Fedora 34: snapd 2022-82bea71e5a
Summary
Snappy is a modern, cross-distribution, transactional package manager
designed for working with self-contained, immutable packages.
Update to 2.54.3. Cherry pick misc SELinux policy fixes. Fixes for
CVE-2021-44731, CVE-2021-44730, CVE-2021-4120.
* Thu Feb 17 2022 Maciek Borzecki
- Release 2.54.3 to Fedora
- Cherry pick SELinux policy fixes for RHBZ#1944390, RHBZ#2043160, RHBZ#2043161,
RHBZ#2046358, RHBZ#2046363, RHBZ#2046361, RHBZ#2046364, RHBZ#2046365,
RHBZ#2051594, RHBZ#2043902, RHBZ#1944390
* Tue Feb 15 2022 Michael Vogt
- New upstream release 2.54.3
- bugfixes
[ 1 ] Bug #2056058 - CVE-2021-44731 snapd: Race condition in snap-confine's setup_private_mount()
https://bugzilla.redhat.com/show_bug.cgi?id=2056058
[ 2 ] Bug #2056061 - CVE-2021-44730 snapd: Hardlink attack in snap-confine's sc_open_snapd_tool()
https://bugzilla.redhat.com/show_bug.cgi?id=2056061
[ 3 ] Bug #2056065 - CVE-2021-4120 snapd: Insufficient validation of snap content interface and layout paths
https://bugzilla.redhat.com/show_bug.cgi?id=2056065
su -c 'dnf upgrade --advisory FEDORA-2022-82bea71e5a' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
FEDORA-2022-82bea71e5a 2022-02-20 00:40:47.284064 Product : Fedora 34 Version : 2.54.3 Release : 1.fc34 URL : https://github.com/snapcore/snapd Summary : A transactional software package manager Description : Snappy is a modern, cross-distribution, transactional package manager designed for working with self-contained, immutable packages. Update to 2.54.3. Cherry pick misc SELinux policy fixes. Fixes for CVE-2021-44731, CVE-2021-44730, CVE-2021-4120. * Thu Feb 17 2022 Maciek Borzecki - 2.54.3-1 - Release 2.54.3 to Fedora - Cherry pick SELinux policy fixes for RHBZ#1944390, RHBZ#2043160, RHBZ#2043161, RHBZ#2046358, RHBZ#2046363, RHBZ#2046361, RHBZ#2046364, RHBZ#2046365, RHBZ#2051594, RHBZ#2043902, RHBZ#1944390 * Tue Feb 15 2022 Michael Vogt - New upstream release 2.54.3 - bugfixes [ 1 ] Bug #2056058 - CVE-2021-44731 snapd: Race condition in snap-confine's setup_private_mount() https://bugzilla.redhat.com/show_bug.cgi?id=2056058 [ 2 ] Bug #2056061 - CVE-2021-44730 snapd: Hardlink attack in snap-confine's sc_open_snapd_tool() https://bugzilla.redhat.com/show_bug.cgi?id=2056061 [ 3 ] Bug #2056065 - CVE-2021-4120 snapd: Insufficient validation of snap content interface and layout paths https://bugzilla.redhat.com/show_bug.cgi?id=2056065 su -c 'dnf upgrade --advisory FEDORA-2022-82bea71e5a' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Change Log
References