This bug was fixed in the package bubblewrap - 0.1.7-0ubuntu0.16.10.1
---------------
bubblewrap (0.1.7-0ubuntu0.16.10.1) yakkety-security; urgency=medium
* SECURITY UPDATE: bubblewrap escape via TIOCSTI ioctl (LP: #1657357)
- Fixed in new upstream release 0.1.7 by adding --new-session
option that use setsid() before executing sandboxed code.
Users of bubblewrap to confine untrusted programs should either
add --new-session to the bwrap command line, or prevent the
TIOCSTI ioctl with a seccomp filter instead (as Flatpak does).
- New upstream release also adds --unshare-all option to easily
sandbox all namespaces. A --share-net option can be used with
--unshare-all to retain the network namespace.
- CVE-2017-5226
* debian/bubblewrap.examples: install upstream examples
-- Jeremy Bicha <jbi...@ubuntu.com> Thu, 19 Jan 2017 21:31:11 -0500
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1657357
Title:
bubblewrap escape via TIOCSTI ioctl
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bubblewrap/+bug/1657357/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
