4 matches found
Security fix for the ALT Linux 10 package snapd version 2.54.3-alt1
2.54.3-alt1 built April 26, 2022 Andrey Cherepanov in task 299035 --- Feb. 20, 2022 Alexey Shabalin - 2.54.3 Fixes: CVE-2021-44730, CVE-2021-44731, CVE-2021-4120...
Arbitrary Code Execution
Overview Affected versions of this package are vulnerable to Arbitrary Code Execution due to improper validation of the snap-confine binary location. A local attacker could possibly use this issue to execute other arbitrary binaries and escalate privileges. Remediation Upgrade...
CVE-2021-44730
CVE-2021-44730 affects snapd: 2.54.2 did not validate the location of the snap-confine binary, enabling a local attacker to hardlink it elsewhere and cause snap-confine to execute arbitrary binaries, achieving privilege escalation. Affected systems may gain root/privilege escalation locally. Reme...
UBUNTU-CVE-2021-4120
snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions...