UbuntuUpdates.org

Package "snap-confine"

Name: snap-confine

Description:

Transitional package for snapd

Latest version: 2.65.3+24.04
Release: noble (24.04)
Level: updates
Repository: universe
Head package: snapd
Homepage: https://github.com/snapcore/snapd

Links


Download "snap-confine"


Other versions of "snap-confine" in Noble

Repository Area Version
base universe 2.62+24.04build1
security universe 2.63+24.04ubuntu0.1

Changelog

Version: 2.65.3+24.04 2024-10-15 21:07:23 UTC

  snapd (2.65.3+24.04) noble; urgency=medium

  * New upstream release, LP: #2077473
    - Fix missing aux info from store on snap setup

Source diff to previous version
2077473 [SRU] 2.65.1

Version: 2.63.1+24.04 2024-08-22 15:07:07 UTC

  snapd (2.63.1+24.04) noble; urgency=medium

  * New upstream release, LP: #2061179
    - Improve snap-confine compatibility with nvidia drivers
    - steam-support interface: remove all AppArmor and seccomp
      restrictions to improve user experience
    - opengl interface: improve compatibility with nvidia drivers

 -- Ernest Lotter <email address hidden> Wed, 21 Aug 2024 00:39:59 +0200

Source diff to previous version
2061179 [SRU] 2.63

Version: 2.63+24.04ubuntu0.1 2024-08-01 10:07:17 UTC

  snapd (2.63+24.04ubuntu0.1) noble-security; urgency=medium

  * SECURITY UPDATE: sandbox escape via $HOME/bin
    - interfaces/builtin/home: explicitly deny writing to @{HOME}/bin
    - CVE-2024-1724
  * SECURITY UPDATE: denial-of-service via crafted files in squashfs image
    - snap, snapdir, squashfs: improve validation of target file
      mode/types
    - CVE-2024-29068
  * SECURITY UPDATE: information disclosure via crafted symlinks in
    squashfs image
    - snap, snapdir, squashfs: improve external symlink validation
    - CVE-2024-29069

 -- Alex Murray <email address hidden> Fri, 26 Jul 2024 12:02:26 +0930

Source diff to previous version
CVE-2024-1724 In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path.
CVE-2024-29068 In snapd versions prior to 2.62, snapd failed to properly check the file type when extracting a snap. The snap format is a squashfs file-system image
CVE-2024-29069 In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. The snap format is a squas

Version: 2.63+24.04 2024-06-13 15:07:05 UTC

  snapd (2.63+24.04) noble; urgency=medium

  * New upstream release, LP: #2061179
    - Support for snap services to show the current status of user
      services (experimental)
    - Refresh app awareness: record snap-run-inhibit notice when
      starting app from snap that is busy with refresh (experimental)
    - Refresh app awareness: use warnings as fallback for desktop
      notifications (experimental)
    - Aspect based configuration: make request fields in the aspect-
      bundle's rules optional (experimental)
    - Aspect based configuration: make map keys conform to the same
      format as path sub-keys (experimental)
    - Aspect based configuration: make unset and set behaviour similar
      to configuration options (experimental)
    - Aspect based configuration: limit nesting level for setting value
      (experimental)
    - Components: use symlinks to point active snap component revisions
    - Components: add model assertion support for components
    - Components: fix to ensure local component installation always gets
      a new revision number
    - Add basic support for a CIFS remote filesystem-based home
      directory
    - Add support for AppArmor profile kill mode to avoid snap-confine
      error
    - Allow more than one interface to grant access to the same API
      endpoint or notice type
    - Allow all snapd service's control group processes to send systemd
      notifications to prevent warnings flooding the log
    - Enable not preseeded single boot install
    - Update secboot to handle new sbatlevel
    - Fix to not use cgroup for non-strict confined snaps (devmode,
      classic)
    - Fix two race conditions relating to freedesktop notifications
    - Fix missing tunables in snap-update-ns AppArmor template
    - Fix rejection of snapd snap udev command line by older host snap-
      device-helper
    - Rework seccomp allow/deny list
    - Clean up files removed by gadgets
    - Remove non-viable boot chains to avoid secboot failure
    - posix_mq interface: add support for missing time64 mqueue syscalls
      mq_timedreceive_time64 and mq_timedsend_time64
    - password-manager-service interface: allow kwalletd version 6
    - kubernetes-support interface: allow SOCK_SEQPACKET sockets
    - system-observe interface: allow listing systemd units and their
      properties
    - opengl interface: enable use of nvidia container toolkit CDI
      config generation

 -- Ernest Lotter <email address hidden> Wed, 24 Apr 2024 02:00:39 +0200

2061179 [SRU] 2.63



About   -   Send Feedback to @ubuntu_updates