Candidate: CVE-2017-14178
PublicDate: 2018-02-02 14:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14178
Description:
 In snapd 2.27 through 2.29.2 the 'snap logs' command could be made to call
 journalctl without match arguments and therefore allow unprivileged,
 unauthenticated users to bypass systemd-journald's access restrictions.
Ubuntu-Description:
Notes:
 jdstrand> 2.29.3 upstream was released on 2017-11-27
Bugs:
 https://launchpad.net/bugs/1730255
Priority: low
Discovered-by: Robert Ancell
Assigned-to: Chipaca
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH]

Patches_snapd:
 break-fix: https://github.com/snapcore/snapd/pull/3630 https://github.com/snapcore/snapd/pull/4194
 upstream: https://github.com/snapcore/snapd/pull/4196 (2.29)
upstream_snapd: released (2.29.3)
precise/esm_snapd: DNE
trusty_snapd: released (2.29.4.2~14.04)
trusty/esm_snapd: DNE (trusty was released [2.29.4.2~14.04])
xenial_snapd: released (2.29.4.2)
esm-infra/xenial_snapd: released (2.29.4.2)
zesty_snapd: released (2.29.4.2+17.04)
artful_snapd: released (2.29.4.2+17.10)
devel_snapd: released (2.29.4.2+18.04)