stable

snapd-2.54.3-1.fc34

FEDORA-2022-82bea71e5a created by bboozzoo 2 years ago for Fedora 34

Update to 2.54.3. Cherry pick misc SELinux policy fixes. Fixes for CVE-2021-44731, CVE-2021-44730, CVE-2021-4120.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2022-82bea71e5a

This update has been submitted for testing by bboozzoo.

2 years ago

This update's test gating status has been changed to 'ignored'.

2 years ago

This update has been pushed to testing.

2 years ago

bboozzoo edited this update.

2 years ago

bboozzoo edited this update.

2 years ago

bboozzoo edited this update.

2 years ago

ngompa edited this update.

2 years ago
User Icon ngompa provided feedback 2 years ago
karma
BZ#1944390 SELinux is preventing systemctl from using the 'setrlimit' accesses on a process.
BZ#2043160 SELinux is preventing snap-confine from 'getattr' accesses on the chr_file /dev/rfkill.
BZ#2043161 SELinux is preventing snap-confine from 'getattr' accesses on the chr_file /dev/kvm.
BZ#2043894 SELinux is preventing snap-confine from using the 'perfmon' capabilities.
BZ#2043895 SELinux is preventing snap-confine from 'getattr' accesses on the chr_file /dev/uhid.
BZ#2043896 SELinux is preventing snap-confine from using the 'setrlimit' accesses on a process.
BZ#2043898 SELinux is preventing snap-confine from 'getattr' accesses on the chr_file /dev/net/tun.
BZ#2043899 SELinux is preventing snap-confine from 'getattr' accesses on the chr_file /dev/nvidia-uvm.
BZ#2043901 SELinux is preventing snap-confine from 'getattr' accesses on the chr_file /dev/kvm.
BZ#2043902 SELinux is preventing snap-confine from using the 'bpf' capabilities.
BZ#2046361 SELinux is preventing snap-confine from using the 'perfmon' capabilities.
BZ#2046363 SELinux is preventing snap-confine from using the 'setrlimit' accesses on a process.
BZ#2046364 SELinux is preventing snap-confine from 'getattr' accesses on the chr_file /dev/uhid.
BZ#2046365 SELinux is preventing snap-confine from 'getattr' accesses on the chr_file /dev/nvidia-uvm.
BZ#2051594 SELinux is preventing snap-confine from 'getattr' accesses on the chr_file /dev/snd/hwC0D0.
BZ#2056058 CVE-2021-44731 snapd: Race condition in snap-confine's setup_private_mount()
BZ#2056060 CVE-2021-44731 snapd: Race condition in snap-confine's setup_private_mount() [fedora-all]
BZ#2056061 CVE-2021-44730 snapd: Hardlink attack in snap-confine's sc_open_snapd_tool()
BZ#2056063 CVE-2021-44730 snapd: Hardlink attack in snap-confine's sc_open_snapd_tool() [fedora-all]
BZ#2056065 CVE-2021-4120 snapd: Insufficient validation of snap content interface and layout paths
BZ#2056067 CVE-2021-4120 snapd: Insufficient validation of snap content interface and layout paths [fedora-all]

This update has been submitted for stable by bodhi.

2 years ago

This update has been pushed to stable.

2 years ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
1
Stable by Time
7 days
Dates
submitted
2 years ago
in testing
2 years ago
in stable
2 years ago
modified
2 years ago
BZ#1944390 SELinux is preventing systemctl from using the 'setrlimit' accesses on a process.
0
1
BZ#2043160 SELinux is preventing snap-confine from 'getattr' accesses on the chr_file /dev/rfkill.
0
1
BZ#2043161 SELinux is preventing snap-confine from 'getattr' accesses on the chr_file /dev/kvm.
0
1
BZ#2043894 SELinux is preventing snap-confine from using the 'perfmon' capabilities.
0
1
BZ#2043895 SELinux is preventing snap-confine from 'getattr' accesses on the chr_file /dev/uhid.
0
1
BZ#2043896 SELinux is preventing snap-confine from using the 'setrlimit' accesses on a process.
0
1
BZ#2043898 SELinux is preventing snap-confine from 'getattr' accesses on the chr_file /dev/net/tun.
0
1
BZ#2043899 SELinux is preventing snap-confine from 'getattr' accesses on the chr_file /dev/nvidia-uvm.
0
1
BZ#2043901 SELinux is preventing snap-confine from 'getattr' accesses on the chr_file /dev/kvm.
0
1
BZ#2043902 SELinux is preventing snap-confine from using the 'bpf' capabilities.
0
1
BZ#2046361 SELinux is preventing snap-confine from using the 'perfmon' capabilities.
0
1
BZ#2046363 SELinux is preventing snap-confine from using the 'setrlimit' accesses on a process.
0
1
BZ#2046364 SELinux is preventing snap-confine from 'getattr' accesses on the chr_file /dev/uhid.
0
1
BZ#2046365 SELinux is preventing snap-confine from 'getattr' accesses on the chr_file /dev/nvidia-uvm.
0
1
BZ#2051594 SELinux is preventing snap-confine from 'getattr' accesses on the chr_file /dev/snd/hwC0D0.
0
1
BZ#2056058 CVE-2021-44731 snapd: Race condition in snap-confine's setup_private_mount()
0
1
BZ#2056060 CVE-2021-44731 snapd: Race condition in snap-confine's setup_private_mount() [fedora-all]
0
1
BZ#2056061 CVE-2021-44730 snapd: Hardlink attack in snap-confine's sc_open_snapd_tool()
0
1
BZ#2056063 CVE-2021-44730 snapd: Hardlink attack in snap-confine's sc_open_snapd_tool() [fedora-all]
0
1
BZ#2056065 CVE-2021-4120 snapd: Insufficient validation of snap content interface and layout paths
0
1
BZ#2056067 CVE-2021-4120 snapd: Insufficient validation of snap content interface and layout paths [fedora-all]
0
1

Automated Test Results