1. Ubuntu Security Notices
  2. USN-5292-4

USN-5292-4: snapd regression

Publication date

24 February 2022

Overview

USN-5292-1 introduced a regression in snapd.

Releases

Packages

  • snapd - Daemon and tooling that enable snap packages

Details

USN-5292-1 fixed a vulnerability in snapd. Unfortunately that update introduced
a regression that could break the fish shell. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

James Troup discovered that snap did not properly manage the permissions for
the snap directories. A local attacker could possibly use this issue to expose
sensitive information. (CVE-2021-3155)

Ian Johnson discovered that snapd did not properly validate content interfaces
and layout paths. A local attacker could possibly use this issue to inject
arbitrary AppArmor policy rules, resulting in a bypass of intended access
restrictions. (CVE-2021-4120)

The Qualys Research Team discovered that snapd did not properly validate the
location of the snap-confine binary. A local attacker could possibly use this
issue to...

USN-5292-1 fixed a vulnerability in snapd. Unfortunately that update introduced
a regression that could break the fish shell. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

James Troup discovered that snap did not properly manage the permissions for
the snap directories. A local attacker could possibly use this issue to expose
sensitive information. (CVE-2021-3155)

Ian Johnson discovered that snapd did not properly validate content interfaces
and layout paths. A local attacker could possibly use this issue to inject
arbitrary AppArmor policy rules, resulting in a bypass of intended access
restrictions. (CVE-2021-4120)

The Qualys Research Team discovered that snapd did not properly validate the
location of the snap-confine binary. A local attacker could possibly use this
issue to execute other arbitrary binaries and escalate privileges.
(CVE-2021-44730)

The Qualys Research Team discovered that a race condition existed in the snapd
snap-confine binary when preparing a private mount namespace for a snap. A
local attacker could possibly use this issue to escalate privileges and
execute arbitrary code. (CVE-2021-44731)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
21.10 impish snap-confine –  2.54.3+21.10.1ubuntu0.2
snapd –  2.54.3+21.10.1ubuntu0.2
20.04 focal snap-confine –  2.54.3+20.04.1ubuntu0.2
snapd –  2.54.3+20.04.1ubuntu0.2
18.04 bionic snap-confine –  2.54.3+18.04.2ubuntu0.2
snapd –  2.54.3+18.04.2ubuntu0.2
16.04 xenial snap-confine –  2.54.3+16.04.0ubuntu0.1~esm4  
snapd –  2.54.3+16.04.0ubuntu0.1~esm4  
14.04 trusty snap-confine –  2.54.3+14.04.0ubuntu0.1~esm3  
snapd –  2.54.3+14.04.0ubuntu0.1~esm3  

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›