UbuntuUpdates.org

Package "snap-confine"

Name: snap-confine

Description:

Transitional package for snapd

Latest version: 2.58+18.04.1
Release: bionic (18.04)
Level: security
Repository: universe
Head package: snapd
Homepage: https://github.com/snapcore/snapd

Links


Download "snap-confine"


Other versions of "snap-confine" in Bionic

Repository Area Version
base universe 2.32.5+18.04
updates universe 2.58+18.04.1

Changelog

Version: 2.58+18.04.1 2023-05-31 03:07:09 UTC

  snapd (2.58+18.04.1) bionic-security; urgency=medium

  * SECURITY UPDATE: possible sandbox escape via TIOCLINUX ioctl
    - interfaces/seccomp/template.go: block ioctl with TIOCLINUX. Patch
      from upstream. Graphical terminal emulators like xterm, gnome-terminal
      and others are not affected - this can only be exploited when snaps
      are run on a virtual console.
    - https://github.com/snapcore/snapd/pull/12849
    - CVE-2023-1523

 -- Alex Murray <email address hidden> Mon, 29 May 2023 21:40:12 +0930

Source diff to previous version

Version: 2.57.5+18.04ubuntu0.1 2022-12-01 04:06:24 UTC

  snapd (2.57.5+18.04ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Local privilege escalation
    - snap-confine: Fix race condition in snap-confine when preparing a
      private tmp mount namespace for a snap
    - CVE-2022-3328

 -- Alex Murray <email address hidden> Mon, 28 Nov 2022 15:26:53 +1030

Source diff to previous version

Version: 2.54.3+18.04.2ubuntu0.2 2022-02-23 23:06:18 UTC

  snapd (2.54.3+18.04.2ubuntu0.2) bionic-security; urgency=medium

  * SECURITY REGRESSION: Fix fish shell compatibility
    - data/env/snapd.fish.in: more workarounds for even older fish shells,
      provide reasonable defaults.
    - LP: #1961791

 -- Paulo Flabiano Smorigo <email address hidden> Wed, 23 Feb 2022 18:29:05 +0000

Source diff to previous version
1961791 2.54.3+21.10.1ubuntu0.1 broke Plasma Desktop when Fish is the default shell

Version: 2.54.3+18.04.2ubuntu0.1 2022-02-19 02:06:24 UTC

  snapd (2.54.3+18.04.2ubuntu0.1) bionic-security; urgency=medium

  * SECURITY REGRESSION: Fix fish shell compatibility
    - data/env/snapd.fish.in: fix fish env for all versions of fish, unexport
      local vars, export XDG_DATA_DIRS.
    - LP: #1961365

 -- Paulo Flabiano Smorigo <email address hidden> Fri, 18 Feb 2022 14:06:51 +0000

Source diff to previous version
1961365 2.54.3+18.04 update on bionic breaks fish shell

Version: 2.54.3+18.04 2022-02-17 18:09:49 UTC

  snapd (2.54.3+18.04) bionic-security; urgency=medium

  * SECURITY UPDATE: Sensitive information exposure
    - usersession/autostart: change ~/snap perms to 0700 on startup.
    - cmd: create ~/snap dir with 0700 perms.
    - CVE-2021-3155
    - LP: #1910298
  * SECURITY UPDATE: Local privilege escalation
    - snap-confine: Add validations of the location of the snap-confine
      binary within snapd.
    - snap-confine: Fix race condition in snap-confine when preparing a
      private mount namespace for a snap.
    - CVE-2021-44730
    - CVE-2021-44731
  * SECURITY UPDATE: Data injection from malicious snaps
    - interfaces: Add validations of snap content interface and layout
      paths in snapd.
    - CVE-2021-4120
    - LP: #1949368

 -- Michael Vogt <email address hidden> Tue, 15 Feb 2022 17:45:13 +0100

1910298 ~/snap directory should be o0700
CVE-2021-3155 RESERVED
CVE-2021-44730 RESERVED
CVE-2021-44731 RESERVED
CVE-2021-4120 RESERVED



About   -   Send Feedback to @ubuntu_updates