UbuntuUpdates.org

Package "snap-confine"

Name: snap-confine

Description:

Transitional package for snapd

Latest version: 2.63+20.04ubuntu0.1
Release: focal (20.04)
Level: security
Repository: universe
Head package: snapd
Homepage: https://github.com/snapcore/snapd

Links


Download "snap-confine"


Other versions of "snap-confine" in Focal

Repository Area Version
base universe 2.44.3+20.04
updates universe 2.65.3+20.04
proposed universe 2.66.1+20.04

Changelog

Version: 2.63+20.04ubuntu0.1 2024-08-01 07:07:18 UTC

  snapd (2.63+20.04ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: sandbox escape via $HOME/bin
    - interfaces/builtin/home: explicitly deny writing to @{HOME}/bin
    - CVE-2024-1724
  * SECURITY UPDATE: denial-of-service via crafted files in squashfs image
    - snap, snapdir, squashfs: improve validation of target file
      mode/types
    - CVE-2024-29068
  * SECURITY UPDATE: information disclosure via crafted symlinks in
    squashfs image
    - snap, snapdir, squashfs: improve external symlink validation
    - CVE-2024-29069
  * Fix FTBFS due to missing systemd from Build-Depends
    - debian/control: add systemd to Build-Depends to ensure pkg-config
      can find the systemdutildir to install into

 -- Alex Murray <email address hidden> Fri, 26 Jul 2024 12:28:53 +0930

Source diff to previous version
CVE-2024-1724 In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path.
CVE-2024-29068 In snapd versions prior to 2.62, snapd failed to properly check the file type when extracting a snap. The snap format is a squashfs file-system image
CVE-2024-29069 In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. The snap format is a squas

Version: 2.58+20.04.1 2023-05-31 09:25:37 UTC

  snapd (2.58+20.04.1) focal-security; urgency=medium

  * SECURITY UPDATE: possible sandbox escape via TIOCLINUX ioctl
    - interfaces/seccomp/template.go: block ioctl with TIOCLINUX. Patch
      from upstream. Graphical terminal emulators like xterm, gnome-terminal
      and others are not affected - this can only be exploited when snaps
      are run on a virtual console.
    - https://github.com/snapcore/snapd/pull/12849
    - CVE-2023-1523

 -- Alex Murray <email address hidden> Mon, 29 May 2023 21:39:27 +0930

Source diff to previous version

Version: 2.57.5+20.04ubuntu0.1 2022-12-01 04:06:30 UTC

  snapd (2.57.5+20.04ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: Local privilege escalation
    - snap-confine: Fix race condition in snap-confine when preparing a
      private tmp mount namespace for a snap
    - CVE-2022-3328

 -- Alex Murray <email address hidden> Mon, 28 Nov 2022 15:25:10 +1030

Source diff to previous version

Version: 2.54.3+20.04.1ubuntu0.2 2022-02-24 19:07:00 UTC

  snapd (2.54.3+20.04.1ubuntu0.2) focal-security; urgency=medium

  * SECURITY REGRESSION: Fix fish shell compatibility
    - data/env/snapd.fish.in: more workarounds for even older fish shells,
      provide reasonable defaults.
    - LP: #1961791

 -- Paulo Flabiano Smorigo <email address hidden> Wed, 23 Feb 2022 18:25:31 +0000

Source diff to previous version
1961791 2.54.3+21.10.1ubuntu0.1 broke Plasma Desktop when Fish is the default shell

Version: 2.54.3+20.04.1ubuntu0.1 2022-02-19 02:06:28 UTC

  snapd (2.54.3+20.04.1ubuntu0.1) focal-security; urgency=medium

  * SECURITY REGRESSION: Fix fish shell compatibility
    - data/env/snapd.fish.in: fix fish env for all versions of fish, unexport
      local vars, export XDG_DATA_DIRS.
    - LP: #1961365

 -- Paulo Flabiano Smorigo <email address hidden> Fri, 18 Feb 2022 21:31:48 +0000

1961365 2.54.3+18.04 update on bionic breaks fish shell



About   -   Send Feedback to @ubuntu_updates