1. Ubuntu Security Notices
  2. USN-4424-1

USN-4424-1: snapd vulnerabilities

Publication date

15 July 2020

Overview

An intended access restriction in snapd could be bypassed by strict mode snaps.

Releases

Packages

  • snapd - Daemon and tooling that enable snap packages

Details

It was discovered that cloud-init as managed by snapd on Ubuntu Core 16 and
Ubuntu Core 18 devices ran on every boot without restrictions. A physical
attacker could exploit this to craft cloud-init user-data/meta-data via
external media to perform arbitrary changes on the device to bypass
intended security mechanisms such as full disk encryption. This issue did
not affect traditional Ubuntu systems. (CVE-2020-11933)

It was discovered that snapctl user-open allowed altering the XDG_DATA_DIRS
environment variable when calling the system xdg-open. A malicious snap
could exploit this to bypass intended access restrictions to control how
the host system xdg-open script opens the URL. This issue did not affect
Ubuntu Core systems. (CVE-2020-11934)

It was discovered that cloud-init as managed by snapd on Ubuntu Core 16 and
Ubuntu Core 18 devices ran on every boot without restrictions. A physical
attacker could exploit this to craft cloud-init user-data/meta-data via
external media to perform arbitrary changes on the device to bypass
intended security mechanisms such as full disk encryption. This issue did
not affect traditional Ubuntu systems. (CVE-2020-11933)

It was discovered that snapctl user-open allowed altering the XDG_DATA_DIRS
environment variable when calling the system xdg-open. A malicious snap
could exploit this to bypass intended access restrictions to control how
the host system xdg-open script opens the URL. This issue did not affect
Ubuntu Core systems. (CVE-2020-11934)

Update instructions

In general, a standard system update will make all the necessary changes. On Ubuntu, snapd will automatically refresh itself to snapd 2.45.2 which is unaffected.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
20.04 focal snapd –  2.45.1+20.04.2
19.10 eoan snapd –  2.45.1+19.10.2
18.04 bionic snapd –  2.45.1+18.04.2
16.04 xenial snapd –  2.45.1ubuntu0.2

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›