CVE-2017-14178 (retired)

Priority
Description
In snapd 2.27 through 2.29.2 the 'snap logs' command could be made to call
journalctl without match arguments and therefore allow unprivileged,
unauthenticated users to bypass systemd-journald's access restrictions.
Notes
 jdstrand> 2.29.3 upstream was released on 2017-11-27
Assigned-to
Chipaca
Package
Source: snapd (LP Ubuntu Debian)
Upstream:released (2.29.3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (2.29.4.2~14.04)
Ubuntu 16.04 LTS (Xenial Xerus):released (2.29.4.2)
Ubuntu 18.04 LTS (Bionic Beaver):released (2.29.4.2+18.04)
Patches:
Introduced by https://github.com/snapcore/snapd/pull/3630Fixed by https://github.com/snapcore/snapd/pull/4194
Upstream:https://github.com/snapcore/snapd/pull/4196 (2.29)
More Information

Updated: 2019-03-26 12:25:01 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)