CI4MS: Account Deletion Module Grants Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation (Logic Flaw)

Summary Vulnerability: Improper Session Invalidation on Account Deletion Broken Access Control / Logic Flaw - This vulnerability is caused by a backend logic flaw that maintains a false trust assumption that already-authenticated users remain trustworthy, even after their accounts are explicitly...

USN-5292-4: snapd regression

USN-5292-1 fixed a vulnerability in snapd. Unfortunately that update introduced a regression that could break the fish shell. This update fixes the problem. We apologize for the inconvenience. Original advisory details: James Troup discovered that snap did not properly manage the permissions for...

USN-5292-3 snapd vulnerabilities

USN-5292-1 fixed several vulnerabilities in snapd. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: James Troup discovered that snap did not properly manage the permissions for the snap directories. A local attacker could possibly...

CVE-2021-4120 snapd could be made to bypass intended access restrictions through snap content interfaces and layout paths

snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions...