[ubuntu/trusty-security] linux-lts-vivid 3.19.0-66.74~14.04.1 (Accepted)

Chris J Arges chris.j.arges at canonical.com
Mon Aug 8 16:02:41 UTC 2016


linux-lts-vivid (3.19.0-66.74~14.04.1) trusty; urgency=low

  [ Seth Forshee ]

  * Release Tracking Bug
    - LP: #1604159

  * CVE-2016-1237
    - posix_acl: Add set_posix_acl
    - nfsd: check permissions when setting ACLs

  * changelog: add CVEs as first class citizens (LP: #1604344)
    - use CVE numbers in changelog

  * CVE-2016-5243 (LP: #1589036)
    - tipc: fix an infoleak in tipc_nl_compat_link_dump

  * CVE-2016-4470
    - KEYS: potential uninitialized variable

  * CVE-2016-4794 (LP: #1581871)
    - percpu: fix synchronization between chunk->map_extend_work and chunk
      destruction
    - percpu: fix synchronization between synchronous map extension and chunk
      destruction

  * qeth: delete napi struct when removing a qeth device (LP: #1601831)
    - qeth: delete napi struct when removing a qeth device

  * arm64: statically link rtc-efi (LP: #1583738)
    - [Config] Link rtc-efi statically on arm64

  * linux: Homogenize changelog format across releases (LP: #1599562)
    - Revert "UBUNTU: [debian] BugLink: close LP: bugs only for Launchpad urls"
    - [Debian] git-ubuntu-log -- switch to bug order
    - [Debian] git-ubuntu-log -- fix empty section formatting
    - [Debian] git-ubuntu-log -- output should be utf-8
    - [Debian] git-ubuntu-log -- handle invalid or private bugs
    - [Debian] git-ubuntu-log -- wrap long bug and commit titles
    - [Debian] git-ubuntu-log -- ensure we get the last commit
    - [Debian] git-ubuntu-log -- prevent bug references being split
    - [Debian] git-ubuntu-log -- git log output is UTF-8

  * exercising ptys causes a kernel oops (LP: #1586418)
    - devpts: fix null pointer dereference on failed memory allocation

  * the kernel hangs when reboot or shutdown on a lenovo baytrail-m based
    machine (LP: #1597564)
    - usb: xhci: Makefile: move xhci-pci and xhci-plat-hcd after xhci-hcd

  * [i915_bpo][SKL] Display core init/uninit updates (LP: #1595803)
    - SAUCE: i915_bpo: drm/i915: Extract a intel_power_well_enable() function
    - SAUCE: i915_bpo: drm/i915: Extract a intel_power_well_disable() function
    - SAUCE: i915_bpo: drm/i915/skl: Making DC6 entry is the last call in suspend
      flow.
    - SAUCE: i915_bpo: drm/i915: Kill intel_runtime_pm_disable()
    - SAUCE: i915_bpo: drm/i915/gen9: csr_init after runtime pm enable
    - SAUCE: i915_bpo: drm/i915: use correct power domain for csr loading
    - SAUCE: i915_bpo: drm/i915/gen9: Don't try to load garbage dmc firmware on
      resume
    - SAUCE: i915_bpo: drm/i915/skl: Removed assert for csr-fw-loading check
      during disabling dc6
    - SAUCE: i915_bpo: drm/i915: fix the power well ID for always on wells
    - SAUCE: i915_bpo: drm/i915: fix lookup_power_well for power wells without any
      domain
    - SAUCE: i915_bpo: drm/i915: Make turning on/off PW1 and Misc I/O part of the
      init/fini sequences

linux (3.19.0-65.73) vivid; urgency=low

  [ Ben Romer ]

  * Release Tracking Bug
    - LP: #1596631

  [ Josh Boyer ]

  * SAUCE: UEFI: acpi: Ignore acpi_rsdp kernel parameter when module
    loading is restricted
    - LP: #1566221
  * SAUCE: UEFI: efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI
    - LP: #1566221
  * SAUCE: UEFI MODSIGN: Import certificates from UEFI Secure Boot
    - LP: #1571691
  * SAUCE: UEFI: efi: Disable secure boot if shim is in insecure mode
    - LP: #1571691

  [ Matthew Garrett ]

  * SAUCE: UEFI: Add secure_modules() call
    - LP: #1566221
  * SAUCE: UEFI: PCI: Lock down BAR access when module security is enabled
    - LP: #1566221
  * SAUCE: UEFI: x86: Lock down IO port access when module security is
    enabled
    - LP: #1566221
  * SAUCE: UEFI: ACPI: Limit access to custom_method
    - LP: #1566221
  * SAUCE: UEFI: asus-wmi: Restrict debugfs interface when module loading
    is restricted
    - LP: #1566221
  * SAUCE: UEFI: Restrict /dev/mem and /dev/kmem when module loading is
    restricted
    - LP: #1566221
  * SAUCE: UEFI: kexec: Disable at runtime if the kernel enforces module
    loading restrictions
    - LP: #1566221
  * SAUCE: UEFI: x86: Restrict MSR access when module loading is restricted
    - LP: #1566221
  * SAUCE: UEFI: Add option to automatically enforce module signatures when
    in Secure Boot mode
    - LP: #1566221

  [ Stefan Bader ]

  * [Config] Add pm80xx scsi driver to d-i
    - LP: #1595628

  [ Tim Gardner ]

  * [Config] CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE=y
  * SAUCE: UEFI: Display MOKSBState when disabled
    - LP: #1571691
  * SAUCE: UEFI: Add secure boot and MOK SB State disabled sysctl
    - LP: #1593075

  [ Upstream Kernel Changes ]

  * HID: core: prevent out-of-bound readings
    - LP: #1579190
  * mm: migrate dirty page without clear_page_dirty_for_io etc
    - LP: #1581865
    - CVE-2016-3070

Date: 2016-07-19 19:52:14.988180+00:00
Changed-By: Seth Forshee <seth.forshee+lp at canonical.com>
Signed-By: Chris J Arges <chris.j.arges at canonical.com>
https://launchpad.net/ubuntu/+source/linux-lts-vivid/3.19.0-66.74~14.04.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the Trusty-changes mailing list