This bug was fixed in the package lxc - 2.0.6-0ubuntu1~ubuntu16.10.1 --------------- lxc (2.0.6-0ubuntu1~ubuntu16.10.1) yakkety; urgency=medium * New upstream bugfix release (2.0.6) (LP: #1647010): - Security fix for CVE-2016-8649 - utils: make detect_ramfs_rootfs() return bool - tests: add test for detect_ramfs_rootfs() - add Documentation entries to lxc and lxc@ units - mark the python examples as having utf-8 encoding - log: sanity check the returned value from snprintf() - lxc-alpine: mount /dev/shm as tmpfs - archlinux: Do DHCP on eth0 - archlinux: Fix resolving - Drop leftover references to lxc_strerror() - tests: fix image download for s390x - tools: fix coding style in lxc_attach - tools: make overlay valid backend - tools: better error reporting for lxc-start - alpine: Fix installing extra packages - lxc-alpine: do not drop setfcap - s390x: Fix seccomp handling of personalities - tools: correct the argument typo in lxc_copy - Use libtool for liblxc.so - c/r: use --external instead of --veth-pair - c/r: remember to increment netnr - c/r: add checkpoint/restore support for macvlan interfaces - ubuntu: Fix package upgrades requiring proc - c/r: drop duplicate hunk from macvlan case - c/r: use snprintf to compute device name - Tweak libtool handling to work with Android - tests: add lxc_error() and lxc_debug() - container start: clone newcgroup immediately - use python3_sitearch for including the python code - fix rpm build, include all built files, but only once - cgfs: fix invalid free() - find OpenSUSE's build also as obs-build - improve help text for --fancy and --fancy-format - improve wording of the help page for lxc-ls - cgfs: add print_cgfs_init_debuginfo() - cgfs: skip empty entries under /proc/self/cgroup - cgfs: explicitly check for NULL - tools: use correct exit code for lxc-stop - c/r: explicitly emit bind mounts as criu arguments - log: bump LXC_LOG_BUFFER_SIZE to 4096 - conf: merge network namespace move & rename on shutdown - c/r: save criu's stdout during dump too - c/r: remove extra \ns from logs - c/r: fix off-by-one error - c/r: check state before doing a checkpoint/restore - start: CLONE_NEWCGROUP after we have setup cgroups - create symlink for /var/run - utils: add lxc_append_string() - cgroups: remove isolated cpus from cpuset.cpus - Update Ubuntu release name: add zesty and remove wily - templates: add squashfs support to lxc-ubuntu-cloud.in - cgroups: skip v2 hierarchy entry - also stop lxc-net in runlevels 0 and 6 - add lxc.egg-info to gitignore - install bash completion where pkg-config tells us to - conf: do not use %m format specifier - debian: Don't depend on libui-dialog-perl - cgroups: use %zu format specifier to print size_t - lxc-checkpoint: automatically detect if --external or --veth-pair - cgroups: prevent segfault in cgfsng - utils: add lxc_preserve_ns() - start: add netnsfd to lxc_handler - conf: use lxc_preserve_ns() - attach: use lxc_preserve_ns() - lxc_user_nic: use lxc_preserve_ns() - conf, start: improve log output - conf: explicitly remove veth device from host - conf, start: be smarter when deleting networks - start, utils: improve preserve_ns() - start, error: improve log + non-functional changes - start, namespace: move ns_info to namespace.{c,h} - attach, utils: bugfixes - attach: use ns_info[LXC_NS_MAX] struct - namespace: always attach to user namespace first - cgroup: improve isolcpus handling - cgroups: handle non-existent isolcpus file - utils: add lxc_safe_uint() - tests: add unit tests for lxc_safe_uint() - utils: add lxc_safe_int() - tests: add unit tests for lxc_safe_int() - conf/ile: get ip prefix via lxc_safe_uint() - confile: use lxc_safe_u/int in config_init_{u,g}id - conf/ile: use lxc_safe_uint() in config_pts() - conf/ile: use lxc_safe_u/int() in config_start() - conf/ile: use lxc_safe_uint() in config_monitor() - conf/ile: use lxc_safe_uint() in config_tty() - conf/ile: use lxc_safe_uint() in config_kmsg() - conf/ile: avoid atoi in config_lsm_aa_incomplete() - conf/ile: use lxc_safe_uint() in config_autodev() - conf/ile: avoid atoi() in config_ephemeral() - utils: use lxc_safe_int() - lxc_monitord: use lxc_safe_int() && use exit() - start: use lxc_safe_int() - conf: use lxc_safe_{u}int() - tools/lxc_execute: use lxc_safe_uint() - tools/lxc_stop: use lxc_safe_uint() - utils: add lxc_safe_long() - tests: add unit tests for lxc_safe_long() - tools/lxc_stop: use lxc_safe_long() - tools/lxc_top: use lxc_safe_int() - tools/lxc_ls: use lxc_safe_uint() - tools/lxc_autostart: use lxc_safe_{int,long}() - tools/lxc_console: use lxc_safe_uint() - tools: replace non-standard namespace identifiers - Configure a static MAC address on the LXC bridge - tests: remove overflow tests - attach: do not send procfd to attached process * Remaining patches: - 0001-Allocate-new-lxcbr0-subnet-at-startup-time.patch * Cherry-pick bugfix from upstream: - tests: Don't cause test failures on-cleanup errors * Autopkgtest: - Re-enable lxc-test-ubuntu on yakkety/zesty (template was fixed). - Workaround autopkgtest failures when using gpg2 with dirmngr. - Restrict tests to run on standalone systems. -- Stéphane Graber