ubuntu-core-launcher source package in Ubuntu


ubuntu-core-launcher ( xenial-security; urgency=medium

  * SECURITY UPDATE: delayed attack snap data theft and privilege escalation
    when using Snappy on traditional Ubuntu (classic) systems (LP: #1576699)
    - src/main.c: remove glob code and hardcode /snap/ubuntu-core/current
      instead. The glob code both used an improper glob and performed an
      incorrect check due to a typo which allowed a snap named ubuntu-core-...
      to be bind mounted into application runtimes instead of the ubuntu-core
      OS snap. Ubuntu Core removed .<origin> and .sideload from the SNAP path
      so the glob can simply be dropped.
    - CVE-2016-1580
  * debian/usr.bin.ubuntu-core-launcher:
    - only allow mounting /snap/ubuntu-core/*/... to safeguard against this in
      the future
    - add lib32 and libx32 to match setup_snappy_os_mounts()

 -- Jamie Strandboge <email address hidden>  Fri, 29 Apr 2016 10:06:19 -0500

Upload details

Uploaded by:
Jamie Strandboge
Uploaded to:
Original maintainer:
Ubuntu Developers
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Xenial updates main utils
Xenial security main utils


File Size SHA-256 Checksum
ubuntu-core-launcher_1.0.27.1.tar.xz 29.2 KiB f7aad464611cbefcc35d0a2ac9820c9e265c6336ffff2a80d463c27b555e4696
ubuntu-core-launcher_1.0.27.1.dsc 1.6 KiB 9261c6592adbc813928ba3f0d01051801ee35b139e8b6f4bdc43c0cf08d716ce

Available diffs

View changes file

Binary packages built by this source

ubuntu-core-launcher: Transitional package for snapd

 This is a transitional dummy package. It can safely be removed.

ubuntu-core-launcher-dbgsym: debug symbols for package ubuntu-core-launcher

 This package contains the launcher for launching ubuntu-core applications
 on a ubuntu "snappy" system.