.10.7-4.12.1 as a component of SUSE Linux Enterprise Real Time 15 SP2 flatpak-devel-1.10.7-4.12.1 as a component of SUSE Linux Enterprise Real Time 15 SP2 flatpak-zsh-completion-1.10.7-4.12.1 as a component of SUSE Linux Enterprise Real Time 15 SP2 libflatpak0-1.10.7-4.12.1 as a component of SUSE Linux Enterprise Real Time 15 SP2 system-user-flatpak-1.10.7-4.12.1 as a component of SUSE Linux Enterprise Real Time 15 SP2 typelib-1_0-Flatpak-1_0-1.10.7-4.12.1 as a component of SUSE Linux Enterprise Real Time 15 SP2 flatpak-1.10.7-4.12.1 as a component of SUSE Linux Enterprise Server 15 SP2-BCL flatpak-devel-1.10.7-4.12.1 as a component of SUSE Linux Enterprise Server 15 SP2-BCL flatpak-zsh-completion-1.10.7-4.12.1 as a component of SUSE Linux Enterprise Server 15 SP2-BCL libflatpak0-1.10.7-4.12.1 as a component of SUSE Linux Enterprise Server 15 SP2-BCL system-user-flatpak-1.10.7-4.12.1 as a component of SUSE Linux Enterprise Server 15 SP2-BCL typelib-1_0-Flatpak-1_0-1.10.7-4.12.1 as a component of SUSE Linux Enterprise Server 15 SP2-BCL flatpak-1.10.7-4.12.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS flatpak-devel-1.10.7-4.12.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS flatpak-zsh-completion-1.10.7-4.12.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS libflatpak0-1.10.7-4.12.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS system-user-flatpak-1.10.7-4.12.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS typelib-1_0-Flatpak-1_0-1.10.7-4.12.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS flatpak-1.10.7-4.12.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 flatpak-devel-1.10.7-4.12.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 flatpak-zsh-completion-1.10.7-4.12.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 libflatpak0-1.10.7-4.12.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 system-user-flatpak-1.10.7-4.12.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 typelib-1_0-Flatpak-1_0-1.10.7-4.12.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 flatpak-1.10.7-4.12.1 as a component of SUSE Manager Proxy 4.1 flatpak-devel-1.10.7-4.12.1 as a component of SUSE Manager Proxy 4.1 flatpak-zsh-completion-1.10.7-4.12.1 as a component of SUSE Manager Proxy 4.1 libflatpak0-1.10.7-4.12.1 as a component of SUSE Manager Proxy 4.1 system-user-flatpak-1.10.7-4.12.1 as a component of SUSE Manager Proxy 4.1 typelib-1_0-Flatpak-1_0-1.10.7-4.12.1 as a component of SUSE Manager Proxy 4.1 flatpak-1.10.7-4.12.1 as a component of SUSE Manager Retail Branch Server 4.1 flatpak-devel-1.10.7-4.12.1 as a component of SUSE Manager Retail Branch Server 4.1 flatpak-zsh-completion-1.10.7-4.12.1 as a component of SUSE Manager Retail Branch Server 4.1 libflatpak0-1.10.7-4.12.1 as a component of SUSE Manager Retail Branch Server 4.1 system-user-flatpak-1.10.7-4.12.1 as a component of SUSE Manager Retail Branch Server 4.1 typelib-1_0-Flatpak-1_0-1.10.7-4.12.1 as a component of SUSE Manager Retail Branch Server 4.1 flatpak-1.10.7-4.12.1 as a component of SUSE Manager Server 4.1 flatpak-devel-1.10.7-4.12.1 as a component of SUSE Manager Server 4.1 flatpak-zsh-completion-1.10.7-4.12.1 as a component of SUSE Manager Server 4.1 libflatpak0-1.10.7-4.12.1 as a component of SUSE Manager Server 4.1 system-user-flatpak-1.10.7-4.12.1 as a component of SUSE Manager Server 4.1 typelib-1_0-Flatpak-1_0-1.10.7-4.12.1 as a component of SUSE Manager Server 4.1 Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1.10.6, Flatpak doesn't properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to the app at runtime, in the case that there's a null byte in the metadata file of an app. Therefore apps can grant themselves permissions without the consent of the user. Flatpak shows permissions to the user during install by reading them from the "xa.metadata" key in the commit metadata. This cannot contain a null terminator, because it is an untrusted GVariant. Flatpak