UbuntuUpdates.org

Package "snapd"

Name: snapd

Description:

Daemon and tooling that enable snap packages
Latest version: 2.48.3
Release: xenial (16.04)
Level: security
Repository: main
Homepage: https://github.com/snapcore/snapd

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "snapd"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "snapd" in Xenial

Repository Area Version
base universe 2.0.2
base main 2.0.2
security universe 2.48.3
updates universe 2.48.3
updates main 2.48.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.48.3 2021-02-10 01:07:11 UTC

  snapd (2.48.3) xenial-security; urgency=medium

  * SECURITY UPDATE: sandbox escape vulnerability for containers
    (LP: #1910456)
    - many: add Delegate=true to generated systemd units for special
      interfaces
    - interfaces/greengrass-support: back-port interface changes to
      2.48
    - CVE-2020-27352
  * interfaces/builtin/docker-support: allow /run/containerd/s/...
    - This is a new path that docker 19.03.14 (with a new version of
      containerd) uses to avoid containerd CVE issues around the unix
      socket. See also CVE-2020-15257.
Source diff to previous version
CVE-2020-27352 RESERVED
CVE-2020-15257 containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.

Version: 2.45.1ubuntu0.2 2020-07-15 15:06:20 UTC

  snapd (2.45.1ubuntu0.2) xenial-security; urgency=medium

  * SECURITY UPDATE: sandbox escape vulnerability via snapctl user-open
    (xdg-open)
    - usersession/userd/launcher.go: remove XDG_DATA_DIRS environment
      variable modification when calling the system xdg-open. Patch
      thanks to James Henstridge
    - packaging/ubuntu-16.04/snapd.postinst: kill userd on upgrade so it
      may autostart on next use. Patch thanks to Michael Vogt
    - CVE-2020-11934
    - LP: #1880085

 -- Emilia Torino <email address hidden> Fri, 10 Jul 2020 10:40:52 -0300
Source diff to previous version

Version: 2.37.4ubuntu0.1 2019-03-21 21:06:22 UTC

  snapd (2.37.4ubuntu0.1) xenial-security; urgency=medium

  * No change rebuild for xenial-security (LP: #1812973)
    - CVE-2019-7303

 -- Jamie Strandboge <email address hidden> Fri, 15 Mar 2019 19:56:59 +0000
Source diff to previous version
CVE-2019-7303 RESERVED

Version: 2.34.2ubuntu0.1 2019-02-12 17:07:08 UTC

  snapd (2.34.2ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: local privilege escalation via improper input validation
    of socket peer credential (LP: #1813365)
    - daemon/ucrednet.go: utilize regex for validating and parsing remoteAddr.
      Patch thanks to John Lenton
    - CVE-YYYY-NNNN

 -- Jamie Strandboge <email address hidden> Tue, 29 Jan 2019 17:54:00 +0000
1813365 Local privilege escalation via snapd socket


About   -   Send Feedback to @ubuntu_updates