github.com/snapcore/snapd is vulnerable to data injection. The vulnerability exists because snapd doesn’t properly validate content interface and layout paths which allows an attacker to inject and execute arbitrary AppArmor policy rules.
www.openwall.com/lists/oss-security/2022/02/18/2
bugs.launchpad.net/snapd/+bug/1949368
bugzilla.redhat.com/show_bug.cgi?id=2056065
github.com/advisories/GHSA-hfvx-54vj-h9wq
lists.fedoraproject.org/archives/list/[email protected]/message/3QTBN7LLZISXIA4KU4UKDR27Q5PXDS2U/
lists.fedoraproject.org/archives/list/[email protected]/message/XCGHG6LJAVJJ72TMART6A7N4Z6MSTGI7/
ubuntu.com/security/notices/USN-5292-1
www.openwall.com/lists/oss-security/2022/02/18/2