Sicherheit: Mangelnde Rechteprüfung in snapd

Lesezeichen hinzufügen

--===============8391860112406267718==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="1LKvkjL3sHcu1TtY"
Content-Disposition: inline

--1LKvkjL3sHcu1TtY
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-3917-1
March 21, 2019

snapd vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

An intended access restriction in snapd could be bypassed by strict mode
snaps on 64 bit architectures.

Software Description:
- snapd: Daemon and tooling that enable snap packages

Details:

The snapd default seccomp filter for strict mode snaps blocks the use of
the ioctl() system call when used with TIOCSTI as the second argument to
the system call. Jann Horn discovered that this restriction could be
circumvented on 64 bit architectures. A malicious snap could exploit this
to bypass intended access restrictions to insert characters into the
terminal's input queue. On Ubuntu, snapd typically will have already
automatically refreshed itself to snapd 2.37.4 which is unaffected.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.10:
snapd 2.37.4+18.10.1

Ubuntu 18.04 LTS:
snapd 2.37.4+18.04.1

Ubuntu 16.04 LTS:
snapd 2.37.4ubuntu0.1

Ubuntu 14.04 LTS:
snapd 2.37.4~14.04.1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3917-1
CVE-2019-7303, https://launchpad.net/bugs/1812973

Package Information:
https://launchpad.net/ubuntu/+source/snapd/2.37.4+18.10.1
https://launchpad.net/ubuntu/+source/snapd/2.37.4+18.04.1
https://launchpad.net/ubuntu/+source/snapd/2.37.4ubuntu0.1
https://launchpad.net/ubuntu/+source/snapd/2.37.4~14.04.1

--1LKvkjL3sHcu1TtY
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEETCDAa12L3miIVNKKUdvcWMxVlXMFAlyUBbYACgkQUdvcWMxV
lXMQFRAAjbPMjG4hIf69v/2ha6dSvnbnW2TwQrFi3RPUM41i/zuiMWyfRx4bKp5Z
uARV930QYhyrr8J+RyNldNf/yuKiI1ZSidra8hqI9mtQT4wggX6rdgRz677O9Dk0
U8MBcexSP1fbohUVyUuIEilVFy3bO/L6B5M34H2XjorzPSQHhm/w0Hy+iujAHAbK
Vs3nVB1oDSKlj+AiS0SdJMQiZXgu3lbnV4FaOBKeKLJVHcmhx25g5fK0Uy/RaDHs
NEhrA3O/G6hKmWlJnUKDC7Oo6t+OAyZU/PQip66KT4I9nPIA+BVCiC2ZrJaa9fqr
9VwZZdqVt0tQAdEVvsb2xkyPuHTGa2yxcSE06MGMZqv+XrS2PCDKNf/WUfIPr1N1
4EAXApkXJJW4i5QUCUgGHE03ptP1iKKgSVfFjJLu9ei/U3fSHriSOj2OyrTetmPE
Xi6wjOvvIXCicsyDbb16onlRuQU/mrNNqDth8GVGE5szS1kKr7Ng401sRtot8DnN
sVd5tCT/WqHia+rbDTgwRR3bKelAm9tMQjLJpVEOyfu9xlGZOg3onNGtkGiLvsvY
dJrwE6myFi4bafXLdPepcC03DRJuZZ9Xnilu3GJyQZ+xgQ0R9wVIENPX3nqEed+M
wUNbnSOBR6+XX1b5q2DgoRTxTPTN6IadZeXqKZbYe3iLiDJg7aA=
=cgit
-----END PGP SIGNATURE-----

--1LKvkjL3sHcu1TtY--

--===============8391860112406267718==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce