[ubuntu/xenial-proposed] ubuntu-core-security 16.04.8 (Accepted)

Jamie Strandboge jamie at ubuntu.com
Wed Dec 16 22:54:11 UTC 2015 

ubuntu-core-security (16.04.8) xenial; urgency=medium

  * ubuntu/default:
    - add timerfd and new mbarrier syscall
    - allow ixr on tset
    - remove explicit apparmor denials for ptrace, mount and mknod since
      others caps may add them (eg, container-management)
    - add a few rules that aren't information leak to ease hardware assignment
      policy
  * debian/README.seccomp: update for 4.3 syscalls
  * remove 15.04 and 15.10 policy
  * ubuntu/network-client:
    - don't explicitly deny network-manager in ubuntu-core policy. This made
      sense on Touch where everything was noisy, but network-manager only
      exists as a snap on core.
    - remove accept, accept4, listen and bind (must use either unix-listener
      or network-listener instead)
  * add the identified new caps for 16.04
  * rename network-admin to network-management
  * rename network-firewall to firewall-management
  * rename network-status to network-monitor
  * rename network-service to network-listener
  * rename snapd to snap-management
  * add compatibility symlinks for renamed caps (this will be removed for
    16.04 release)
  * ubuntu/network-listener: update comment for socket()

Date: Wed, 16 Dec 2015 16:46:59 -0600
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Security <security at ubuntu.com>
https://launchpad.net/ubuntu/+source/ubuntu-core-security/16.04.8
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 16 Dec 2015 16:46:59 -0600
Source: ubuntu-core-security
Binary: ubuntu-core-security-apparmor ubuntu-core-security-seccomp ubuntu-core-security-utils
Architecture: source
Version: 16.04.8
Distribution: xenial
Urgency: medium
Maintainer: Ubuntu Security <security at ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description:
 ubuntu-core-security-apparmor - AppArmor easyprof templates for Ubuntu Core
 ubuntu-core-security-seccomp - Seccomp templates for Ubuntu Core
 ubuntu-core-security-utils - Security utilities for Ubuntu Core
Changes:
 ubuntu-core-security (16.04.8) xenial; urgency=medium
 .
   * ubuntu/default:
     - add timerfd and new mbarrier syscall
     - allow ixr on tset
     - remove explicit apparmor denials for ptrace, mount and mknod since
       others caps may add them (eg, container-management)
     - add a few rules that aren't information leak to ease hardware assignment
       policy
   * debian/README.seccomp: update for 4.3 syscalls
   * remove 15.04 and 15.10 policy
   * ubuntu/network-client:
     - don't explicitly deny network-manager in ubuntu-core policy. This made
       sense on Touch where everything was noisy, but network-manager only
       exists as a snap on core.
     - remove accept, accept4, listen and bind (must use either unix-listener
       or network-listener instead)
   * add the identified new caps for 16.04
   * rename network-admin to network-management
   * rename network-firewall to firewall-management
   * rename network-status to network-monitor
   * rename network-service to network-listener
   * rename snapd to snap-management
   * add compatibility symlinks for renamed caps (this will be removed for
     16.04 release)
   * ubuntu/network-listener: update comment for socket()
Checksums-Sha1:
 acd42ada21959567907206988db554e4607b99b6 1908 ubuntu-core-security_16.04.8.dsc
 c4c73c0535dad61b86572f8ca2ce471aae7ff3d2 20744 ubuntu-core-security_16.04.8.tar.xz
Checksums-Sha256:
 10433b4befebc39632aa3a201e7c3b27cceb4c8bf7aee4bef36a683960287a9c 1908 ubuntu-core-security_16.04.8.dsc
 1d605e06552c9d7af632de96484d103442de89f264baffd5f7e2b3b809718a57 20744 ubuntu-core-security_16.04.8.tar.xz
Files:
 f2fb4d29e7baa5c2903cbd72246d118c 1908 admin optional ubuntu-core-security_16.04.8.dsc
 e7a1aa541f3d86f320449dfcd907db5c 20744 admin optional ubuntu-core-security_16.04.8.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWceqPAAoJEFHb3FjMVZVz2M8P/AkegnYCxnSn9ggNawSZvxOf
0A19hMx5QLnWrkWvsCWKjjOpiAFIjQ29ct9jvrRxzwlGH6meuga4u3voH6kU9CSV
8Fl94VU2aM17E5hJQT06yoyu5tGHkinDkYwHct9SkV0inNF6djJjE36W79ifZHD0
tmrB2/xjEDh3Mwvq50rGkGwOqQHtTyuysDJy+PO2CDgZ5SgZeqm2o2ovygUHY8fX
y1jPu1kCmco7AlczQyengAJEqMahEI21S6RTeDKlflwwSTECciL/xEUhq8QZjUtf
AVqvqcLl8u8xfzmSym8QRI3Hrk5Qv1Uq20Y/trovh7viLLJnTURpLQoK3nnaL62r
H8s9SUU42FzrBiPSBOAStlHMPZAjkrJ5g7Xn4fiHv5dLS7uFs1mu1OJgeCIrdmRP
UvH8PaLjtIJfypTNzH/zEJvxnFwPOaDUIbQWWwdsNpnRkpWgfpGaen4zhFUFRzx8
/+Bwo1WoBhhdv8cwJpe9gSKWwoUhnfj+eevw4ZFpi8hG5N0/Ua2EzpJSbRVOLi0r
Uztxq1ongbvzD68ucGf5e7u8DDZ6ThdI6MrgD3tnpE0dM5AJl4ue4wUUQVZ8nb9O
jC84LMuVEXyl4V6OO2JGMbaP9WI5W1EFUjom8zkKraO6Yl7+IO0uh/MnX8PrY7XS
PUz4gl/vdFEP5n20hJ+r
=XY7q
-----END PGP SIGNATURE-----

More information about the Xenial-changes mailing list