[ubuntu/impish-security] snapd 2.54.3+21.10.1 (Accepted)
Paulo Flabiano Smorigo
pfsmorigo at canonical.com
Thu Feb 17 17:07:15 UTC 2022
snapd (2.54.3+21.10.1) impish-security; urgency=medium
* SECURITY UPDATE: Sensitive information exposure
- usersession/autostart: change ~/snap perms to 0700 on startup.
- cmd: create ~/snap dir with 0700 perms.
- CVE-2021-3155
- LP: #1910298
* SECURITY UPDATE: Local privilege escalation
- snap-confine: Add validations of the location of the snap-confine
binary within snapd.
- snap-confine: Fix race condition in snap-confine when preparing a
private mount namespace for a snap.
- CVE-2021-44730
- CVE-2021-44731
* SECURITY UPDATE: Data injection from malicious snaps
- interfaces: Add validations of snap content interface and layout
paths in snapd.
- CVE-2021-4120
- LP: #1949368
Date: 2022-02-17 01:05:10.770351+00:00
Changed-By: Michael Vogt <michael.vogt at canonical.com>
Signed-By: Paulo Flabiano Smorigo <pfsmorigo at canonical.com>
https://launchpad.net/ubuntu/+source/snapd/2.54.3+21.10.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the impish-changes
mailing list