Skip to content

New security bugfix release
Compare
Choose a tag to compare
@mvo5 mvo5 released this 15 Jul 12:47
· 18717 commits to master since this release
2.45.2
This tag was signed with the committer’s verified signature.
mvo5 Michael Vogt
GPG key ID: 98CABB3ABD4CA59E
Learn about vigilant mode.
0c15ed0
  • SECURITY UPDATE: sandbox escape vulnerability on snapctl xdg-open
    implementation
    • usersession/userd/launcher.go: remove XDG_DATA_DIRS environment
      variable modification when calling the system xdg-open. Patch
      thanks to James Henstridge
    • packaging/ubuntu-16.04/snapd.postinst: ensure "snap userd" is
      restarted. Patch thanks to Michael Vogt
    • CVE-2020-11934
    • LP: #1880085
  • SECURITY UPDATE: arbitrary code execution vulnerability on core
    devices with access to physical removable media
    • devicestate: Disable/restrict cloud-init after seeding.
    • CVE-2020-11933
    • LP: #1879530
Assets 5
Loading