CVE-2019-7304 (retired)

Priority
Description
Canonical snapd before version 2.37.1 incorrectly performed socket owner
validation, allowing an attacker to run arbitrary commands as root. This
issue affects: Canonical snapd versions prior to 2.37.1.
Notes
 jdstrand> introduced in https://github.com/snapcore/snapd/pull/4626
 jdstrand> original CRD was 2019-02-06 16:00:00 UTC but delayed due to delayed
  Fedora update
Assigned-to
jdstrand
Package
Source: snapd (LP Ubuntu Debian)
Upstream:released (2.37.1-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (2.34.2~14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (2.34.2ubuntu0.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (2.34.2+18.04.1)
Ubuntu 18.10 (Cosmic Cuttlefish):released (2.35.5+18.10.1)
Ubuntu 19.04 (Disco Dingo):not-affected (2.37.2+19.04)
More Information

Updated: 2019-04-26 12:15:58 UTC (commit 0bd3be6c7ef1609912ecbf9ffe691ad238565da6)