[ubuntu/impish-security] snapd 2.54.3+21.10.1 (Accepted)

Paulo Flabiano Smorigo pfsmorigo at canonical.com
Thu Feb 17 17:07:15 UTC 2022

snapd (2.54.3+21.10.1) impish-security; urgency=medium

  * SECURITY UPDATE: Sensitive information exposure
    - usersession/autostart: change ~/snap perms to 0700 on startup.
    - cmd: create ~/snap dir with 0700 perms.
    - CVE-2021-3155
    - LP: #1910298
  * SECURITY UPDATE: Local privilege escalation
    - snap-confine: Add validations of the location of the snap-confine
      binary within snapd.
    - snap-confine: Fix race condition in snap-confine when preparing a
      private mount namespace for a snap.
    - CVE-2021-44730
    - CVE-2021-44731
  * SECURITY UPDATE: Data injection from malicious snaps
    - interfaces: Add validations of snap content interface and layout
      paths in snapd.
    - CVE-2021-4120
    - LP: #1949368

Date: 2022-02-17 01:05:10.770351+00:00
Changed-By: Michael Vogt <michael.vogt at canonical.com>
Signed-By: Paulo Flabiano Smorigo <pfsmorigo at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the impish-changes mailing list