Your submission was sent successfully! Close

CVE-2019-7304

Published: 12 February 2019

Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.

Notes

AuthorNote
jdstrand 
introduced in https://github.com/snapcore/snapd/pull/4626
original CRD was 2019-02-06 16:00:00 UTC but delayed due to delayed
Fedora update
Priority

High

CVSS 3 base score: 9.8

Status

Package Release Status
snapd
Launchpad, Ubuntu, Debian 		bionic
Released (2.34.2+18.04.1)
cosmic
Released (2.35.5+18.10.1)
precise Does not exist

trusty Does not exist
(trusty was released [2.34.2~14.04.1])
upstream
Released (2.37.1-1)
xenial
Released (2.34.2ubuntu0.1)

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading