11 matches found
USN-5292-4 snapd regression
USN-5292-1 fixed a vulnerability in snapd. Unfortunately that update introduced a regression that could break the fish shell. This update fixes the problem. We apologize for the inconvenience. Original advisory details: James Troup discovered that snap did not properly manage the permissions for...
USN-5292-4: snapd regression
USN-5292-1 fixed a vulnerability in snapd. Unfortunately that update introduced a regression that could break the fish shell. This update fixes the problem. We apologize for the inconvenience. Original advisory details: James Troup discovered that snap did not properly manage the permissions for...
Ubuntu: Security Advisory (USN-5292-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 16.04 ESM : snapd vulnerabilities (USN-5292-3)
The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5292-3 advisory. USN-5292-1 fixed several vulnerabilities in snapd. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Tenable has...
Ubuntu 20.04 LTS : snapd vulnerabilities (USN-5292-2)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5292-2 advisory. USN-5292-1 fixed vulnerabilities in snapd. This update provides the corresponding update for the riscv64 architecture. Tenable has extracted the precedin...
Ubuntu: Security Advisory (USN-5292-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DEBIAN-CVE-2021-3155
snapd 2.54.2 and earlier created /snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been private. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1...
CVE-2021-3155
CVE-2021-3155 affects snapd up to 2.54.2, where ~/snap directories in users’ home were created with insufficient owner-only permissions, potentially allowing a local attacker to read private data. Fixes are in snapd 2.54.3+18.04, 2.54.3+20.04, and 2.54.3+21.10.1. No exploitation details are provi...
CVE-2021-3155 snapd created ~/snap with too-wide permissions
snapd 2.54.2 and earlier created /snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been private. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1...
CVE-2021-3155
snapd 2.54.2 and earlier created /snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been private. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1...
USN-5292-1: snapd vulnerabilities
James Troup discovered that snap did not properly manage the permissions for the snap directories. A local attacker could possibly use this issue to expose sensitive information. CVE-2021-3155 Ian Johnson discovered that snapd did not properly validate content interfaces and layout paths. A local...