snapd

Overview
Code
Bugs
Blueprints
Translations
Answers

Bug #1880085
Comment #9

Comment 9 for bug 1880085

Revision history for this message

Launchpad Janitor (janitor) wrote on 2020-07-15:

This bug was fixed in the package snapd - 2.45.1+18.04.2

---------------
snapd (2.45.1+18.04.2) bionic-security; urgency=medium

  * SECURITY UPDATE: sandbox escape vulnerability via snapctl user-open
    (xdg-open)
    - usersession/userd/launcher.go: remove XDG_DATA_DIRS environment
      variable modification when calling the system xdg-open. Patch
      thanks to James Henstridge
    - packaging/ubuntu-16.04/snapd.postinst: kill userd on upgrade so it
      may autostart on next use. Patch thanks to Michael Vogt
    - CVE-2020-11934
    - LP: #1880085

-- Emilia Torino <email address hidden> Fri, 10 Jul 2020 11:00:39 -0300