Information on source package snapd

Available versions

ReleaseVersion
buster2.37.4-1+deb10u1
buster (security)2.37.4-1+deb10u3
bullseye2.49-1+deb11u2
bookworm2.57.6-1
trixie2.61.2-2
sid2.61.2-2

Open issues

BugbusterbullseyebookwormtrixiesidDescription
CVE-2023-1523vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)fixedfixedUsing the TIOCLINUX ioctl request, a malicious snap could inject conte ...
CVE-2021-4120vulnerable (no DSA, ignored)fixedfixedfixedfixedsnapd 2.54.2 fails to perform sufficient validation of snap content in ...
CVE-2021-3155vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedsnapd 2.54.2 and earlier created ~/snap directories in user home direc ...
CVE-2020-27352vulnerable (no DSA)fixedfixedfixedfixed
CVE-2020-11934vulnerable (no DSA)fixedfixedfixedfixedIt was discovered that snapctl user-open allowed altering the $XDG_DAT ...
CVE-2019-11503vulnerable (no DSA)fixedfixedfixedfixedsnap-confine as included in snapd before 2.39 did not guard against sy ...
CVE-2019-11502vulnerable (no DSA)fixedfixedfixedfixedsnap-confine in snapd before 2.38 incorrectly set the ownership of a s ...

Resolved issues

BugDescription
CVE-2022-3328Race condition in snap-confine's must_mkdir_and_open_with_perms()
CVE-2021-44731A race condition existed in the snapd 2.54.2 snap-confine binary when ...
CVE-2021-44730snapd 2.54.2 did not properly validate the location of the snap-confin ...
CVE-2019-7304Canonical snapd before version 2.37.1 incorrectly performed socket own ...
CVE-2019-7303A vulnerability in the seccomp filters of Canonical snapd before versi ...
CVE-2017-14178In snapd 2.27 through 2.29.2 the 'snap logs' command could be made to ...

Security announcements

DSA / DLADescription
DLA-3215-1snapd - security update
DSA-5292-1snapd - security update
DSA-5080-1snapd - security update
DLA-2527-1snapd - security update

Search for package or bug name: Reporting problems