USN-5292-1 fixed vulnerabilities in snapd. This update provides the
corresponding update for the riscv64 architecture.
Original advisory details:
James Troup discovered that snap did not properly manage the permissions for
the snap directories. A local attacker could possibly use this issue to expose
sensitive information. (CVE-2021-3155)
Ian Johnson discovered that snapd did not properly validate content interfaces
and layout paths. A local attacker could possibly use this issue to inject
arbitrary AppArmor policy rules, resulting in a bypass of intended access
restrictions. (CVE-2021-4120)
The Qualys Research Team discovered that snapd did not properly validate the
location of the snap-confine binary. A local attacker could possibly use this
issue to execute other arbitrary binaries and escalate privileges.
(CVE-2021-44730)
The Qualys Research Team discovered that a race condition existed in the snapd
snap-confine binary when preparing a private mount namespace for a snap. A
local attacker could possibly use this issue to escalate privileges and
execute arbitrary code. (CVE-2021-44731)
More Stories
USN-5966-2: amanda regression
USN-5966-1 fixed vulnerabilities in amanda. Unfortunately it introduced a regression in GNUTAR-based backups. This update reverts all of the changes...
ImageMagick-7.1.1.4-2.fc38
FEDORA-2023-f992309b7e Packages in this update: ImageMagick-7.1.1.4-2.fc38 Update description: Fix missing epoch in ImageMagick-heic requires (#2181176) Update ImageMagick to 7.1.1.4 (#2176749)...
python-flask-restx-1.1.0-1.fc38
FEDORA-2023-354467acba Packages in this update: python-flask-restx-1.1.0-1.fc38 Update description: New upstream release Read More
CVE-2018-25048
The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to...
USN-5966-1: amanda vulnerabilities
Maher Azzouzi discovered an information disclosure vulnerability in the calcsize binary within amanda. calcsize is a suid binary owned by...
USN-5942-2: Apache HTTP Server vulnerability
USN-5942-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding update for CVE-2023-25690 for Ubuntu 16.04 ESM. Original...