compares these permissions to the *actual* metadata, from the "metadata" file to ensure it wasn't lied to. However, the actual metadata contents are loaded in several places where they are read as simple C-style strings. That means that, if the metadata file includes a null terminator, only the content of the file from *before* the terminator gets compared to xa.metadata. Thus, any permissions that appear in the metadata file after a null terminator are applied at runtime but not shown to the user. So maliciously crafted apps can give themselves hidden permissions. Users who have Flatpaks installed from untrusted sources are at risk in case the Flatpak has a maliciously crafted metadata file, either initially or in an update. This issue is patched in versions 1.12.3 and 1.10.6. As a workaround, users can manually check the permissions of installed apps by checking the metadata file or the xa.metadata key on the commit metadata. CVE-2021-43860 SUSE Enterprise Storage 7:flatpak-1.10.7-4.12.1 SUSE Enterprise Storage 7:flatpak-devel-1.10.7-4.12.1 SUSE Enterprise Storage 7:flatpak-zsh-completion-1.10.7-4.12.1 SUSE Enterprise Storage 7:libflatpak0-1.10.7-4.12.1 SUSE Enterprise Storage 7:system-user-flatpak-1.10.7-4.12.1 SUSE Enterprise Storage 7:typelib-1_0-Flatpak-1_0-1.10.7-4.12.1 SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:flatpak-1.10.7-4.12.1 SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:flatpak-devel-1.10.7-4.12.1 SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:flatpak-zsh-completion-1.10.7-4.12.1 SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:libflatpak0-1.10.7-4.12.1 SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:system-user-flatpak-1.10.7-4.12.1 SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:typelib-1_0-Flatpak-1_0-1.10.7-4.12.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:flatpak-1.10.7-4.12.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:flatpak-devel-1.10.7-4.12.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:flatpak-zsh-completion-1.10.7-4.12.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libflatpak0-1.10.7-4.12.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:system-user-flatpak-1.10.7-4.12.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:typelib-1_0-Flatpak-1_0-1.10.7-4.12.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP3:flatpak-1.10.7-4.12.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP3:flatpak-devel-1.10.7-4.12.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP3:flatpak-zsh-completion-1.10.7-4.12.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libflatpak0-1.10.7-4.12.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP3:system-user-flatpak-1.10.7-4.12.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP3:typelib-1_0-Flatpak-1_0-1.10.7-4.12.1 SUSE Linux Enterprise Real Time 15 SP2:flatpak-1.10.7-4.12.1 SUSE Linux Enterprise Real Time 15 SP2:flatpak-devel-1.10.7-4.12.1 SUSE Linux Enterprise Real Time 15 SP2:flatpak-zsh-completion-1.10.7-4.12.1 SUSE Linux Enterprise Real Time 15 SP2:libflatpak0-1.10.7-4.12.1 SUSE Linux Enterprise Real Time 15 SP2:system-user-flatpak-1.10.7-4.12.1 SUSE Linux Enterprise Real Time 15 SP2:typelib-1_0-Flatpak-1_0-1.10.7-4.12.1 SUSE Linux Enterprise Server 15 SP2-BCL:flatpak-1.10.7-4.12.1 SUSE Linux Enterprise Server 15 SP2-BCL:flatpak-devel-1.10.7-4.12.1 SUSE Linux Enterprise Server 15 SP2-BCL:flatpak-zsh-completion-1.10.7-4.12.1 SUSE Linux Enterprise Server 15 SP2-BCL:libflatpak0-1.10.7-4.12.1 SUSE Linux Enterprise Server 15 SP2-BCL:system-user-flatpak-1.10.7-4.12.1 SUSE Linux Enterprise Server 15 SP2-BCL:typelib-1_0-Flatpak-1_0-1.10.7-4.12.1 SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-1.10.7-4.12.1 SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-devel-1.10.7-4.12.1 SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-zsh-completion-1.10.7-4.12.1 SUSE Linux Enterprise Server 15 SP2-LTSS:libflatpak0-1.10.7-4.12.1 SUSE Linux Enterprise Server 15 SP2-LTSS:system-user-flatpak-1.10.7-4.12.1 SUSE Linux Enterprise Server 15 SP2-LTSS:typelib-1_0-Flatpak-1_0-1.10.7-4.12.