[ubuntu/trusty-security] lxc 1.0.9-0ubuntu3 (Accepted)
Tyler Hicks
tyhicks at canonical.com
Thu Mar 9 16:01:24 UTC 2017
lxc (1.0.9-0ubuntu3) trusty-security; urgency=medium
* SECURITY UPDATE: lxc-user-nic doesn't check netns ownership (LP: #1654676)
- Ensure target netns is caller-owned
- CVE-2017-5985
lxc (1.0.9-0ubuntu2) trusty; urgency=medium
* Cherry-pick upstream bugfix (LP: #1647016):
- 0001-tests-skip-unpriv-tests-on-broken-overlay-module.patch
lxc (1.0.9-0ubuntu1) trusty; urgency=medium
* New upstream bugfix release. (LP: #1647016)
- Security fix for CVE-2016-8649
- utils: make detect_ramfs_rootfs() return bool
- tests: add test for detect_ramfs_rootfs()
- add Documentation entries to lxc and lxc@ units
- mark the python examples as having utf-8 encoding
- log: sanity check the returned value from snprintf()
- lxc-alpine: mount /dev/shm as tmpfs
- archlinux: Do DHCP on eth0
- archlinux: Fix resolving
- Drop leftover references to lxc_strerror()
- tests: fix image download for s390x
- tools: fix coding style in lxc_attach
- tools: make overlay valid backend
- tools: better error reporting for lxc-start
- alpine: Fix installing extra packages
- lxc-alpine: do not drop setfcap
- s390x: Fix seccomp handling of personalities
- tools: correct the argument typo in lxc_copy
- Use libtool for liblxc.so
- c/r: use --external instead of --veth-pair
- c/r: remember to increment netnr
- c/r: add checkpoint/restore support for macvlan interfaces
- ubuntu: Fix package upgrades requiring proc
- c/r: drop duplicate hunk from macvlan case
- c/r: use snprintf to compute device name
- Tweak libtool handling to work with Android
- tests: add lxc_error() and lxc_debug()
- container start: clone newcgroup immediately
- use python3_sitearch for including the python code
- fix rpm build, include all built files, but only once
- cgfs: fix invalid free()
- find OpenSUSE's build also as obs-build
- improve help text for --fancy and --fancy-format
- improve wording of the help page for lxc-ls
- cgfs: add print_cgfs_init_debuginfo()
- cgfs: skip empty entries under /proc/self/cgroup
- cgfs: explicitly check for NULL
- tools: use correct exit code for lxc-stop
- c/r: explicitly emit bind mounts as criu arguments
- log: bump LXC_LOG_BUFFER_SIZE to 4096
- conf: merge network namespace move & rename on shutdown
- c/r: save criu's stdout during dump too
- c/r: remove extra \ns from logs
- c/r: fix off-by-one error
- c/r: check state before doing a checkpoint/restore
- start: CLONE_NEWCGROUP after we have setup cgroups
- create symlink for /var/run
- utils: add lxc_append_string()
- cgroups: remove isolated cpus from cpuset.cpus
- Update Ubuntu release name: add zesty and remove wily
- templates: add squashfs support to lxc-ubuntu-cloud.in
- cgroups: skip v2 hierarchy entry
- also stop lxc-net in runlevels 0 and 6
- add lxc.egg-info to gitignore
- install bash completion where pkg-config tells us to
- conf: do not use %m format specifier
- debian: Don't depend on libui-dialog-perl
- cgroups: use %zu format specifier to print size_t
- lxc-checkpoint: automatically detect if --external or --veth-pair
- cgroups: prevent segfault in cgfsng
- utils: add lxc_preserve_ns()
- start: add netnsfd to lxc_handler
- conf: use lxc_preserve_ns()
- attach: use lxc_preserve_ns()
- lxc_user_nic: use lxc_preserve_ns()
- conf, start: improve log output
- conf: explicitly remove veth device from host
- conf, start: be smarter when deleting networks
- start, utils: improve preserve_ns()
- start, error: improve log + non-functional changes
- start, namespace: move ns_info to namespace.{c,h}
- attach, utils: bugfixes
- attach: use ns_info[LXC_NS_MAX] struct
- namespace: always attach to user namespace first
- cgroup: improve isolcpus handling
- cgroups: handle non-existent isolcpus file
- utils: add lxc_safe_uint()
- tests: add unit tests for lxc_safe_uint()
- utils: add lxc_safe_int()
- tests: add unit tests for lxc_safe_int()
- conf/ile: get ip prefix via lxc_safe_uint()
- confile: use lxc_safe_u/int in config_init_{u,g}id
- conf/ile: use lxc_safe_uint() in config_pts()
- conf/ile: use lxc_safe_u/int() in config_start()
- conf/ile: use lxc_safe_uint() in config_monitor()
- conf/ile: use lxc_safe_uint() in config_tty()
- conf/ile: use lxc_safe_uint() in config_kmsg()
- conf/ile: avoid atoi in config_lsm_aa_incomplete()
- conf/ile: use lxc_safe_uint() in config_autodev()
- conf/ile: avoid atoi() in config_ephemeral()
- utils: use lxc_safe_int()
- lxc_monitord: use lxc_safe_int() && use exit()
- start: use lxc_safe_int()
- conf: use lxc_safe_{u}int()
- tools/lxc_execute: use lxc_safe_uint()
- tools/lxc_stop: use lxc_safe_uint()
- utils: add lxc_safe_long()
- tests: add unit tests for lxc_safe_long()
- tools/lxc_stop: use lxc_safe_long()
- tools/lxc_top: use lxc_safe_int()
- tools/lxc_ls: use lxc_safe_uint()
- tools/lxc_autostart: use lxc_safe_{int,long}()
- tools/lxc_console: use lxc_safe_uint()
- tools: replace non-standard namespace identifiers
- Configure a static MAC address on the LXC bridge
- tests: remove overflow tests
- attach: do not send procfd to attached process
* Autopkgtest:
- Restrict tests to run on standalone systems.
Date: 2017-03-07 20:08:13.727875+00:00
Changed-By: Stéphane Graber <stgraber at stgraber.org>
Signed-By: Tyler Hicks <tyhicks at canonical.com>
https://launchpad.net/ubuntu/+source/lxc/1.0.9-0ubuntu3
-------------- next part --------------
Sorry, changesfile not available.
More information about the Trusty-changes
mailing list