First published: Tue Apr 23 2019(Updated: )
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.
Credit: security@ubuntu.com security@ubuntu.com
Affected Software | Affected Version | How to fix |
---|---|---|
Canonical snapd | <2.37.1 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =18.10 | |
debian/snapd | 2.49-1+deb11u2 2.57.6-1 2.65.3-1 2.66.1-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2019-7304.
The severity level of CVE-2019-7304 is critical with a severity value of 9.8.
Versions of Canonical snapd prior to 2.37.1 are affected by CVE-2019-7304.
Yes, Ubuntu Linux versions 14.04, 16.04, 18.04, and 18.10 are affected by CVE-2019-7304.
To fix the CVE-2019-7304 vulnerability, update Canonical snapd to version 2.37.1 or later.