Sicherheit: Mangelnde Rechteprüfung in snapd-glib

Lesezeichen hinzufügen

-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2019-bc3dfb389f
2019-07-13 01:23:59.036557
-------------------------------------------------------------------------------
-

Name : snapd-glib
Product : Fedora 29
Version : 1.48
Release : 1.fc29
URL : https://github.com/snapcore/snapd-glib
Summary : Library providing a GLib interface to snapd
Description :
snapd-glib is a library that provides an interface to communicate
with snapd for GLib based applications.

-------------------------------------------------------------------------------
-
Update Information:

#### Update to v1.48 * New API: - `snapd_client_get_connections_async`
- `snapd_client_get_connections_finish` -
`snapd_client_get_connections_sync` -
`snapd_client_get_interfaces2_async`
- `snapd_client_get_interfaces2_finish` -
`snapd_client_get_interfaces2_sync` - `snapd_client_get_snap_conf_async`
- `snapd_client_get_snap_conf_finish` - `snapd_client_get_snap_conf_sync`
- `snapd_client_set_snap_conf_async` -
`snapd_client_set_snap_conf_finish`
- `snapd_client_set_snap_conf_sync` - `snapd_connection_get_gadget`
- `snapd_connection_get_interface` - `snapd_connection_get_manual`
-
`snapd_connection_get_plug` - `snapd_connection_get_plug_attribute`
- `snapd_connection_get_plug_attribute_names` -
`snapd_connection_get_slot` - `snapd_connection_get_slot_attribute`
- `snapd_connection_get_slot_attribute_names` -
`snapd_connection_has_plug_attribute` -
`snapd_connection_has_slot_attribute` - `snapd_interface_get_doc_url`
- `snapd_interface_get_name` - `snapd_interface_get_plugs` -
`snapd_interface_get_slots` - `snapd_interface_get_summary` -
`snapd_markdown_node_get_children` - `snapd_markdown_node_get_node_type`
- `snapd_markdown_node_get_text` - `snapd_markdown_parser_new` -
`snapd_markdown_parser_get_combine_whitespace` -
`snapd_markdown_parser_parse` -
`snapd_markdown_parser_set_combine_whitespace` -
`snapd_plug_get_connected_slots` - `snapd_plug_ref_get_plug` -
`snapd_plug_ref_get_snap` - `snapd_slot_get_connected_plugs` -
`snapd_slot_ref_get_slot` - `snapd_slot_ref_get_snap` -
`SNAPD_ERROR_OPTION_NOT_FOUND` * Deprecated API: -
`snapd_client_get_interfaces_async` -
`snapd_client_get_interfaces_finish`
- `snapd_client_get_interfaces_sync` - `snapd_connection_get_name`
-
`snapd_connection_get_snap` - `snapd_plug_get_connections` -
`snapd_slot_get_connections` * Allow searching via common-id * Add a
description
markdown parser * Replace `SnapdConnection` with `SnapdPlugRef` and
`SnapdSlotRef` * Support updated connections API (`/v2/connections`) * Support
updated `/v2/interfaces&select=` API * Support snap configuration API * Add
Qt
interface attribute API * Make `snapd_client_set_socket_path` revert to the
default when `NULL` passed. * Fix C99 mode not being enabled on older versions
of GCC
-------------------------------------------------------------------------------
-
ChangeLog:

* Thu Jul 11 2019 Neal Gompa <ngompa13@gmail.com> - 1.48-1
- Update to 1.48
- Many new APIs added
- Allow searching via common-id
- Add a description markdown parser
- Replace SnapdConnection with SnapdPlugRef and SnapdSlotRef
- Support updated connections API (/v2/connections)
- Support updated /v2/interfaces&select= API
- Support snap configuration API
- Add Qt interface attribute API
- Make snapd_client_set_socket_path revert to the default when NULL passed.
- Fix C99 mode not being enabled on older versions of GCC
* Sun Mar 24 2019 Neal Gompa <ngompa13@gmail.com> - 1.47-1
- Update to 1.47
- New API: snapd_channel_get_released_at
- New API: SNAPD_ERROR_DNS_FAILURE
- Fix tests breaking due to undefined order of results
- Remove generated MOC file from tarball
* Mon Feb 4 2019 Kalev Lember <klember@redhat.com> - 1.45-3
- Update BRs for vala packaging changes
* Sun Feb 3 2019 Fedora Release Engineering <releng@fedoraproject.org> -
1.45-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jan 25 2019 Richard Hughes <rhughes@redhat.com> - 1.45-1
- Update to 1.45
- Support base snap field
- Support filtering apps
- Support maintenance information returned from snapd
* Sun Nov 4 2018 Neal Gompa <ngompa13@gmail.com> - 1.44-1
- Update to 1.44
- Reconnect to snapd if disconnected while trying to send the request
- Handle short writes to snapd
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1718466 - snapd-glib-1.48 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1718466
[ 2 ] Bug #1706019 - CVE-2019-11503 snapd-glib: snapd: remote attacker able
to bypass security restriction [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1706019
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-bc3dfb389f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org