This bug was fixed in the package linux - 3.13.0-91.138
---
linux (3.13.0-91.138) trusty; urgency=medium
[ Luis Henriques ]
* Release Tracking Bug
- LP: #1595991
[ Upstream Kernel Changes ]
* netfilter: x_tables: validate e->target_offset early
- LP: #1555338
-
This bug was fixed in the package linux-lts-utopic -
3.16.0-76.98~14.04.1
---
linux-lts-utopic (3.16.0-76.98~14.04.1) trusty; urgency=low
[ Luis Henriques ]
* Release Tracking Bug
- LP: #1596019
[ Upstream Kernel Changes ]
* netfilter: x_tables: validate
This bug was fixed in the package linux - 3.19.0-64.72
---
linux (3.19.0-64.72) vivid; urgency=low
[ Luis Henriques ]
* Release Tracking Bug
- LP: #1595976
[ Upstream Kernel Changes ]
* netfilter: x_tables: validate e->target_offset early
- LP: #1555338
-
This bug was fixed in the package linux - 4.2.0-41.48
---
linux (4.2.0-41.48) wily; urgency=low
[ Luis Henriques ]
* Release Tracking Bug
- LP: #1595914
[ Upstream Kernel Changes ]
* netfilter: x_tables: validate e->target_offset early
- LP: #1555338
-
This bug was fixed in the package linux - 4.4.0-28.47
---
linux (4.4.0-28.47) xenial; urgency=low
[ Luis Henriques ]
* Release Tracking Bug
- LP: #1595874
* Linux netfilter local privilege escalation issues (LP: #1595350)
- netfilter: x_tables: don't move to
Verified proposed kernels for wily/vivid using test script.
** Tags removed: verification-needed-vivid verification-needed-wily
** Tags added: verification-done-vivid verification-done-wily
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to
** Tags removed: verification-needed-trusty
** Tags added: verification-done-trusty
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-lts-utopic in Ubuntu.
https://bugs.launchpad.net/bugs/1584953
Title:
backport fix for /proc/net
verification-done-xenial:
root@lxd1:~# lxc exec test2 -- bash
root@test2:~# iptables-save
# Generated by iptables-save v1.6.0 on Mon Jun 20 09:11:56 2016
*filter
:INPUT ACCEPT [131:12129]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [125:]
COMMIT
# Completed on Mon Jun 20 09:11:56 2016
# Generated
This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
wily' to 'verification-done-wily'.
If verification is not done by 5 working days from
This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
xenial' to 'verification-done-xenial'.
If verification is not done by 5 working days from
This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
vivid' to 'verification-done-vivid'.
If verification is not done by 5 working days from
This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
trusty' to 'verification-done-trusty'.
If verification is not done by 5 working days from
** Changed in: linux (Ubuntu Trusty)
Status: In Progress => Fix Committed
** Changed in: linux (Ubuntu Vivid)
Status: In Progress => Fix Committed
** Changed in: linux (Ubuntu Wily)
Status: In Progress => Fix Committed
** Changed in: linux (Ubuntu Xenial)
Status: In
** Description changed:
+ SRU Justification
+
+ Impact: iptables-save fails in lxd containers due to the ownership of
+ /proc/net/ip_tables_names. This command is needed to manage firewalls in
+ containers using Puppet.
+
+ Fix: Upstream commit f13f2aeed154da8e48f90b85e720f8ba39b1e881
+
Attaching script to reproduce based on
https://github.com/lxc/lxd/issues/1978.
Using this script I've confirmed the fix works in all supported kernels
since trusty, so I'll move forward with submitting the fix for SRU.
** Attachment added: "iptables-test.sh"
I posted a test build with the backport at the link below. Please test
and verify that the issue is fixed in this build. Thanks!
http://people.canonical.com/~sforshee/lp1584953/
** Changed in: linux (Ubuntu Xenial)
Status: In Progress => Incomplete
--
You received this bug notification
Fix is already present in yakkety unstable. Marking devleopment task
fixed.
** Changed in: linux (Ubuntu Xenial)
Status: Confirmed => In Progress
** Changed in: linux (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of
** Changed in: linux (Ubuntu)
Importance: Undecided => Medium
** Changed in: linux (Ubuntu)
Status: New => Confirmed
** Changed in: linux (Ubuntu)
Assignee: (unassigned) => Seth Forshee (sforshee)
** Also affects: linux (Ubuntu Xenial)
Importance: Undecided
Status: New
18 matches
Mail list logo
