-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2022-19187e8443 2022-02-20 00:27:44.968997 --------------------------------------------------------------------------------
Name : snapd Product : Fedora EPEL 9 Version : 2.54.3 Release : 1.el9 URL : https://github.com/snapcore/snapd Summary : A transactional software package manager Description : Snappy is a modern, cross-distribution, transactional package manager designed for working with self-contained, immutable packages.
-------------------------------------------------------------------------------- Update Information:
Update to 2.54.3. Cherry pick misc SELinux policy fixes. Fixes for CVE-2021-44731, CVE-2021-44730, CVE-2021-4120. -------------------------------------------------------------------------------- ChangeLog:
* Thu Feb 17 2022 Maciek Borzecki maciek.borzecki@gmail.com - 2.54.3-1 - Release 2.54.3 to Fedora - Cherry pick SELinux policy fixes for RHBZ#1944390, RHBZ#2043160, RHBZ#2043161, RHBZ#2046358, RHBZ#2046363, RHBZ#2046361, RHBZ#2046364, RHBZ#2046365, RHBZ#2051594, RHBZ#2043902, RHBZ#1944390 * Tue Feb 15 2022 Michael Vogt michael.vogt@ubuntu.com - New upstream release 2.54.3 - bugfixes -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2056058 - CVE-2021-44731 snapd: Race condition in snap-confine's setup_private_mount() https://bugzilla.redhat.com/show_bug.cgi?id=2056058 [ 2 ] Bug #2056061 - CVE-2021-44730 snapd: Hardlink attack in snap-confine's sc_open_snapd_tool() https://bugzilla.redhat.com/show_bug.cgi?id=2056061 [ 3 ] Bug #2056065 - CVE-2021-4120 snapd: Insufficient validation of snap content interface and layout paths https://bugzilla.redhat.com/show_bug.cgi?id=2056065 --------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use su -c 'yum update snapd' at the command line. For more information, refer to "YUM", available at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7%5C /html/System_Administrators_Guide/ch-yum.html
All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
epel-package-announce@lists.fedoraproject.org