{ "schema_version": "1.7.0", "id": "MGASA-2026-0133", "published": "2026-05-14T02:43:25Z", "modified": "2026-05-14T01:40:53Z", "summary": "Updated flatpak packages fix security vulnerabilities", "details": "Complete sandbox escape leading to host file access and code execution\nin the host context. (CVE-2026-34078)\nArbitrary file deletion on the host filesystem. (CVE-2026-34079)\n", "upstream": [ "CVE-2026-34078", "CVE-2026-34079" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2026-0133.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=35336" }, { "type": "WEB", "url": "https://www.openwall.com/lists/oss-security/2026/04/09/3" }, { "type": "ADVISORY", "url": "https://github.com/flatpak/flatpak/security/advisories/GHSA-cc2q-qc34-jprg" }, { "type": "ADVISORY", "url": "https://github.com/flatpak/flatpak/security/advisories/GHSA-p29x-r292-46pp" }, { "type": "ADVISORY", "url": "https://github.com/flatpak/flatpak/security/advisories/GHSA-2fxp-43j9-pwvc" }, { "type": "ADVISORY", "url": "https://github.com/flatpak/flatpak/security/advisories/GHSA-89xm-3m96-w3jg" }, { "type": "WEB", "url": "https://lists.debian.org/debian-security-announce/2026/msg00133.html" } ], "affected": [ { "package": { "ecosystem": "Mageia:9", "name": "flatpak", "purl": "pkg:rpm/mageia/flatpak?arch=source&distro=mageia-9" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "1.14.10-1.1.mga9" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }