An intended access restriction in snapd could be bypassed by strict mode
snaps.
Software Description:
- snapd: Daemon and tooling that enable snap packages
Details:
It was discovered that cloud-init as managed by snapd on Ubuntu Core 16
and Ubuntu Core 18 devices ran on every boot without restrictions. A
physical attacker could exploit this to craft cloud-init
user-data/meta-data via external media to perform arbitrary changes on
the device to bypass intended security mechanisms such as full disk
encryption. This issue did not affect traditional Ubuntu systems.
(CVE-2020-11933)
It was discovered that snapctl user-open allowed altering the
XDG_DATA_DIRS environment variable when calling the system xdg-open. A
malicious snap could exploit this to bypass intended access restrictions
to control how the host system xdg-open script opens the URL. This issue
did not affect Ubuntu Core systems. (CVE-2020-11934)
The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: snapd 2.45.1+20.04.2 Ubuntu 19.10: snapd 2.45.1+19.10.2 Ubuntu 18.04 LTS: snapd 2.45.1+18.04.2 Ubuntu 16.04 LTS: snapd 2.45.1ubuntu0.2 In general, a standard system update will make all the necessary changes. On Ubuntu, snapd will automatically refresh itself to snapd 2.45.2 which is unaffected.
https://ubuntu.com/security/notices/USN-4424-1
CVE-2020-11933, CVE-2020-11934
Get the latest Linux and open source security news straight to your inbox.