Today, new Debian security advisories were released addressing vulnerabilities in two widely used components: Flatpak and xdg-dbus-proxy.
Flatpak (DSA-6223-1)
A set of vulnerabilities (CVE-2026-34078, CVE-2026-34079) has been identified in Flatpak, the application sandboxing and deployment system used on many Linux desktops.
The issues could potentially allow a malicious Flatpak application to:
Delete or manipulate data on the host system
Escape the sandbox environment
Execute code in the host context
For Debian 12 (bookworm), this has been fixed in:
flatpak 1.14.10-1~deb12u2
Users are strongly advised to upgrade immediately if Flatpak is installed.
More details:
https://security-tracker.debian.org/tracker/flatpak
xdg-dbus-proxy (DSA-6224-1)
A vulnerability (CVE-2026-34080) was discovered in xdg-dbus-proxy, which is used to filter and control D-Bus communication between applications.
The flaw is related to incorrect parsing of policy rules and may allow:
Bypassing eavesdropping restrictions
Potential information disclosure between sandboxed applications
For Debian 12 (bookworm), this has been fixed in:
xdg-dbus-proxy 0.1.4-3+deb12u1
Users should update to the patched version as soon as possible.
More details:
https://security-tracker.debian.org/tra ... dbus-proxy
Recommendation
As always with security advisories of this type:
Apply updates promptly
Restart affected services or sessions if required
Ensure your system packages stay current via your package manager
Sandbox escape and policy bypass issues are particularly sensitive, as they weaken isolation boundaries that modern desktop systems rely on.
Stay safe and keep systems updated.