Your message dated Sun, 22 Mar 2026 22:03:40 +0000
with message-id <[email protected]>
and subject line Bug#1131120: fixed in snapd 2.68.3-3+deb13u1
has caused the Debian Bug report #1131120,
regarding snapd: CVE-2026-3888
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1131120: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131120
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: snapd
Version: 2.68.3-3
Severity: grave
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for snapd.
CVE-2026-3888[0]:
| Local privilege escalation in snapd on Linux allows local attackers
| to get root privilege by re-creating snap's private /tmp directory
| when systemd-tmpfiles is configured to automatically clean up this
| directory. This issue affects Ubuntu 16.04 LTS, 18.04 LTS, 20.04
| LTS, 22.04 LTS, and 24.04 LTS.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-3888
https://www.cve.org/CVERecord?id=CVE-2026-3888
[1] https://www.openwall.com/lists/oss-security/2026/03/17/8
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: snapd
Source-Version: 2.68.3-3+deb13u1
Done: Salvatore Bonaccorso <[email protected]>
We believe that the bug you reported is fixed in the latest version of
snapd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated snapd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 17 Mar 2026 22:07:18 +0100
Source: snapd
Architecture: source
Version: 2.68.3-3+deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: Michael Hudson-Doyle <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 1131120
Changes:
snapd (2.68.3-3+deb13u1) trixie-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* data/systemd-tmpfiles: protect the per-snap tmp
* data: more precise prune pattern for tmpfiles (CVE-2026-3888)
(Closes: #1131120)
Checksums-Sha1:
5b0e0250d14e2b928b3c2c1cffdc18610c1ae0c1 3666 snapd_2.68.3-3+deb13u1.dsc
f150ccdeb3e1f5477c0a68e2fd12206919b37b6a 15932780 snapd_2.68.3.orig.tar.gz
b11411d8a5e021d94c9754d4c0d08abe35d9b708 145608
snapd_2.68.3-3+deb13u1.debian.tar.xz
23101ac28eaa698b4406162bad11a9d717460541 7811
snapd_2.68.3-3+deb13u1_source.buildinfo
Checksums-Sha256:
aa871ab6dd1a431df5eafd464fea325bc88ae378faceec66d6c19eb25077c0bf 3666
snapd_2.68.3-3+deb13u1.dsc
91bc8b7bc521fda197ba5ad96923e61c0f9018a16d0b50630f70ec9a077eff81 15932780
snapd_2.68.3.orig.tar.gz
041d327efbf6d1c51dff3799d36ba96c5f3e4af09beb63e47d17214e047a5f8f 145608
snapd_2.68.3-3+deb13u1.debian.tar.xz
0e2ef8c728e18c0beb3446f1f678dcb5d309ae48ab22c518a55a49405f838800 7811
snapd_2.68.3-3+deb13u1_source.buildinfo
Files:
26eb805e2293bec19a9cbc13b92daae1 3666 devel optional snapd_2.68.3-3+deb13u1.dsc
7083818fba4c5a2b7502651377bcfaac 15932780 devel optional
snapd_2.68.3.orig.tar.gz
a1b4e8cc66f9bb23595d29ede30cde16 145608 devel optional
snapd_2.68.3-3+deb13u1.debian.tar.xz
da523b610c4c757a58536a510f034acc 7811 devel optional
snapd_2.68.3-3+deb13u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmm5y19fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89Eu/QP/3iuOPIGcclVsS+S75JTxZ4ADD7EgjGU
q0z0P+pFISErOKZoECIHriAwnrWiv3CYgu7maFUxx4Sa5EkoyaY6b1nT0jhipHuc
omjSK9t9N7Ze4zaR/JxSfQw+mYV3wB4zKYPv2eyoVYKxRXHTxUDi1J/NPamteUvm
VF3ZHHOPfYf6iXSjRZUOEH2KELewog0+0DZVCh3UamQfaOA9u+Y196F1TShxwoR1
Uy7v+XdlqNDg/EuSeLVGdk0yn7nV0Q2JMih6aH12utw+O/Ubn2AR4u3ebXhRBF+D
aDqJRx5YvyPId28mdEu+ZIz+oASGPGgOSU/zKjcALAm9BRcHXGaTzU4C/7w908mx
u+h6NKAC+Llm5ftQ2zoyflyXNnkNjvVnf0zi7PdlFQHB4JZ1+azE6R/1vBk7kgEe
nIGH5Pyupwsu1Iwu/XaPRs7xjMbrBmYr8bj7uW8xVbcgE2bXGAYMav5/QOLnuA28
ACzhYrUsTROloKr2xVonPMpNcv/GIb2bLHD8qqNhbXXYh6HRbzt4HWxkEasG86Gf
DrZgAb8pQ33m1kbgFqAxQ3lA9Myw6RYcd2cntKhGKxG/Wucgc3NNv0Ivx6LKo36B
JD8f/PibPrgXtrEiw6CSWntZYT8XQ21AsaTUvoSE9HxxvlNdmC8ssFqBXh8fFYpQ
XM6Pxe3inhSF
=d24U
-----END PGP SIGNATURE-----
pgpleuVSgNsY4.pgp
Description: PGP signature
--- End Message ---
