Fedora 34 Critical: FEDORA-2022-82bea71e5a Snapd Security Fix

Snappy is a modern, cross-distribution, transactional package manager

designed for working with self-contained, immutable packages.

Update to 2.54.3. Cherry pick misc SELinux policy fixes. Fixes for

CVE-2021-44731, CVE-2021-44730, CVE-2021-4120.

* Thu Feb 17 2022 Maciek Borzecki - 2.54.3-1

- Release 2.54.3 to Fedora

- Cherry pick SELinux policy fixes for RHBZ#1944390, RHBZ#2043160, RHBZ#2043161,

RHBZ#2046358, RHBZ#2046363, RHBZ#2046361, RHBZ#2046364, RHBZ#2046365,

RHBZ#2051594, RHBZ#2043902, RHBZ#1944390

* Tue Feb 15 2022 Michael Vogt

- New upstream release 2.54.3

- bugfixes

[ 1 ] Bug #2056058 - CVE-2021-44731 snapd: Race condition in snap-confine's setup_private_mount()

https://bugzilla.redhat.com/show_bug.cgi?id=2056058

[ 2 ] Bug #2056061 - CVE-2021-44730 snapd: Hardlink attack in snap-confine's sc_open_snapd_tool()

https://bugzilla.redhat.com/show_bug.cgi?id=2056061

[ 3 ] Bug #2056065 - CVE-2021-4120 snapd: Insufficient validation of snap content interface and layout paths

https://bugzilla.redhat.com/show_bug.cgi?id=2056065

su -c 'dnf upgrade --advisory FEDORA-2022-82bea71e5a' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure