SRU of LXC 1.0.10 (upstream bugfix release)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lxc (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Trusty |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
LXC upstream released LXC 1.0.10 as a bugfix release with following changelog:
- Security fix for CVE-2016-10124
- Security fix for CVE-2017-5985
- attach: simplify lsm_openat()
- commands: improve logging
- utils: add macro __LXC_NUMSTRLEN
- tests; Don't cause test failures on cleanup errors
- conf: clearly report to either use drop or keep
- attach: close lsm label file descriptor
- conf, attach: save errno across call to close
- templates/
-
- templates/
- Fix regression in errno handling cherry-pick
- don't try to get stuff from /usr/lib/systemd on the host
- lxc-opensuse: rm poweroff.target -> sigpwr.target copy
- Add --enable-gnutls option
- tests: skip unpriv tests on broken overlay module
- Use AC_HEADER_MAJOR to detect major()
- Make lxc-start-ephemeral Python 3.2-compatible
- systemd: enable delegate in service file
- confile: clear lxc.network.
- seccomp: allow x32 guests on amd64 hosts.
- squeeze is not a supported release anymore, drop the key
- seccomp: set SCMP_FLTATR_
- lxc-checkconfig: verify new[ug]idmap are setuid-root
- python3: Deal with potential NULL char*
- lxc-download.in / allow setting keyserver from env
- lxc-download.in / Document keyserver change in help
- Change variable check to match existing style
- tests: Support running on IPv6 networks
- tests: Kill containers (don't wait for shutdown)
- Fix opening wrong file in suggest_
- lxc_setup_tios(): Ignore SIGTTOU and SIGTTIN signals
- Increased buffer length in print_stats()
- remove obsolete note about api stability
- conf: less error prone pointer access
- create ISSUE_TEMPLATE.md
- issue template: fix typo
- conf: order mount options
- commands: avoid NULL pointer dereference
- commands: non-functional changes
- lxccontainer: avoid NULL pointer dereference
Just like Ubuntu itself, upstream releases long term support releases, as is 1.0 and then periodic point releases including all the accumulated bugfixes.
Only the latest upstream release gets full support from the upstream developers, everyone else is expected to first update to it before receiving any kind of support.
This should qualify under the minor upstream bugfix release allowance of the SRU policy, letting us SRU this without paperwork for every single change included in this upstream release.
CVE References
Changed in lxc (Ubuntu): | |
status: | New → Invalid |
Changed in lxc (Ubuntu Trusty): | |
status: | New → In Progress |
Hello Stéphane, or anyone else affected,
Accepted lxc into trusty-proposed. The package will build now and be available at https:/ /launchpad. net/ubuntu/ +source/ lxc/1.0. 10-0ubuntu1 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See https:/ /wiki.ubuntu. com/Testing/ EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.
If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed. In either case, details of your testing will help us make a better decision.
Further information regarding the verification process can be found at https:/ /wiki.ubuntu. com/QATeam/ PerformingSRUVe rification . Thank you in advance!