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:flatpak-1.10.7-4.12.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:flatpak-devel-1.10.7-4.12.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:flatpak-zsh-completion-1.10.7-4.12.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:libflatpak0-1.10.7-4.12.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:system-user-flatpak-1.10.7-4.12.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:typelib-1_0-Flatpak-1_0-1.10.7-4.12.1 SUSE Manager Proxy 4.1:flatpak-1.10.7-4.12.1 SUSE Manager Proxy 4.1:flatpak-devel-1.10.7-4.12.1 SUSE Manager Proxy 4.1:flatpak-zsh-completion-1.10.7-4.12.1 SUSE Manager Proxy 4.1:libflatpak0-1.10.7-4.12.1 SUSE Manager Proxy 4.1:system-user-flatpak-1.10.7-4.12.1 SUSE Manager Proxy 4.1:typelib-1_0-Flatpak-1_0-1.10.7-4.12.1 SUSE Manager Retail Branch Server 4.1:flatpak-1.10.7-4.12.1 SUSE Manager Retail Branch Server 4.1:flatpak-devel-1.10.7-4.12.1 SUSE Manager Retail Branch Server 4.1:flatpak-zsh-completion-1.10.7-4.12.1 SUSE Manager Retail Branch Server 4.1:libflatpak0-1.10.7-4.12.1 SUSE Manager Retail Branch Server 4.1:system-user-flatpak-1.10.7-4.12.1 SUSE Manager Retail Branch Server 4.1:typelib-1_0-Flatpak-1_0-1.10.7-4.12.1 SUSE Manager Server 4.1:flatpak-1.10.7-4.12.1 SUSE Manager Server 4.1:flatpak-devel-1.10.7-4.12.1 SUSE Manager Server 4.1:flatpak-zsh-completion-1.10.7-4.12.1 SUSE Manager Server 4.1:libflatpak0-1.10.7-4.12.1 SUSE Manager Server 4.1:system-user-flatpak-1.10.7-4.12.1 SUSE Manager Server 4.1:typelib-1_0-Flatpak-1_0-1.10.7-4.12.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20220712-1/ https://www.suse.com/security/cve/CVE-2021-43860.html CVE-2021-43860 https://bugzilla.suse.com/1194610 SUSE Bug 1194610 Flatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability affects versions of Flatpak prior to 1.12.3 and 1.10.6. flatpak-builder applies `finish-args` last in the build. At this point the build directory will have the full access that is specified in the manifest, so running `flatpak build` against it will gain those permissions. Normally this will not be done, so this is not problem. However, if `--mirror-screenshots-url` is specified, then flatpak-builder will launch `flatpak build --nofilesystem=host appstream-utils mirror-screenshots` after finalization, which can lead to issues even with the `--nofilesystem=host` protection. In normal use, the only issue is that these empty directories can be created wherever the user has write permissions. However, a malicious application could replace the `appstream-util` binary and potentially do something more hostile. This has been resolved in Flatpak 1.12.3 and 1.10.6 by changing the behaviour of `--nofilesystem=home` and `--nofilesystem=host`. CVE-2022-21682 SUSE Enterprise Storage 7:flatpak-1.10.7-4.12.1 SUSE Enterprise Storage 7:flatpak-devel-1.10.7-4.12.1 SUSE Enterprise Storage 7:flatpak-zsh-completion-1.10.7-4.12.1 SUSE Enterprise Storage 7:libflatpak0-1.10.7-4.12.1 SUSE Enterprise Storage 7:system-user-flatpak-1.10.7-4.12.1 SUSE Enterprise Storage 7:typelib-1_0-Flatpak-1_0-1.10.7-4.12.1 SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:flatpak-1.10.7-4.12.1 SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:flatpak-devel-1.10.7-4.12.1 SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:flatpak-zsh-completion-1.10.7-4.12.1 SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:libflatpak0-1.10.7-4.12.1 SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:system-user-flatpak-1.10.7-4.12.1 SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:typelib-1_0-Flatpak-1_0-1.10.7-4.12.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:flatpak-1.10.7-4.12.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:flatpak-devel-1.10.7-4.12.