Fedora alert FEDORA-2022-5df8b52ba4 (snapd)
| From: | updates@fedoraproject.org | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 35 Update: snapd-2.54.3-1.fc35 | |
| Date: | Sun, 20 Feb 2022 01:12:59 +0000 | |
| Message-ID: | <20220220011259.7378631393AF@bastion01.iad2.fedoraproject.org> | |
| Archive-link: | Article |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2022-5df8b52ba4 2022-02-20 01:08:12.119349 -------------------------------------------------------------------------------- Name : snapd Product : Fedora 35 Version : 2.54.3 Release : 1.fc35 URL : https://github.com/snapcore/snapd Summary : A transactional software package manager Description : Snappy is a modern, cross-distribution, transactional package manager designed for working with self-contained, immutable packages. -------------------------------------------------------------------------------- Update Information: Update to 2.54.3. Cherry pick misc SELinux policy fixes. Fixes for CVE-2021-44731, CVE-2021-44730, CVE-2021-4120. -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 17 2022 Maciek Borzecki <maciek.borzecki@gmail.com> - 2.54.3-1 - Release 2.54.3 to Fedora - Cherry pick SELinux policy fixes for RHBZ#1944390, RHBZ#2043160, RHBZ#2043161, RHBZ#2046358, RHBZ#2046363, RHBZ#2046361, RHBZ#2046364, RHBZ#2046365, RHBZ#2051594, RHBZ#2043902, RHBZ#1944390 * Tue Feb 15 2022 Michael Vogt <michael.vogt@ubuntu.com> - New upstream release 2.54.3 - bugfixes -------------------------------------------------------------------------------- References: [ 1 ] Bug #2056058 - CVE-2021-44731 snapd: Race condition in snap-confine's setup_private_mount() https://bugzilla.redhat.com/show_bug.cgi?id=2056058 [ 2 ] Bug #2056061 - CVE-2021-44730 snapd: Hardlink attack in snap-confine's sc_open_snapd_tool() https://bugzilla.redhat.com/show_bug.cgi?id=2056061 [ 3 ] Bug #2056065 - CVE-2021-4120 snapd: Insufficient validation of snap content interface and layout paths https://bugzilla.redhat.com/show_bug.cgi?id=2056065 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-5df8b52ba4' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgr... All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond... List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-ann... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure