CVE 2019-7303
A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert characters into a terminal on a 64-bit host. The seccomp rules were generated to match 64-bit ioctl(2) commands on a 64-bit platform; however, the Linux kernel only uses the lower 32 bits to determine which ioctl(2) commands to run. This issue affects: Canonical snapd versions prior to 2.37.4.
Related bugs and status
CVE-2019-7303 (Candidate) is related to these bugs:
Bug #1786438: [SRU] 2.35
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1786438 | [SRU] 2.35 | snapd (Ubuntu) | Undecided | Fix Released | ||
| 1786438 | [SRU] 2.35 | snapd (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1786438 | [SRU] 2.35 | snapd (Ubuntu Trusty) | Undecided | Fix Released | ||
| 1786438 | [SRU] 2.35 | snapd (Ubuntu Xenial) | Undecided | Fix Released | ||
Bug #1795590: [SRU] 2.36
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1795590 | [SRU] 2.36 | snapd (Ubuntu) | Undecided | Fix Released | ||
| 1795590 | [SRU] 2.36 | snapd (Ubuntu Xenial) | Undecided | Fix Released | ||
| 1795590 | [SRU] 2.36 | snapd (Ubuntu Cosmic) | Undecided | Fix Released | ||
| 1795590 | [SRU] 2.36 | snapd (Ubuntu Bionic) | Undecided | Fix Released | ||
Bug #1811233: [SRU] 2.37.1 and 2.37.3
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1811233 | [SRU] 2.37.1 and 2.37.3 | snapd (Ubuntu) | Undecided | Fix Released | ||
| 1811233 | [SRU] 2.37.1 and 2.37.3 | snapd (Ubuntu Cosmic) | Undecided | Fix Released | ||
| 1811233 | [SRU] 2.37.1 and 2.37.3 | snapd (Ubuntu Trusty) | Undecided | Fix Released | ||
| 1811233 | [SRU] 2.37.1 and 2.37.3 | snapd (Ubuntu Xenial) | Undecided | Fix Released | ||
| 1811233 | [SRU] 2.37.1 and 2.37.3 | snapd (Ubuntu Bionic) | Undecided | Fix Released | ||
Bug #1812973: snap: seccomp blacklist for TIOCSTI can be circumvented
Bug #1817949: [SRU] 2.37.4
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1817949 | [SRU] 2.37.4 | snapd (Ubuntu) | Undecided | Fix Released | ||
| 1817949 | [SRU] 2.37.4 | snapd (Ubuntu Cosmic) | Undecided | Fix Released | ||
| 1817949 | [SRU] 2.37.4 | snapd (Ubuntu Xenial) | Undecided | Fix Released | ||
| 1817949 | [SRU] 2.37.4 | snapd (Ubuntu Trusty) | Undecided | Fix Released | ||
| 1817949 | [SRU] 2.37.4 | snapd (Ubuntu Bionic) | Undecided | Fix Released | ||
Bug #1821811: New upstream microrelease flatpak 1.0.8
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1821811 | New upstream microrelease flatpak 1.0.8 | flatpak (Ubuntu) | Low | Fix Released | ||
| 1821811 | New upstream microrelease flatpak 1.0.8 | flatpak (Ubuntu Cosmic) | Low | Fix Released | ||
| 1821811 | New upstream microrelease flatpak 1.0.8 | flatpak (Ubuntu Bionic) | Low | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
