DEBIAN-CVE-2024-1724

In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a malicious snap whic...

snapd 安全漏洞

snapd is a cross-platform package management tool open-sourced by snapcore. Enables systems to use .snap files. A security vulnerability exists in snapd versions prior to 2.62 that stems from the inability to restrict writes to the $HOME/bin path when sandboxing permissions is enforced using...

PT-2024-18253 · Canonical +2 · Snapd +3

Name of the Vulnerable Software and Affected Versions: snapd versions prior to 2.62 Description: The issue arises when using AppArmor for enforcement of sandbox permissions in snapd. It failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to...