USN-5753-1: snapd vulnerability

Publication date

1 December 2022

Overview

snapd could be made to run programs as an administrator.


Packages

  • snapd - Daemon and tooling that enable snap packages

Details

The Qualys Research Team discovered that a race condition existed in the
snapd snap-confine binary when preparing the private /tmp mount for a
snap. A local attacker could possibly use this issue to escalate privileges
and execute arbitrary code.

The Qualys Research Team discovered that a race condition existed in the
snapd snap-confine binary when preparing the private /tmp mount for a
snap. A local attacker could possibly use this issue to escalate privileges
and execute arbitrary code.

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
22.10 kinetic snapd –  2.57.5+22.10ubuntu0.1
22.04 jammy snapd –  2.57.5+22.04ubuntu0.1
20.04 focal snapd –  2.57.5+20.04ubuntu0.1
18.04 bionic snapd –  2.57.5+18.04ubuntu0.1
16.04 xenial snapd –  2.54.3+16.04.0ubuntu0.1~esm5  

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.


Have additional questions?

Talk to a member of the team ›