USN-6940-2: snapd vulnerabilities

Publication date

13 January 2025

Overview

Several security issues were fixed in snapd.


Packages

  • snapd - Daemon and tooling that enable snap packages

Details

USN-6940-1 fixed vulnerabilities in snapd. This update provides the
corresponding updates for Ubuntu 18.04 LTS and Ubuntu 16.04 LTS.

Original advisory details:

Neil McPhail discovered that snapd did not properly restrict writes to
the /home/jslarraz/bin path in the AppArmor profile for snaps using the home
plug. An attacker who could convince a user to install a malicious snap
could use this vulnerability to escape the snap sandbox. (CVE-2024-1724)

Zeyad Gouda discovered that snapd failed to properly check the file type
when extracting a snap. An attacker who could convince a user to install
a malicious snap containing non-regular files could then cause snapd to
block indefinitely while trying to read from such files and cause a
denial of service. (CVE-2024-29068)

Zeyad Gouda discovered that snapd failed to properly check the
...

USN-6940-1 fixed vulnerabilities in snapd. This update provides the
corresponding updates for Ubuntu 18.04 LTS and Ubuntu 16.04 LTS.

Original advisory details:

Neil McPhail discovered that snapd did not properly restrict writes to
the /home/jslarraz/bin path in the AppArmor profile for snaps using the home
plug. An attacker who could convince a user to install a malicious snap
could use this vulnerability to escape the snap sandbox. (CVE-2024-1724)

Zeyad Gouda discovered that snapd failed to properly check the file type
when extracting a snap. An attacker who could convince a user to install
a malicious snap containing non-regular files could then cause snapd to
block indefinitely while trying to read from such files and cause a
denial of service. (CVE-2024-29068)

Zeyad Gouda discovered that snapd failed to properly check the
destination of symbolic links when extracting a snap. An attacker who
could convince a user to install a malicious snap containing crafted
symbolic links could then cause snapd to write out the contents of the
symbolic link destination into a world-readable directory. This in-turn
could allow a local unprivileged user to gain access to privileged
information. (CVE-2024-29069)


Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
18.04 bionic snapd –  2.61.4ubuntu0.18.04.1+esm1  
16.04 xenial snapd –  2.61.4ubuntu0.16.04.1+esm1  

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.


Have additional questions?

Talk to a member of the team ›