UbuntuUpdates.org

Package "snapd"

Name: snapd

Description:

Daemon and tooling that enable snap packages

Latest version: 2.45.1ubuntu0.2
Release: xenial (16.04)
Level: security
Repository: main
Homepage: https://github.com/snapcore/snapd

Links


Download "snapd"


Other versions of "snapd" in Xenial

Repository Area Version
base universe 2.0.2
base main 2.0.2
security universe 2.45.1ubuntu0.2
updates main 2.45.1ubuntu0.2
updates universe 2.45.1ubuntu0.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.45.1ubuntu0.2 2020-07-15 15:06:20 UTC

  snapd (2.45.1ubuntu0.2) xenial-security; urgency=medium

  * SECURITY UPDATE: sandbox escape vulnerability via snapctl user-open
    (xdg-open)
    - usersession/userd/launcher.go: remove XDG_DATA_DIRS environment
      variable modification when calling the system xdg-open. Patch
      thanks to James Henstridge
    - packaging/ubuntu-16.04/snapd.postinst: kill userd on upgrade so it
      may autostart on next use. Patch thanks to Michael Vogt
    - CVE-2020-11934
    - LP: #1880085

 -- Emilia Torino <email address hidden> Fri, 10 Jul 2020 10:40:52 -0300

Source diff to previous version

Version: 2.37.4ubuntu0.1 2019-03-21 21:06:22 UTC

  snapd (2.37.4ubuntu0.1) xenial-security; urgency=medium

  * No change rebuild for xenial-security (LP: #1812973)
    - CVE-2019-7303

 -- Jamie Strandboge <email address hidden> Fri, 15 Mar 2019 19:56:59 +0000

Source diff to previous version
CVE-2019-7303 RESERVED

Version: 2.34.2ubuntu0.1 2019-02-12 17:07:08 UTC

  snapd (2.34.2ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: local privilege escalation via improper input validation
    of socket peer credential (LP: #1813365)
    - daemon/ucrednet.go: utilize regex for validating and parsing remoteAddr.
      Patch thanks to John Lenton
    - CVE-YYYY-NNNN

 -- Jamie Strandboge <email address hidden> Tue, 29 Jan 2019 17:54:00 +0000

1813365 Local privilege escalation via snapd socket



About   -   Send Feedback to @ubuntu_updates