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:flatpak-zsh-completion-1.10.7-4.12.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libflatpak0-1.10.7-4.12.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:system-user-flatpak-1.10.7-4.12.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:typelib-1_0-Flatpak-1_0-1.10.7-4.12.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP3:flatpak-1.10.7-4.12.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP3:flatpak-devel-1.10.7-4.12.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP3:flatpak-zsh-completion-1.10.7-4.12.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libflatpak0-1.10.7-4.12.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP3:system-user-flatpak-1.10.7-4.12.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP3:typelib-1_0-Flatpak-1_0-1.10.7-4.12.1 SUSE Linux Enterprise Real Time 15 SP2:flatpak-1.10.7-4.12.1 SUSE Linux Enterprise Real Time 15 SP2:flatpak-devel-1.10.7-4.12.1 SUSE Linux Enterprise Real Time 15 SP2:flatpak-zsh-completion-1.10.7-4.12.1 SUSE Linux Enterprise Real Time 15 SP2:libflatpak0-1.10.7-4.12.1 SUSE Linux Enterprise Real Time 15 SP2:system-user-flatpak-1.10.7-4.12.1 SUSE Linux Enterprise Real Time 15 SP2:typelib-1_0-Flatpak-1_0-1.10.7-4.12.1 SUSE Linux Enterprise Server 15 SP2-BCL:flatpak-1.10.7-4.12.1 SUSE Linux Enterprise Server 15 SP2-BCL:flatpak-devel-1.10.7-4.12.1 SUSE Linux Enterprise Server 15 SP2-BCL:flatpak-zsh-completion-1.10.7-4.12.1 SUSE Linux Enterprise Server 15 SP2-BCL:libflatpak0-1.10.7-4.12.1 SUSE Linux Enterprise Server 15 SP2-BCL:system-user-flatpak-1.10.7-4.12.1 SUSE Linux Enterprise Server 15 SP2-BCL:typelib-1_0-Flatpak-1_0-1.10.7-4.12.1 SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-1.10.7-4.12.1 SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-devel-1.10.7-4.12.1 SUSE Linux Enterprise Server 15 SP2-LTSS:flatpak-zsh-completion-1.10.7-4.12.1 SUSE Linux Enterprise Server 15 SP2-LTSS:libflatpak0-1.10.7-4.12.1 SUSE Linux Enterprise Server 15 SP2-LTSS:system-user-flatpak-1.10.7-4.12.1 SUSE Linux Enterprise Server 15 SP2-LTSS:typelib-1_0-Flatpak-1_0-1.10.7-4.12.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:flatpak-1.10.7-4.12.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:flatpak-devel-1.10.7-4.12.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:flatpak-zsh-completion-1.10.7-4.12.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:libflatpak0-1.10.7-4.12.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:system-user-flatpak-1.10.7-4.12.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:typelib-1_0-Flatpak-1_0-1.10.7-4.12.1 SUSE Manager Proxy 4.1:flatpak-1.10.7-4.12.1 SUSE Manager Proxy 4.1:flatpak-devel-1.10.7-4.12.1 SUSE Manager Proxy 4.1:flatpak-zsh-completion-1.10.7-4.12.1 SUSE Manager Proxy 4.1:libflatpak0-1.10.7-4.12.1 SUSE Manager Proxy 4.1:system-user-flatpak-1.10.7-4.12.1 SUSE Manager Proxy 4.1:typelib-1_0-Flatpak-1_0-1.10.7-4.12.1 SUSE Manager Retail Branch Server 4.1:flatpak-1.10.7-4.12.1 SUSE Manager Retail Branch Server 4.1:flatpak-devel-1.10.7-4.12.1 SUSE Manager Retail Branch Server 4.1:flatpak-zsh-completion-1.10.7-4.12.1 SUSE Manager Retail Branch Server 4.1:libflatpak0-1.10.7-4.12.1 SUSE Manager Retail Branch Server 4.1:system-user-flatpak-1.10.7-4.12.1 SUSE Manager Retail Branch Server 4.1:typelib-1_0-Flatpak-1_0-1.10.7-4.12.1 SUSE Manager Server 4.1:flatpak-1.10.7-4.12.1 SUSE Manager Server 4.1:flatpak-devel-1.10.7-4.12.1 SUSE Manager Server 4.1:flatpak-zsh-completion-1.10.7-4.12.1 SUSE Manager Server 4.1:libflatpak0-1.10.7-4.12.1 SUSE Manager Server 4.1:system-user-flatpak-1.10.7-4.12.1 SUSE Manager Server 4.1:typelib-1_0-Flatpak-1_0-1.10.7-4.12.1 important 4 AV:N/AC:L/Au:S/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20220712-1/ https://www.suse.com/security/cve/CVE-2022-21682.html CVE-2022-21682 https://bugzilla.suse.com/1194611 SUSE Bug 1194611 https://bugzilla.suse.com/1194703 SUSE Bug 1194703