[ubuntu/mantic-proposed] snapd 2.59.1+23.04ubuntu2 (Accepted)

Alex Murray alex.murray at canonical.com
Mon May 29 12:04:15 UTC 2023 

snapd (2.59.1+23.04ubuntu2) mantic; urgency=medium

  * SECURITY UPDATE: possible sandbox escape via TIOCLINUX ioctl
    - interfaces/seccomp/template.go: block ioctl with TIOCLINUX. Patch
      from upstream. Graphical terminal emulators like xterm, gnome-terminal
      and others are not affected - this can only be exploited when snaps
      are run on a virtual console.
    - https://github.com/snapcore/snapd/pull/12849
    - CVE-2023-1523

Date: Mon, 29 May 2023 13:53:02 +0930
Changed-By: Alex Murray <alex.murray at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/snapd/2.59.1+23.04ubuntu2
-------------- next part --------------
Format: 1.8
Date: Mon, 29 May 2023 13:53:02 +0930
Source: snapd
Built-For-Profiles: noudeb
Architecture: source
Version: 2.59.1+23.04ubuntu2
Distribution: mantic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Alex Murray <alex.murray at canonical.com>
Changes:
 snapd (2.59.1+23.04ubuntu2) mantic; urgency=medium
 .
   * SECURITY UPDATE: possible sandbox escape via TIOCLINUX ioctl
     - interfaces/seccomp/template.go: block ioctl with TIOCLINUX. Patch
       from upstream. Graphical terminal emulators like xterm, gnome-terminal
       and others are not affected - this can only be exploited when snaps
       are run on a virtual console.
     - https://github.com/snapcore/snapd/pull/12849
     - CVE-2023-1523
Checksums-Sha1:
 fcf5eaa1b114c5a9135f1a9b2033aa9b2ebb9105 2631 snapd_2.59.1+23.04ubuntu2.dsc
 d94b49088816b453508abc9daaa5a5d4734165fd 8028032 snapd_2.59.1+23.04ubuntu2.tar.xz
 5d3e48ea63d7090a1b5f449d58ef0d170b83c8ca 10344 snapd_2.59.1+23.04ubuntu2_source.buildinfo
Checksums-Sha256:
 95f7c8b8779567bf0f0331b69c36809a09adf09b91ce57313c32210d69d244ba 2631 snapd_2.59.1+23.04ubuntu2.dsc
 35e93468de41860915f7efabc447caf8e5fb25642208888d7f99a2261f731fd9 8028032 snapd_2.59.1+23.04ubuntu2.tar.xz
 4f930db4d0ce0ce651416c0a1b4ac5d118f1b8f6fb25b229a6b3f9098e0c64cd 10344 snapd_2.59.1+23.04ubuntu2_source.buildinfo
Files:
 58c1668dfa34b433d72b5e78ac46ce97 2631 devel optional snapd_2.59.1+23.04ubuntu2.dsc
 601b93a61c42a65bd1236838e25ebbc1 8028032 devel optional snapd_2.59.1+23.04ubuntu2.tar.xz
 3c580ebc8abb0c81058be21dfcacc7bd 10344 devel optional snapd_2.59.1+23.04ubuntu2_source.buildinfo

More information about the mantic-changes mailing list