Hi!
We don't usually share bulletins about security issues like this here;
we expect you to perform routine (and preferably automated!) upgrades of
your software at home. But those two issues are critical enough to
warrant a special announcement.
This week, two major security issues affecting server and desktop users
in the Linux community have come up. They are:
- a local privilege escalation in snapd:
Local-privilege escalation in snapd [LWN.net]
- a series of vulnerabilities in AppArmor:
A set of AppArmor vulnerabilities [LWN.net]
Both issues are quite serious; they could lead to an attacker getting
administrator access on your machine, bypassing normal security controls
entirely.
If you use Ubuntu, you are most certainly using "snapd" and should
upgrade. If you don't, you might still be using it as it's also
available for other operating systems.
AppArmor is also used a lot on Ubuntu, but is also available for some
platforms.
Red Hat derivatives like Fedora are less affected by both of those, as
they typically use Flatpak (instead of snapd) and SELinux (instead of
AppArmor).
A.
···
--
Antoine Beaupré
torproject.org system administration
_______________________________________________
tor-project mailing list -- tor-project@lists.torproject.org
To unsubscribe send an email to tor-project-leave@lists.torproject.org