Alerts This Week
Warning Icon 1 537
Alerts This Week
Warning Icon 1 537

Ubuntu 20.04 LTS USN-5292-2 High: Snapd Privilege Escalation Issues

Calendar Feb 17, 2022 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory high severity privilege escalation local attack ubuntu access restriction snapd
Several security issues were fixed in snapd. 
=========================================================================Ubuntu Security Notice USN-5292-2
February 18, 2022

snapd vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in snapd.

Software Description:
- snapd: Daemon and tooling that enable snap packages

Details:

USN-5292-1 fixed vulnerabilities in snapd. This update provides the
corresponding update for the riscv64 architecture.

Original advisory details:

  James Troup discovered that snap did not properly manage the
  permissions for the snap directories. A local attacker could possibly
  use this issue to expose sensitive information. (CVE-2021-3155)

  Ian Johnson discovered that snapd did not properly validate content
  interfaces and layout paths. A local attacker could possibly use this
  issue to inject arbitrary AppArmor policy rules, resulting in a bypass
  of intended access restrictions. (CVE-2021-4120)

  The Qualys Research Team discovered that snapd did not properly
  validate the location of the snap-confine binary. A local attacker
  could possibly use this issue to execute other arbitrary binaries and
  escalate privileges. (CVE-2021-44730)

  The Qualys Research Team discovered that a race condition existed in
  the snapd snap-confine binary when preparing a private mount namespace
  for a snap. A local attacker could possibly use this issue to escalate
  privileges and execute arbitrary code. (CVE-2021-44731)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
   snap-confine                    2.54.3+20.04.1
   snapd                           2.54.3+20.04.1

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-5292-2
   https://ubuntu.com/security/notices/USN-5292-1
   CVE-2021-3155, CVE-2021-4120, CVE-2021-44730, CVE-2021-44731

Package Information:
   https://launchpad.net/ubuntu/+source/snapd/2.54.3+20.04.1

Ubuntu 20.04 LTS USN-5292-2 High: Snapd Privilege Escalation Issues

ubuntu
Calendar Grey February 17, 2022
Dist Ubuntu Esm H88
Ubuntu Security Announcement USN-5292-2 details vulnerabilities found in snapd, along with corrective measures for affected versions.
Several security issues were fixed in snapd.

Summary

Topics%20covered

Topics Covered

security advisory high severity privilege escalation local attack ubuntu access restriction snapd

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: snap-confine 2.54.3+20.04.1 snapd 2.54.3+20.04.1 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5292-2

https://ubuntu.com/security/notices/USN-5292-1

CVE-2021-3155, CVE-2021-4120, CVE-2021-44730, CVE-2021-44731

Severity
important
Lowest
Low
Medium
High
Critical

February 18, 2022

Topics%20covered

Topics Covered

security advisory high severity privilege escalation local attack ubuntu access restriction snapd

Package Information

https://launchpad.net/ubuntu/+source/snapd/2.54.3+20.04.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here