| Name | CVE-2023-1523 |
| Description | Using the TIOCLINUX ioctl request, a malicious snap could inject conte ... |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| snapd (PTS) | bullseye (security), bullseye | 2.49-1+deb11u2 | vulnerable |
| bookworm | 2.57.6-1 | vulnerable |
| sid, trixie | 2.67-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| snapd | source | (unstable) | 2.59.5-1 | | | |
Notes
[bookworm] - snapd <no-dsa> (Minor issue)
[bullseye] - snapd <no-dsa> (Minor issue)
[buster] - snapd <no-dsa> (Minor issue)
Preparation: https://github.com/snapcore/snapd/commit/e4681c57bd5805c8d2dec5c3ddf7d85ebf1d2c4c (2.59.5)
Fixed by: https://github.com/snapcore/snapd/commit/dddcfd6ac8daa84feb80eb6fd88f852ced70629c (2.59.5)
Fixed by: https://github.com/snapcore/snapd/commit/52af545f3c0d8b086500ab86f161703905638951 (2.59.5)
Tests: https://github.com/snapcore/snapd/commit/e5e823b442aec364e81c9cb805dc2fce34c41b8b (2.59.5)
Tests: https://github.com/snapcore/snapd/commit/8ad5a73e753828175c9fbbf03e518bb42d773979 (2.59.5)
Tests: https://github.com/snapcore/snapd/commit/64cf6b0048385d921b25361d55ddfd524880c738 (2.59.5)
Tests: https://github.com/snapcore/snapd/commit/2e93f91e1350f965a356748a3ddcff275207df12 (2.59.5)
Tests: https://github.com/snapcore/snapd/commit/390dc62a71884c0463e2411fb13f5bd5abdc7442 (2.59.5)