Package "snapd"
Name: |
snapd
|
Description: |
Daemon and tooling that enable snap packages
|
Latest version: |
2.63.1+24.04 |
Release: |
noble (24.04) |
Level: |
updates |
Repository: |
main |
Homepage: |
https://github.com/snapcore/snapd |
Links
Download "snapd"
Other versions of "snapd" in Noble
Changelog
snapd (2.63.1+24.04) noble; urgency=medium
* New upstream release, LP: #2061179
- Improve snap-confine compatibility with nvidia drivers
- steam-support interface: remove all AppArmor and seccomp
restrictions to improve user experience
- opengl interface: improve compatibility with nvidia drivers
-- Ernest Lotter <email address hidden> Wed, 21 Aug 2024 00:39:59 +0200
|
Source diff to previous version |
|
snapd (2.63+24.04ubuntu0.1) noble-security; urgency=medium
* SECURITY UPDATE: sandbox escape via $HOME/bin
- interfaces/builtin/home: explicitly deny writing to @{HOME}/bin
- CVE-2024-1724
* SECURITY UPDATE: denial-of-service via crafted files in squashfs image
- snap, snapdir, squashfs: improve validation of target file
mode/types
- CVE-2024-29068
* SECURITY UPDATE: information disclosure via crafted symlinks in
squashfs image
- snap, snapdir, squashfs: improve external symlink validation
- CVE-2024-29069
-- Alex Murray <email address hidden> Fri, 26 Jul 2024 12:02:26 +0930
|
Source diff to previous version |
CVE-2024-1724 |
In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. |
CVE-2024-29068 |
In snapd versions prior to 2.62, snapd failed to properly check the file type when extracting a snap. The snap format is a squashfs file-system image |
CVE-2024-29069 |
In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. The snap format is a squas |
|
snapd (2.63+24.04) noble; urgency=medium
* New upstream release, LP: #2061179
- Support for snap services to show the current status of user
services (experimental)
- Refresh app awareness: record snap-run-inhibit notice when
starting app from snap that is busy with refresh (experimental)
- Refresh app awareness: use warnings as fallback for desktop
notifications (experimental)
- Aspect based configuration: make request fields in the aspect-
bundle's rules optional (experimental)
- Aspect based configuration: make map keys conform to the same
format as path sub-keys (experimental)
- Aspect based configuration: make unset and set behaviour similar
to configuration options (experimental)
- Aspect based configuration: limit nesting level for setting value
(experimental)
- Components: use symlinks to point active snap component revisions
- Components: add model assertion support for components
- Components: fix to ensure local component installation always gets
a new revision number
- Add basic support for a CIFS remote filesystem-based home
directory
- Add support for AppArmor profile kill mode to avoid snap-confine
error
- Allow more than one interface to grant access to the same API
endpoint or notice type
- Allow all snapd service's control group processes to send systemd
notifications to prevent warnings flooding the log
- Enable not preseeded single boot install
- Update secboot to handle new sbatlevel
- Fix to not use cgroup for non-strict confined snaps (devmode,
classic)
- Fix two race conditions relating to freedesktop notifications
- Fix missing tunables in snap-update-ns AppArmor template
- Fix rejection of snapd snap udev command line by older host snap-
device-helper
- Rework seccomp allow/deny list
- Clean up files removed by gadgets
- Remove non-viable boot chains to avoid secboot failure
- posix_mq interface: add support for missing time64 mqueue syscalls
mq_timedreceive_time64 and mq_timedsend_time64
- password-manager-service interface: allow kwalletd version 6
- kubernetes-support interface: allow SOCK_SEQPACKET sockets
- system-observe interface: allow listing systemd units and their
properties
- opengl interface: enable use of nvidia container toolkit CDI
config generation
-- Ernest Lotter <email address hidden> Wed, 24 Apr 2024 02:00:39 +0200
|
|
About
-
Send Feedback to @ubuntu_updates