snapd vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
* Ubuntu 20.04 LTS
* Ubuntu 19.10
* Ubuntu 18.04 LTS
* Ubuntu 16.04 LTS
Summary
An intended access restriction in snapd could be bypassed by
strict mode snaps.
Software Description
* snapd - Daemon and tooling that enable snap packages
Details
It was discovered that cloud-init as managed by snapd on Ubuntu
Core 16 and Ubuntu Core 18 devices ran on every boot without
restrictions. A physical attacker could exploit this to craft
cloud-init user-data/meta-data via external media to perform
arbitrary changes on the device to bypass intended security
mechanisms such as full disk encryption. This issue did not affect
traditional Ubuntu systems. (CVE-2020-11933)
It was discovered that snapctl user-open allowed altering the
XDG_DATA_DIRS environment variable when calling the system
xdg-open. A malicious snap could exploit this to bypass intended
access restrictions to control how the host system xdg-open script
opens the URL. This issue did not affect Ubuntu Core systems.
(CVE-2020-11934)
Update instructions
The problem can be corrected by updating your system to the
following package versions:
Ubuntu 20.04 LTS
snapd - 2.45.1+20.04.2
Ubuntu 19.10
snapd - 2.45.1+19.10.2
Ubuntu 18.04 LTS
snapd - 2.45.1+18.04.2
Ubuntu 16.04 LTS
snapd - 2.45.1ubuntu0.2
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary
changes. On Ubuntu, snapd will automatically refresh itself to
snapd 2.45.2 which is unaffected.
References
* CVE-2020-11933
* CVE-2020-11934
--- Mystic BBS v1.12 A45 (Linux/64)
* Origin: BZ&BZ BBS (21:4/110)