Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

Ubuntu 18.04 LTS & 16.04 LTS: USN-6940-2 critical: snapd issues resolved

ubuntu
Calendar Grey January 13, 2025
Dist Ubuntu Esm H88
The recent brief covers essential safety enhancements for snapd in Ubuntu, addressing significant vulnerabilities that threaten overall system stability.
Several security issues were fixed in snapd.

Summary

Several security issues were fixed in snapd.

Software Description:

- snapd: Daemon and tooling that enable snap packages

Details:

USN-6940-1 fixed vulnerabilities in snapd. This update provides the

corresponding updates for Ubuntu 18.04 LTS and Ubuntu 16.04 LTS.

Original advisory details:

 Neil McPhail discovered that snapd did not properly restrict writes to

 the /home/jslarraz/bin path in the AppArmor profile for snaps using the home

 plug. An attacker who could convince a user to install a malicious snap

 could use this vulnerability to escape the snap sandbox. (CVE-2024-1724)

 Zeyad Gouda discovered that snapd failed to properly check the file type

 when extracting a snap. An attacker who could convince a user to install

 a malicious snap containing non-regular files could then cause snapd to

 block indefinitely while trying to read from such files and cause a

 denial of service. (CVE-2024-29068)

 Zeyad Gouda discovered that sn...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
   snapd                           2.61.4ubuntu0.18.04.1+esm1
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS
   snapd                           2.61.4ubuntu0.16.04.1+esm1
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-6940-2

  https://ubuntu.com/security/notices/USN-6940-1

  CVE-2024-1724, CVE-2024-29068, CVE-2024-29069

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6940-2

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here