[ubuntu/trusty-security] lxc 1.0.8-0ubuntu0.4 (Accepted)

Tyler Hicks tyhicks at canonical.com
Wed Nov 23 16:13:23 UTC 2016

lxc (1.0.8-0ubuntu0.4) trusty-security; urgency=medium

  * SECURITY UPDATE: Escape through ptrace and inherited fd (LP: #1639345)
    - attach: Do not send procfd to attached process
    - CVE-2016-8649

lxc (1.0.8-0ubuntu0.3) trusty; urgency=medium

  * Cherry-pick from upstream:
    - Fix preserve_ns to work on < 3.8 kernels. (LP: #1516971)

lxc (1.0.8-0ubuntu0.2) trusty; urgency=medium

  * Cherry-pick from upstream:
    - Fix ubuntu-cloud template to detect compression algorithm instead
      of hardcoding xz. Also update list of supported releases and use trusty
      as the fallback release. (LP: #1515463)
  * Update lxc-tests description to make it clear that this package is
    meant to be used by developers and by automated testing.

lxc (1.0.8-0ubuntu0.1) trusty; urgency=medium

  * New upstream bugfix release. (MRE tracking bug: LP: #1514623)
    (LP: #1429140)
    - Changelog at: https://linuxcontainers.org/lxc/news/
  * Drop proxy detection from the autopkgtest exercise script.
  * Add patch:
    - 0001-Trusty-Swap-out-the-CVE-2015-1335-fix-with-the-trust.patch
      This is a patch by Serge Hallyn to cope with the trusty 3.13 kernel.
      It updates the upstream CVE fix to the version which trusty ended
      up with after the few round of fixes.

lxc (1.0.7-0ubuntu0.10) trusty; urgency=medium

  * Update the /proc/self/mountinfo no-symlink verification to accomodate
    recursive mounts.  (LP: #1509752)

lxc (1.0.7-0ubuntu0.9) trusty; urgency=medium

  * Update previous patch to include some extra apparmor rules.
    (LP: #1504781)

lxc (1.0.7-0ubuntu0.8) trusty; urgency=medium

  * Update AppArmor profile from stable-1.0 branch which should fix the
    current test failures with the proposed 3.13 kernel. (LP: #1504781)

Date: 2016-11-22 06:32:46.844663+00:00
Changed-By: Stéphane Graber <stgraber at stgraber.org>
Signed-By: Tyler Hicks <tyhicks at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Trusty-changes mailing list