[Bug 1643734] Re: privilege escalation via ptrace (CVE-2016-8659)

Mon, 16 Jan 2017 04:21:42 -0800 

This bug was fixed in the package bubblewrap - 0.1.5-1~ubuntu16.10.0

---------------
bubblewrap (0.1.5-1~ubuntu16.10.0) yakkety-security; urgency=medium

  * SECURITY UPDATE: privilege escalation via ptrace (LP: #1643734)
    - Fixed in new upstream release 0.1.3
    - 0.1.4 further protects against possible ptrace attacks by dropping
      setcaps support and working around the Linux kernel allowing ptrace
      in user namespaces
    - CVE-2016-8659
  * Backport 0.1.5-1 from zesty for minor packaging improvements

bubblewrap (0.1.5-1) unstable; urgency=medium

  * New upstream release
    - drop all patches, applied upstream
    - debian/copyright: update for build system additions

bubblewrap (0.1.4-2) unstable; urgency=medium

  * d/tests/*: only run tests on a real or virtual machine, not in a
    container. bubblewrap is effectively already a container, and
    nesting containers doesn't work particularly well.
    Unfortunately this means the tests won't work on ci.debian.net,
    which uses LXC.

bubblewrap (0.1.4-1) unstable; urgency=medium

  * New upstream release
  * d/p/test-run-be-a-bash-script.patch,
    d/p/test-run-don-t-assume-we-are-uid-1000.patch,
    d/p/Adapt-tests-so-they-can-be-run-against-installed-binaries.patch,
    d/p/Fix-incorrect-nesting-of-backticks-when-finding-a-FUSE-mo.patch:
    improve the upstream tests
  * d/tests/upstream: run the upstream tests as autopkgtests
  * d/rules: Do not enable setuid mode at configure time. If we do, we
    can't run the build-time tests, and it no longer makes any difference
    to the actual code. Make the executable setuid via Debian packaging
    instead.

bubblewrap (0.1.3-1) unstable; urgency=medium

  * New upstream release
    - bring back --set-hostname, the upstream fix for CVE-2016-8659
      makes it no longer a vulnerability

bubblewrap (0.1.2-2) unstable; urgency=high

  * Revert addition of --set-hostname as a short-term fix for
    CVE-2016-8659 (Closes: #840605)

 -- Jeremy Bicha <[email protected]>  Wed, 21 Dec 2016 12:43:27 -0500

** Changed in: bubblewrap (Ubuntu Yakkety)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1643734

Title:
  privilege escalation via ptrace (CVE-2016-8659)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bubblewrap/+bug/1643734/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to