[ubuntu/yakkety-updates] bubblewrap 0.1.7-0ubuntu0.16.10.1 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Fri Feb 10 01:58:12 UTC 2017
bubblewrap (0.1.7-0ubuntu0.16.10.1) yakkety-security; urgency=medium
* SECURITY UPDATE: bubblewrap escape via TIOCSTI ioctl (LP: #1657357)
- Fixed in new upstream release 0.1.7 by adding --new-session
option that use setsid() before executing sandboxed code.
Users of bubblewrap to confine untrusted programs should either
add --new-session to the bwrap command line, or prevent the
TIOCSTI ioctl with a seccomp filter instead (as Flatpak does).
- New upstream release also adds --unshare-all option to easily
sandbox all namespaces. A --share-net option can be used with
--unshare-all to retain the network namespace.
- CVE-2017-5226
* debian/bubblewrap.examples: install upstream examples
Date: 2017-02-09 23:01:14.418976+00:00
Changed-By: Jeremy Bicha <jeremy at bicha.net>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/bubblewrap/0.1.7-0ubuntu0.16.10.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Yakkety-changes
mailing list