Hi,

On 12/06/2026 15:54, Bastien Roucaries wrote:
Le vendredi 12 juin 2026, 15:20:20 heure d’été d’Europe centrale Sylvain 
Beucler a écrit :
On 12/06/2026 13:50, Bastien Roucaries wrote:
I found that systemd-tempfile support was introduced by 2.57.6
https://github.com/canonical/snapd/commit/6226cdc57052f4b7057d92f2e549aa169e35cd2d

Therefore bullseye not affected.

AFAIU snapd is vulnerable when it works in /tmp/snap-private-tmp without
a careful creation and clean-up policy for this directory.

Dropping systemd-tempfile entirely would make it even more vulnerable.

Incidentally, as I noted in dla-needed.txt, stock bullseye is not
affected, but for a different reason:
    NOTE: 20260324: Debian <=bookworm doesn't prune /tmp by default (cf.
/usr/lib/tmpfiles.d/tmp.conf),
    NOTE: 20260324: but a local administrator could change that, so I'd
suggest fixing anyway

In this case the systemd functionality should be backported because bullseye 
have so systemd policy

We probably need to add a recent /usr/lib/tmpfiles.d/snapd.conf to fix CVE-2026-3888, yes.

Cheers!
Sylvain

Reply via email to