Exploit for local privilege escalation - update to snapd 2.37.1+

Because this forum doesn’t provide changelogs, I had to dig this myself.


Quite disturbing that Canonical can remotely create users on my system. This requires explanation.

The bug report is linked from the url you gave. https://bugs.launchpad.net/snapd/+bug/1813365, which also links to the Ubuntu Security Notice. https://usn.ubuntu.com/3887-1/ along with the source changes. https://github.com/snapcore/snapd/pull/6443 and https://github.com/snapcore/snapd/pull/6447

1 Like

All of this is nice, but how could I know if release notes are not posted at https://forum.snapcraft.io/c/release and there is no page to subscribe?

I’m sorry if it looks like we promised to create a topic for every snapd release and post it to the ‘release’ category. If you could tell me where you found this information, I’d gladly update it.

We don’t create a topic for every snapd release. Maybe we should (@mvo, wdyt?)
Releases are documented elsewhere, in some cases in great detail, so maybe it’s a needless duplication but maybe we should link things up so people find them.

@abitrolly where did you get that anybody can remotely create users on your system? AFAIK that’s not true.


I misread the in code. The /v2/create-user endpoint is local and it just uses Ubuntu SSO to query user information. It is not an endpoint on Canonical side that then commands some local daemon to create user as I originally thought.

1 Like

Indeed: it’s the snapd side of snap create-user.