[ubuntu-cloud-archive/cloud-tools-updates] lxc (Accepted)
Scott Moser
smoser at ubuntu.com
Mon Jan 4 17:21:16 UTC 2016
lxc (1.0.8-0ubuntu0.3~ctools0) precise; urgency=medium
.
* New upstream release for the Ubuntu Cloud Archive.
.
lxc (1.0.8-0ubuntu0.3) trusty; urgency=medium
.
* Cherry-pick from upstream:
- Fix preserve_ns to work on < 3.8 kernels. (LP: #1516971)
.
lxc (1.0.8-0ubuntu0.2) trusty; urgency=medium
.
* Cherry-pick from upstream:
- Fix ubuntu-cloud template to detect compression algorithm instead
of hardcoding xz. Also update list of supported releases and use trusty
as the fallback release. (LP: #1515463)
* Update lxc-tests description to make it clear that this package is
meant to be used by developers and by automated testing.
.
lxc (1.0.8-0ubuntu0.1) trusty; urgency=medium
.
* New upstream bugfix release. (MRE tracking bug: LP: #1514623)
(LP: #1429140)
- Changelog at: https://linuxcontainers.org/lxc/news/
* Drop proxy detection from the autopkgtest exercise script.
* Add patch:
- 0001-Trusty-Swap-out-the-CVE-2015-1335-fix-with-the-trust.patch
This is a patch by Serge Hallyn to cope with the trusty 3.13 kernel.
It updates the upstream CVE fix to the version which trusty ended
up with after the few round of fixes.
.
lxc (1.0.7-0ubuntu0.10) trusty; urgency=medium
.
* Update the /proc/self/mountinfo no-symlink verification to accomodate
recursive mounts. (LP: #1509752)
.
lxc (1.0.7-0ubuntu0.9) trusty; urgency=medium
.
* Update previous patch to include some extra apparmor rules.
(LP: #1504781)
.
lxc (1.0.7-0ubuntu0.8) trusty; urgency=medium
.
* Update AppArmor profile from stable-1.0 branch which should fix the
current test failures with the proposed 3.13 kernel. (LP: #1504781)
.
lxc (1.0.7-0ubuntu0.7) trusty-security; urgency=medium
.
* REGRESSION FIX UPDATE:
- Avoid /./ (LP: #1501491)
.
lxc (1.0.7-0ubuntu0.6) trusty-security; urgency=medium
.
* Fix breakage of some configurations where // ends up in the mount
target. (LP: #1501310) (LP: #1476662)
.
lxc (1.0.7-0ubuntu0.5) trusty-security; urgency=medium
.
* SECURITY UPDATE: Arbitrary host file access and AppArmor
confinement breakout via lxc-start following symlinks while
setting up mounts within a malicious container (LP: #1476662).
- debian/patches/0003-CVE-2015-1335.patch: block mounts to paths
containing symlinks and block bind mounts from relative paths
containing symlinks. Patch from upstream.
- CVE-2015-1335
.
lxc (1.0.7-0ubuntu0.2) trusty-security; urgency=medium
.
* SECURITY UPDATE: Arbitrary file creation via unintentional symlink
following when accessing an LXC lock file (LP: #1470842)
- debian/patches/0001-CVE-2015-1331.patch: Use /run/lxc/lock, rather than
/run/lock/lxc, as /run and /run/lxc is only writable by root. Based on
patch from upstream.
- CVE-2015-1131
* SECURITY UPDATE: Container AppArmor/SELinux confinement breakout via
lxc-attach using a potentially malicious container proc filesystem to
initialize confinement (LP: #1475050)
- debian/patches/0002-CVE-2015-1334.patch: Use the host's proc filesystem
to set up AppArmor profile and SELinux domain transitions during
lxc-attach. Based on patch from upstream.
- CVE-2015-1334
.
lxc (1.0.7-0ubuntu0.1) trusty; urgency=medium
.
* New upstream bugfix release. (MRE tracking bug: LP: #1404039)
- Changelog at: https://linuxcontainers.org/lxc/news/
* Update debian/rules apparmor handling to match Ubuntu 14.10
Date: Mon, 14 Dec 2015 14:24:35 -0500
Changed-By: Scott Moser <smoser at ubuntu.com>
Signed-By: Scott Moser <smoser at ubuntu.com>
Published-By: Scott Moser <smoser at ubuntu.com>
More information about the Cloud-tools-changes
mailing list