Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Ubuntu 21.10 USN-5292-4 Critical Fix for Snapd Regression Issue

ubuntu
Calendar Grey February 24, 2022
Dist Ubuntu Esm H88
Tackling the snapd rollback problem arising from Ubuntu Security Notice USN-5292-1 entails essential patching directives.
USN-5292-1 introduced a regression in snapd.

Summary

USN-5292-1 introduced a regression in snapd.

Software Description:

- snapd: Daemon and tooling that enable snap packages

Details:

USN-5292-1 fixed a vulnerability in snapd. Unfortunately that update introduced

a regression that could break the fish shell. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

James Troup discovered that snap did not properly manage the permissions for

the snap directories. A local attacker could possibly use this issue to expose

sensitive information. (CVE-2021-3155)

Ian Johnson discovered that snapd did not properly validate content interfaces

and layout paths. A local attacker could possibly use this issue to inject

arbitrary AppArmor policy rules, resulting in a bypass of intended access

restrictions. (CVE-2021-4120)

The Qualys Research Team discovered that snapd did not properly validate the

location of the snap-confine binary. A local attacker could possibly use...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.10:
  snap-confine                    2.54.3+21.10.1ubuntu0.2
  snapd                           2.54.3+21.10.1ubuntu0.2

Ubuntu 20.04 LTS:
  snap-confine                    2.54.3+20.04.1ubuntu0.2
  snapd                           2.54.3+20.04.1ubuntu0.2

Ubuntu 18.04 LTS:
  snap-confine                    2.54.3+18.04.2ubuntu0.2
  snapd                           2.54.3+18.04.2ubuntu0.2

Ubuntu 16.04 ESM:
  snap-confine                    2.54.3+16.04.0ubuntu0.1~esm4
  snapd                           2.54.3+16.04.0ubuntu0.1~esm4

Ubuntu 14.04 ESM:
  snap-confine                    2.54.3+14.04.0ubuntu0.1~esm3
  snapd                           2.54.3+14.04.0ubuntu0.1~esm3

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5292-4

https://ubuntu.com/security/notices/USN-5292-1

https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1961365, https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1961791

Severity
critical
Lowest
Low
Medium
High
Critical

February 24, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.