Source: snapd Version: 2.62-1 Severity: important Tags: security upstream Forwarded: https://bugs.launchpad.net/snapd/+bug/2065077 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for snapd. CVE-2024-5138[0]: | The snapctl component within snapd allows a confined snap to | interact with the snapd daemon to take certain privileged actions on | behalf of the snap. It was found that snapctl did not properly parse | command-line arguments, allowing an unprivileged user to trigger an | authorised action on behalf of the snap that would normally require | administrator privileges to perform. This could possibly allow an | unprivileged user to perform a denial of service or similar. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-5138 https://www.cve.org/CVERecord?id=CVE-2024-5138 [1] https://bugs.launchpad.net/snapd/+bug/2065077 [2] https://github.com/snapcore/snapd/commit/68ee9c6aa916ab87dbfd9a26030690f2cabf1e14 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
