disco livecd still has insecure version 15 days after 10.4 bugfix hit proposed
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
systemd (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
This applies to disco only.
Ref: symlink exploit fixed in 10.4 release
Systemd restart is masked.
Debian lists this update as high priority.
Any easy get-root bug should be critical,
not medium priority as listed in the usn.
Updating while running the livecd is not securing anything.
Please prioritize release of proposed security updates to disco,
and all future current livecd versions.
At least push out those updates that require substantial knowledge to activate
(libc6, dbus, systemd, and their dependencies, etc )
and packages needed to do updates (apt, networkmanager, their dependencies, etc)
Is there a way to override the mask and restart systemd?
Can I use apparmor to prevent the symlink exploit? How?
Should I file this elsewhere?
please reopen if this is still an issue