UbuntuUpdates.org

Package "snapd"

Name: snapd

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Transitional package for snapd-xdg-open
  • transitional dummy package
  • transitional dummy package

Latest version: 2.48.3
Release: xenial (16.04)
Level: security
Repository: universe

Links



Other versions of "snapd" in Xenial

Repository Area Version
base universe 2.0.2
base main 2.0.2
security main 2.48.3
updates universe 2.48.3
updates main 2.48.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.48.3 2021-02-10 01:07:12 UTC

  snapd (2.48.3) xenial-security; urgency=medium

  * SECURITY UPDATE: sandbox escape vulnerability for containers
    (LP: #1910456)
    - many: add Delegate=true to generated systemd units for special
      interfaces
    - interfaces/greengrass-support: back-port interface changes to
      2.48
    - CVE-2020-27352
  * interfaces/builtin/docker-support: allow /run/containerd/s/...
    - This is a new path that docker 19.03.14 (with a new version of
      containerd) uses to avoid containerd CVE issues around the unix
      socket. See also CVE-2020-15257.

Source diff to previous version
CVE-2020-27352 RESERVED
CVE-2020-15257 containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.

Version: 2.45.1ubuntu0.2 2020-07-15 15:06:23 UTC

  snapd (2.45.1ubuntu0.2) xenial-security; urgency=medium

  * SECURITY UPDATE: sandbox escape vulnerability via snapctl user-open
    (xdg-open)
    - usersession/userd/launcher.go: remove XDG_DATA_DIRS environment
      variable modification when calling the system xdg-open. Patch
      thanks to James Henstridge
    - packaging/ubuntu-16.04/snapd.postinst: kill userd on upgrade so it
      may autostart on next use. Patch thanks to Michael Vogt
    - CVE-2020-11934
    - LP: #1880085

 -- Emilia Torino <email address hidden> Fri, 10 Jul 2020 10:40:52 -0300

Source diff to previous version

Version: 2.37.4ubuntu0.1 2019-03-21 21:06:23 UTC

  snapd (2.37.4ubuntu0.1) xenial-security; urgency=medium

  * No change rebuild for xenial-security (LP: #1812973)
    - CVE-2019-7303

 -- Jamie Strandboge <email address hidden> Fri, 15 Mar 2019 19:56:59 +0000

Source diff to previous version
CVE-2019-7303 RESERVED

Version: 2.34.2ubuntu0.1 2019-02-12 17:07:10 UTC

  snapd (2.34.2ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: local privilege escalation via improper input validation
    of socket peer credential (LP: #1813365)
    - daemon/ucrednet.go: utilize regex for validating and parsing remoteAddr.
      Patch thanks to John Lenton
    - CVE-YYYY-NNNN

 -- Jamie Strandboge <email address hidden> Tue, 29 Jan 2019 17:54:00 +0000

1813365 Local privilege escalation via snapd socket



About   -   Send Feedback to @ubuntu_updates