This bug was fixed in the package snapd - 2.48.3+18.04 --------------- snapd (2.48.3+18.04) bionic-security; urgency=medium
* SECURITY UPDATE: sandbox escape vulnerability for containers (LP: #1910456) - many: add Delegate=true to generated systemd units for special interfaces - interfaces/greengrass-support: back-port interface changes to 2.48 - CVE-2020-27352 * interfaces/builtin/docker-support: allow /run/containerd/s/... - This is a new path that docker 19.03.14 (with a new version of containerd) uses to avoid containerd CVE issues around the unix socket. See also CVE-2020-15257. snapd (2.48.2) xenial; urgency=medium * New upstream release, LP: #1906690 - tests: sign new nested-18|20* models to allow for generic serials - secboot: add extra paranoia when waiting for that fde-reveal-key - tests: backport netplan workarounds from #9785 - secboot: add workaround for snapcore/core-initrd issue #13 - devicestate: log checkEncryption errors via logger.Noticef - tests: add nested spread end-to-end test for fde-hooks - devicestate: implement checkFDEFeatures() - boot: tweak resealing with fde-setup hooks - sysconfig/cloudinit.go: add "manual_cache_clean: true" to cloud- init restrict file - secboot: add new LockSealedKeys() that uses either TPM or fde-reveal-key - gadget: use "sealed-keys" to determine what method to use for reseal - boot: add sealKeyToModeenvUsingFdeSetupHook() - secboot: use `fde-reveal-key` if available to unseal key - cmd/snap-update-ns: fix sorting of overname mount entries wrt other entries - o/devicestate: save model with serial in the device save db - devicestate: add runFDESetupHook() helper - secboot,devicestate: add scaffoling for "fde-reveal-key" support - hookstate: add new HookManager.EphemeralRunHook() - update-pot: fix typo in plural keyword spec - store,cmd/snap-repair: increase initial expontential time intervals - o/devicestate,daemon: fix reboot system action to not require a system label - github: run nested suite when commit is pushed to release branch - tests: reset fakestore unit status - tests: fix uc20-create-parition-* tests for updated gadget - hookstate: implement snapctl fde-setup-{request,result} - devicestate: make checkEncryption fde-setup hook aware - client,snapctl: add naive support for "stdin" - devicestate: support "storage-safety" defaults during install - snap: use the boot-base for kernel hooks - vendor: update secboot repo to avoid including secboot.test binary snapd (2.48.1) xenial; urgency=medium * New upstream release, LP: #1906690 - gadget: disable ubuntu-boot role validation check -- Michael Vogt <michael.v...@ubuntu.com> Tue, 02 Feb 2021 09:21:12 +0100 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1906690 Title: [SRU] 2.48.2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1906690/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs