Ubuntu 3887-1: snapd vulnerability

    Date12 Feb 2019
    CategoryUbuntu
    4798
    Posted ByLinuxSecurity Advisories
    snapd could be made to run programs as an administrator.
    ==========================================================================
    Ubuntu Security Notice USN-3887-1
    February 12, 2019
    
    snapd vulnerability
    ==========================================================================
    
    A security issue affects these releases of Ubuntu and its derivatives:
    
    - Ubuntu 18.10
    - Ubuntu 18.04 LTS
    - Ubuntu 16.04 LTS
    - Ubuntu 14.04 LTS
    
    Summary:
    
    snapd could be made to run programs as an administrator.
    
    Software Description:
    - snapd: Daemon and tooling that enable snap packages
    
    Details:
    
    Chris Moberly discovered that snapd versions 2.28 through 2.37 incorrectly
    validated and parsed the remote socket address when performing access
    controls on its UNIX socket. A local attacker could use this to access
    privileged socket APIs and obtain administrator privileges. On Ubuntu
    systems with snaps installed, snapd typically will have already
    automatically refreshed itself to snapd 2.37.1 which is unaffected.
    
    Update instructions:
    
    The problem can be corrected by updating your system to the following
    package versions:
    
    Ubuntu 18.10:
      snapd                           2.35.5+18.10.1
    
    Ubuntu 18.04 LTS:
      snapd                           2.34.2+18.04.1
    
    Ubuntu 16.04 LTS:
      snapd                           2.34.2ubuntu0.1
    
    Ubuntu 14.04 LTS:
      snapd                           2.34.2~14.04.1
    
    In general, a standard system update will make all the necessary changes.
    
    References:
      https://usn.ubuntu.com/usn/usn-3887-1
      CVE-2019-7304, https://launchpad.net/bugs/1813365
    
    Package Information:
      https://launchpad.net/ubuntu/+source/snapd/2.35.5+18.10.1
      https://launchpad.net/ubuntu/+source/snapd/2.34.2+18.04.1
      https://launchpad.net/ubuntu/+source/snapd/2.34.2ubuntu0.1
      https://launchpad.net/ubuntu/+source/snapd/2.34.2~14.04.1
    
    You are not authorised to post comments.

    LinuxSecurity Poll

    What is your favorite LinuxSecurity.com feature?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    17
    radio
    [{"id":"65","title":"Feature articles","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"66","title":"News","votes":"1","type":"x","order":"2","pct":33.33,"resources":[]},{"id":"67","title":"HOWTOs","votes":"2","type":"x","order":"3","pct":66.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.