ubuntu-core-launcher 1.0.27.1 source package in Ubuntu
Changelog
ubuntu-core-launcher (1.0.27.1) xenial-security; urgency=medium
* SECURITY UPDATE: delayed attack snap data theft and privilege escalation
when using Snappy on traditional Ubuntu (classic) systems (LP: #1576699)
- src/main.c: remove glob code and hardcode /snap/ubuntu-core/current
instead. The glob code both used an improper glob and performed an
incorrect check due to a typo which allowed a snap named ubuntu-core-...
to be bind mounted into application runtimes instead of the ubuntu-core
OS snap. Ubuntu Core removed .<origin> and .sideload from the SNAP path
so the glob can simply be dropped.
- CVE-2016-1580
* debian/usr.bin.ubuntu-core-launcher:
- only allow mounting /snap/ubuntu-core/*/... to safeguard against this in
the future
- add lib32 and libx32 to match setup_snappy_os_mounts()
-- Jamie Strandboge <email address hidden> Fri, 29 Apr 2016 10:06:19 -0500
Upload details
- Uploaded by:
- Jamie Strandboge
- Uploaded to:
- Xenial
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any
- Section:
- utils
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Xenial | updates | main | utils | |
| Xenial | security | main | utils |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| ubuntu-core-launcher_1.0.27.1.tar.xz | 29.2 KiB | f7aad464611cbefcc35d0a2ac9820c9e265c6336ffff2a80d463c27b555e4696 |
| ubuntu-core-launcher_1.0.27.1.dsc | 1.6 KiB | 9261c6592adbc813928ba3f0d01051801ee35b139e8b6f4bdc43c0cf08d716ce |
Available diffs
- diff from 1.0.27 (in Ubuntu) to 1.0.27.1 (1.4 KiB)
Binary packages built by this source
- ubuntu-core-launcher: Transitional package for snapd
This is a transitional dummy package. It can safely be removed.
- ubuntu-core-launcher-dbgsym: debug symbols for package ubuntu-core-launcher
This package contains the launcher for launching ubuntu-core applications
on a ubuntu "snappy" system.
