CVE-2017-14178
Published: 2 February 2018
In snapd 2.27 through 2.29.2 the 'snap logs' command could be made to call journalctl without match arguments and therefore allow unprivileged, unauthenticated users to bypass systemd-journald's access restrictions.
Notes
| Author | Note |
|---|---|
| jdstrand | 2.29.3 upstream was released on 2017-11-27 |
Priority
CVSS 3 base score: 7.5
Status
| Package | Release | Status |
|---|---|---|
|
snapd Launchpad, Ubuntu, Debian |
artful |
Released
(2.29.4.2+17.10)
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
(trusty was released [2.29.4.2~14.04])
|
|
| upstream |
Released
(2.29.3)
|
|
| xenial |
Released
(2.29.4.2)
|
|
| zesty |
Released
(2.29.4.2+17.04)
|
|
|
Patches: Introduced by https://github.com/snapcore/snapd/pull/3630 break-fix: https://github.com/snapcore/snapd/pull/3630 https://github.com/snapcore/snapd/pull/4194 upstream: https://github.com/snapcore/snapd/pull/4196 (2.29) |
||