[ubuntu/noble-security] snapd 2.63+24.04ubuntu0.1 (Accepted)
Alex Murray
alex.murray at canonical.com
Thu Aug 1 05:21:16 UTC 2024
snapd (2.63+24.04ubuntu0.1) noble-security; urgency=medium
* SECURITY UPDATE: sandbox escape via $HOME/bin
- interfaces/builtin/home: explicitly deny writing to @{HOME}/bin
- CVE-2024-1724
* SECURITY UPDATE: denial-of-service via crafted files in squashfs image
- snap, snapdir, squashfs: improve validation of target file
mode/types
- CVE-2024-29068
* SECURITY UPDATE: information disclosure via crafted symlinks in
squashfs image
- snap, snapdir, squashfs: improve external symlink validation
- CVE-2024-29069
Date: 2024-07-29 15:03:24.064114+00:00
Changed-By: Alex Murray <alex.murray at canonical.com>
https://launchpad.net/ubuntu/+source/snapd/2.63+24.04ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the noble-changes
mailing list