Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 18.04 LTS: USN-3917-1 Critical Snapd Access Bypass

ubuntu
Calendar Grey March 21, 2019
Dist Ubuntu Esm H88
Ubuntu users are warned about a security flaw in snapd that may allow unauthorized access. It's crucial to examine the details and apply updates to protect your systems
An intended access restriction in snapd could be bypassed by strict modesnaps on 64 bit architectures.

Summary

An intended access restriction in snapd could be bypassed by strict mode

snaps on 64 bit architectures.

Software Description:

- snapd: Daemon and tooling that enable snap packages

Details:

The snapd default seccomp filter for strict mode snaps blocks the use of

the ioctl() system call when used with TIOCSTI as the second argument to

the system call. Jann Horn discovered that this restriction could be

circumvented on 64 bit architectures. A malicious snap could exploit this

to bypass intended access restrictions to insert characters into the

terminal's input queue. On Ubuntu, snapd typically will have already

automatically refreshed itself to snapd 2.37.4 which is unaffected.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.10:
  snapd                           2.37.4+18.10.1

Ubuntu 18.04 LTS:
  snapd                           2.37.4+18.04.1

Ubuntu 16.04 LTS:
  snapd                           2.37.4ubuntu0.1

Ubuntu 14.04 LTS:
  snapd                           2.37.4~14.04.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3917-1

CVE-2019-7303, https://bugs.launchpad.net/snapd/+bug/1812973

Severity
critical
Lowest
Low
Medium
High
Critical

March 21, 2019

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here