RSS   Podatności dla 'Snapd'   RSS

2019-04-24
 
CVE-2019-11503

CWE-59
 

 
snap-confine as included in snapd before 2.39 did not guard against symlink races when performing the chdir() to the current working directory of the calling user, aka a "cwd restore permission bypass."

 
2019-04-23
 
CVE-2019-7304

CWE-20
 

 
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.

 
 
CVE-2019-7303

CWE-264
 

 
A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert characters into a terminal on a 64-bit host. The seccomp rules were generated to match 64-bit ioctl(2) commands on a 64-bit platform; however, the Linux kernel only uses the lower 32 bits to determine which ioctl(2) commands to run. This issue affects: Canonical snapd versions prior to 2.37.4.

 

 >>> Vendor: Canonical 35 Produkty
Spread
Ubuntu linux
Ubuntu enterprise cloud
PHP5
Ubuntu software properties
Telepathy-idle
MAAS
Libpam-modules
Update-manager
Accountsservice
Software-properties
Ltsp display manager
Acpi-support
Reportbug
Ubuntu
Lxcfs
Ubuntu core
Ubuntu touch
Ubuntu-core-launcher
LXD
Openstack ironic
JUJU
Ubuntu-image
Bazaar
Screen-resolution-extra
Apparmor
Ubuntu download manager
Snapd
Apt-xapian-index
Metal as a service
Cloud-init
Ubuntu cobbler
Microk8s
C-kernel
Subiquity


Copyright 2020, cxsecurity.com

 

Back to Top