UbuntuUpdates.org

Package "golang-github-ubuntu-core-snappy-dev"

Name: golang-github-ubuntu-core-snappy-dev

Description:

transitional dummy package

Latest version: 2.48.3
Release: xenial (16.04)
Level: security
Repository: main
Head package: snapd
Homepage: https://github.com/snapcore/snapd

Links


Download "golang-github-ubuntu-core-snappy-dev"


Other versions of "golang-github-ubuntu-core-snappy-dev" in Xenial

Repository Area Version
base main 2.0.2
updates main 2.48.3

Changelog

Version: 2.48.3 2021-02-10 01:07:11 UTC

  snapd (2.48.3) xenial-security; urgency=medium

  * SECURITY UPDATE: sandbox escape vulnerability for containers
    (LP: #1910456)
    - many: add Delegate=true to generated systemd units for special
      interfaces
    - interfaces/greengrass-support: back-port interface changes to
      2.48
    - CVE-2020-27352
  * interfaces/builtin/docker-support: allow /run/containerd/s/...
    - This is a new path that docker 19.03.14 (with a new version of
      containerd) uses to avoid containerd CVE issues around the unix
      socket. See also CVE-2020-15257.

Source diff to previous version
CVE-2020-27352 RESERVED
CVE-2020-15257 containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.

Version: 2.45.1ubuntu0.2 2020-07-15 15:06:20 UTC

  snapd (2.45.1ubuntu0.2) xenial-security; urgency=medium

  * SECURITY UPDATE: sandbox escape vulnerability via snapctl user-open
    (xdg-open)
    - usersession/userd/launcher.go: remove XDG_DATA_DIRS environment
      variable modification when calling the system xdg-open. Patch
      thanks to James Henstridge
    - packaging/ubuntu-16.04/snapd.postinst: kill userd on upgrade so it
      may autostart on next use. Patch thanks to Michael Vogt
    - CVE-2020-11934
    - LP: #1880085

 -- Emilia Torino <email address hidden> Fri, 10 Jul 2020 10:40:52 -0300

Source diff to previous version

Version: 2.37.4ubuntu0.1 2019-03-21 21:06:22 UTC

  snapd (2.37.4ubuntu0.1) xenial-security; urgency=medium

  * No change rebuild for xenial-security (LP: #1812973)
    - CVE-2019-7303

 -- Jamie Strandboge <email address hidden> Fri, 15 Mar 2019 19:56:59 +0000

Source diff to previous version
CVE-2019-7303 RESERVED

Version: 2.34.2ubuntu0.1 2019-02-12 17:07:08 UTC

  snapd (2.34.2ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: local privilege escalation via improper input validation
    of socket peer credential (LP: #1813365)
    - daemon/ucrednet.go: utilize regex for validating and parsing remoteAddr.
      Patch thanks to John Lenton
    - CVE-YYYY-NNNN

 -- Jamie Strandboge <email address hidden> Tue, 29 Jan 2019 17:54:00 +0000

1813365 Local privilege escalation via snapd socket



About   -   Send Feedback to @ubuntu_updates