[SRU] 2.48.2
Bug #1906690 reported by
Michael Vogt
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
snapd (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
placeholder
CVE References
summary: |
- [SRU] 2.48.1 + [SRU] 2.48.2 |
To post a comment you must log in.
This bug was fixed in the package snapd - 2.48.3+20.10
---------------
snapd (2.48.3+20.10) groovy-security; urgency=medium
* SECURITY UPDATE: sandbox escape vulnerability for containers greengrass- support: back-port interface changes to builtin/ docker- support: allow /run/containerd /s/...
(LP: #1910456)
- many: add Delegate=true to generated systemd units for special
interfaces
- interfaces/
2.48
- CVE-2020-27352
* interfaces/
- This is a new path that docker 19.03.14 (with a new version of
containerd) uses to avoid containerd CVE issues around the unix
socket. See also CVE-2020-15257.
snapd (2.48.2) xenial; urgency=medium
* New upstream release, LP: #1906690 core-initrd issue #13 cloudinit. go: add "manual_ cache_clean: true" to cloud- reveal- key vUsingFdeSetupH ook() devicestate: add scaffoling for "fde-reveal-key" support EphemeralRunHoo k() snap-repair: increase initial expontential time daemon: fix reboot system action to not require a parition- * tests for updated gadget {request, result}
- tests: sign new nested-18|20* models to allow for generic serials
- secboot: add extra paranoia when waiting for that fde-reveal-key
- tests: backport netplan workarounds from #9785
- secboot: add workaround for snapcore/
- devicestate: log checkEncryption errors via logger.Noticef
- tests: add nested spread end-to-end test for fde-hooks
- devicestate: implement checkFDEFeatures()
- boot: tweak resealing with fde-setup hooks
- sysconfig/
init restrict file
- secboot: add new LockSealedKeys() that uses either TPM or
fde-
- gadget: use "sealed-keys" to determine what method to use for
reseal
- boot: add sealKeyToModeen
- secboot: use `fde-reveal-key` if available to unseal key
- cmd/snap-update-ns: fix sorting of overname mount entries wrt
other entries
- o/devicestate: save model with serial in the device save db
- devicestate: add runFDESetupHook() helper
- secboot,
- hookstate: add new HookManager.
- update-pot: fix typo in plural keyword spec
- store,cmd/
intervals
- o/devicestate,
system label
- github: run nested suite when commit is pushed to release branch
- tests: reset fakestore unit status
- tests: fix uc20-create-
- hookstate: implement snapctl fde-setup-
- devicestate: make checkEncryption fde-setup hook aware
- client,snapctl: add naive support for "stdin"
- devicestate: support "storage-safety" defaults during install
- snap: use the boot-base for kernel hooks
- vendor: update secboot repo to avoid including secboot.test binary
snapd (2.48.1) xenial; urgency=medium
* New upstream release, LP: #1906690
- gadget: disable ubuntu-boot role validation check
-- Michael Vogt <email address hidden> Tue, 02 Feb 2021 09:21:12 +0100