[ubuntu/focal-updates] snapd 2.54.3+20.04 (Accepted)

Ubuntu Archive Robot ubuntu-archive-robot at lists.canonical.com
Thu Feb 17 17:58:25 UTC 2022


snapd (2.54.3+20.04) focal-security; urgency=medium

  * SECURITY UPDATE: Sensitive information exposure
    - usersession/autostart: change ~/snap perms to 0700 on startup.
    - cmd: create ~/snap dir with 0700 perms.
    - CVE-2021-3155
    - LP: #1910298
  * SECURITY UPDATE: Local privilege escalation
    - snap-confine: Add validations of the location of the snap-confine
      binary within snapd.
    - snap-confine: Fix race condition in snap-confine when preparing a
      private mount namespace for a snap.
    - CVE-2021-44730
    - CVE-2021-44731
  * SECURITY UPDATE: Data injection from malicious snaps
    - interfaces: Add validations of snap content interface and layout
      paths in snapd.
    - CVE-2021-4120
    - LP: #1949368

Date: 2022-02-17 00:58:28.564586+00:00
Changed-By: Michael Vogt <michael.vogt at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/snapd/2.54.3+20.04
-------------- next part --------------
Sorry, changesfile not available.


More information about the Focal-changes mailing list