In some conditions, a snap package built by snapcraft includes the current directory in LD_LIBRARY_PATH, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar. This issue affects snapcraft versions before 4.4.4, before 2.43.1+16.04.1, and before 2.43.1+18.04.1.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
canonical snapcraft |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 18.04 |