Changelog
snapd (2.49-1+deb11u1) bullseye-security; urgency=high
* SECURITY UPDATE: local privilege escalation
- 0015-cve-2021-44730-44731-4120.patch: Add validations of the
location of the snap-confine binary within snapd.
- 0015-cve-2021-44730-44731-4120: Fix race condition in snap-confine
when preparing a private mount namespace for a snap.
- 0016-cve-2021-2021-44730-44731-4120-auto-remove.patch: automatic
remove vulnerable inactive core/snapd snaps
- CVE-2021-44730
- CVE-2021-44731
* SECURITY UPDATE: data injection from malicious snaps
- 0015-cve-2021-44730-44731-4120: Add validations of snap content
interface and layout paths in snapd
- CVE-2021-4120
- LP: #1949368
-- Michael Vogt <email address hidden> Wed, 16 Feb 2022 10:56:34 +0100