- Vulnerability/
- USN-3887-1
12/2/2019
USN-3887-1: snapd vulnerability
First published: Tue Feb 12 2019(Updated: )
Chris Moberly discovered that snapd versions 2.28 through 2.37 incorrectly validated and parsed the remote socket address when performing access controls on its UNIX socket. A local attacker could use this to access privileged socket APIs and obtain administrator privileges. On Ubuntu systems with snaps installed, snapd typically will have already automatically refreshed itself to snapd 2.37.1 which is unaffected.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/snapd | <2.35.5+18.10.1 | 2.35.5+18.10.1 |
| Ubuntu Ubuntu | =18.10 | |
| All of | ||
| ubuntu/snapd | <2.34.2+18.04.1 | 2.34.2+18.04.1 |
| Ubuntu Ubuntu | =18.04 | |
| All of | ||
| ubuntu/snapd | <2.34.2ubuntu0.1 | 2.34.2ubuntu0.1 |
| Ubuntu Ubuntu | =16.04 | |
| All of | ||
| ubuntu/snapd | <2.34.2~14.04.1 | 2.34.2~14.04.1 |
| Ubuntu Ubuntu | =14.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2019-7304
- https://launchpad.net/bugs/1813365
- https://launchpad.net/ubuntu/+source/snapd/2.35.5+18.10.1
- https://launchpad.net/ubuntu/+source/snapd/2.34.2+18.04.1
- https://launchpad.net/ubuntu/+source/snapd/2.34.2ubuntu0.1
- https://launchpad.net/ubuntu/+source/snapd/2.34.2~14.04.1
- https://ubuntu.com/security/notices/USN-3887-1 (Advisory)
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- agent/title
- agent/severity
- agent/references
- agent/last-modified-date
- agent/softwarecombine
- agent/type
- agent/event
- agent/description
- agent/tags
- agent/first-publish-date
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/18.10
- version/ubuntu ubuntu/18.04
- version/ubuntu ubuntu/16.04
- version/ubuntu ubuntu/14.04