USN-5292-1 fixed a vulnerability in snapd. Unfortunately that update introduced
a regression that could break the fish shell. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
James Troup discovered that snap did not properly manage the permissions for
the snap directories. A local attacker could possibly use this issue to expose
sensitive information. (CVE-2021-3155)
Ian Johnson discovered that snapd did not properly validate content interfaces
and layout paths. A local attacker could possibly use this issue to inject
arbitrary AppArmor policy rules, resulting in a bypass of intended access
restrictions. (CVE-2021-4120)
The Qualys Research Team discovered that snapd did not properly validate the
location of the snap-confine binary. A local attacker could possibly use this
issue to execute other arbitrary binaries and escalate privileges.
(CVE-2021-44730)
The Qualys Research Team discovered that a race condition existed in the snapd
snap-confine binary when preparing a private mount namespace for a snap. A
local attacker could possibly use this issue to escalate privileges and
execute arbitrary code. (CVE-2021-44731)
More Stories
firefox-flatpak-120.0-2
FEDORA-FLATPAK-2023-85f15b91dc Packages in this update: firefox-flatpak-120.0-2 Update description: Fixed freezes on Google Maps Update to 120.0 Read More
opendkim-2.11.0-0.36.el9
FEDORA-EPEL-2023-9a05f8b1eb Packages in this update: opendkim-2.11.0-0.36.el9 Update description: Add upstream PR that filters Authentication-Results headers correctly to fix CVE-2022-48521. Read...
firefox-120.0-3.fc37
FEDORA-2023-dce9c4b01f Packages in this update: firefox-120.0-3.fc37 Update description: Fixed freezes on Google Maps Updated to latest upstream (120.0) Read More
SEC Consult SA-20231123 :: Uninstall Key Caching in Fortra Digital Guardian Agent Uninstaller
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Nov 27 SEC Consult Vulnerability Lab Security Advisory < 20231123-0...
SEC Consult SA-20231122 :: Multiple Vulnerabilities in m-privacy TightGate-Pro
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Nov 27 SEC Consult Vulnerability Lab Security Advisory < 20231122-0...
Senec Inverters Home V1, V2, V3 Home & Hybrid Use of Hard-coded Credentials – CVE-2023-39169
Posted by Phos4Me via Fulldisclosure on Nov 27 Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS:...