Bug 2056065 (CVE-2021-4120)
| Summary: | CVE-2021-4120 snapd: Insufficient validation of snap content interface and layout paths | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Mauro Matteo Cascella <mcascell> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED UPSTREAM | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | go-sig, maciek.borzecki, me, ngompa13 |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | snapd 2.54.3 | Doc Type: | If docs needed, set a value |
| Doc Text: |
snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-03-02 21:32:22 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2056066, 2056067 | ||
| Bug Blocks: | |||
|
Description
Mauro Matteo Cascella
2022-02-18 16:47:10 UTC
Created snapd tracking bugs for this issue: Affects: epel-all [bug 2056066] Affects: fedora-all [bug 2056067] This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products. |