[ubuntu/trusty-security] linux-lts-xenial 4.4.0-87.110~14.04.1 (Accepted)

Łukasz Zemczak lukasz.zemczak at canonical.com
Mon Jul 24 08:09:40 UTC 2017


linux-lts-xenial (4.4.0-87.110~14.04.1) trusty; urgency=low

  * linux-lts-xenial: 4.4.0-87.110~14.04.1 -proposed tracker (LP: #1704985)

  * linux: 4.4.0-87.110 -proposed tracker (LP: #1704982)

  * CVE-2017-1000364
    - mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack
    - mm/mmap.c: expand_downwards: don't require the gap if !vm_prev

  * CIFS causes oops (LP: #1704857)
    - CIFS: Fix null pointer deref during read resp processing
    - CIFS: Fix some return values in case of error in 'crypt_message'

linux (4.4.0-86.109) xenial; urgency=low

  * linux: 4.4.0-86.109 -proposed tracker (LP: #1703995)

  * sock_recvmsg has dropped size argument (LP: #1701697)
    - Packaging: Breaks unfixed iscsitarget versions

linux (4.4.0-85.108) xenial; urgency=low

  * linux: 4.4.0-85.108 -proposed tracker (LP: #1702103)

  * [Hyper-V] Implement Hyper-V PTP Source (LP: #1676635)
    - SAUCE: hv: make clocksource available for PTP device supporting
    - Drivers: hv: util: Use hv_get_current_tick() to get current tick
    - hv_util: switch to using timespec64
    - hv_utils: implement Hyper-V PTP source
    - Drivers: hv: util: Fix a typo
    - Drivers: hv: util: don't forget to init host_ts.lock
    - hv_utils: drop .getcrosststamp() support from PTP driver
    - hv_utils: fix TimeSync work on pre-TimeSync-v4 hosts

linux (4.4.0-84.107) xenial; urgency=low

  * linux: 4.4.0-84.107 -proposed tracker (LP: #1701024)

  * Can't disable USB port from BIOS (LP: #1695216)
    - SAUCE: xhci: AMD Promontory USB disable port support

  * KILLER1435-S[0489:e0a2] BT cannot search BT 4.0 device (LP: #1699651)
    - Bluetooth: btusb: Add support for 0489:e0a2 QCA_ROME device

  * CIFS: Enable encryption for SMB3 (LP: #1670508)
    - Revert "Handle mismatched open calls"
    - Revert "Call echo service immediately after socket reconnect"
    - cifs: Make echo interval tunable
    - Prepare for encryption support (first part). Add decryption and encryption
      key generation. Thanks to Metze for helping with this.
    - [net] drop 'size' argument of sock_recvmsg()
    - cifs: merge the hash calculation helpers
    - cifs: no need to wank with copying and advancing iovec on recvmsg side
      either
    - cifs: don't bother with kmap on read_pages side
    - cifs_readv_receive: use cifs_read_from_socket()
    - Fix memory leaks in cifs_do_mount()
    - SMB3: Add mount parameter to allow user to override max credits
    - SMB2: Separate Kerberos authentication from SMB2_sess_setup
    - SMB2: Separate RawNTLMSSP authentication from SMB2_sess_setup
    - SMB3: parsing for new snapshot timestamp mount parm
    - cifs: Simplify SMB2 and SMB311 dependencies
    - cifs: Only select the required crypto modules
    - cifs: Add soft dependencies
    - CIFS: Separate SMB2 header structure
    - CIFS: Make SendReceive2() takes resp iov
    - CIFS: Make send_cancel take rqst as argument
    - CIFS: Send RFC1001 length in a separate iov
    - CIFS: Separate SMB2 sync header processing
    - CIFS: Separate RFC1001 length processing for SMB2 read
    - CIFS: Add capability to transform requests before sending
    - CIFS: Enable encryption during session setup phase
    - CIFS: Encrypt SMB3 requests before sending
    - CIFS: Add transform header handling callbacks
    - CIFS: Add mid handle callback
    - CIFS: Add copy into pages callback for a read operation
    - CIFS: Decrypt and process small encrypted packets
    - CIFS: Add capability to decrypt big read responses
    - CIFS: Allow to switch on encryption with seal mount option
    - CIFS: Fix possible use after free in demultiplex thread
    - Call echo service immediately after socket reconnect
    - Handle mismatched open calls

  * CVE-2017-9150
    - bpf: don't let ldimm64 leak map addresses on unprivileged

  * CVE-2015-8944
    - Make file credentials available to the seqfile interfaces
    - /proc/iomem: only expose physical resource addresses to privileged users

  * Xenial update to 4.4.73 stable release (LP: #1698817)
    - s390/vmem: fix identity mapping
    - partitions/msdos: FreeBSD UFS2 file systems are not recognized
    - ARM: dts: imx6dl: Fix the VDD_ARM_CAP voltage for 396MHz operation
    - staging: rtl8192e: rtl92e_fill_tx_desc fix write to mapped out memory.
    - net: xilinx_emaclite: fix freezes due to unordered I/O
    - net: xilinx_emaclite: fix receive buffer overflow
    - ipv6: Handle IPv4-mapped src to in6addr_any dst.
    - ipv6: Inhibit IPv4-mapped src address on the wire.
    - NET: Fix /proc/net/arp for AX.25
    - NET: mkiss: Fix panic
    - net: hns: Fix the device being used for dma mapping during TX
    - sierra_net: Skip validating irrelevant fields for IDLE LSIs
    - sierra_net: Add support for IPv6 and Dual-Stack Link Sense Indications
    - i2c: piix4: Fix request_region size
    - ipv6: Fix IPv6 packet loss in scenarios involving roaming + snooping
      switches
    - PM / runtime: Avoid false-positive warnings from might_sleep_if()
    - jump label: pass kbuild_cflags when checking for asm goto support
    - kasan: respect /proc/sys/kernel/traceoff_on_warning
    - log2: make order_base_2() behave correctly on const input value zero
    - ethtool: do not vzalloc(0) on registers dump
    - fscache: Fix dead object requeue
    - fscache: Clear outstanding writes when disabling a cookie
    - FS-Cache: Initialise stores_lock in netfs cookie
    - ipv6: fix flow labels when the traffic class is non-0
    - drm/nouveau: prevent userspace from deleting client object
    - drm/nouveau/fence/g84-: protect against concurrent access to semaphore
      buffers
    - gianfar: synchronize DMA API usage by free_skb_rx_queue w/ gfar_new_page
    - pinctrl: berlin-bg4ct: fix the value for "sd1a" of pin SCRD0_CRD_PRES
    - net: adaptec: starfire: add checks for dma mapping errors
    - parisc, parport_gsc: Fixes for printk continuation lines
    - drm/nouveau: Don't enabling polling twice on runtime resume
    - drm/ast: Fixed system hanged if disable P2A
    - ravb: unmap descriptors when freeing rings
    - nfs: Fix "Don't increment lock sequence ID after NFS4ERR_MOVED"
    - r8152: re-schedule napi for tx
    - r8152: fix rtl8152_post_reset function
    - r8152: avoid start_xmit to schedule napi when napi is disabled
    - sctp: sctp_addr_id2transport should verify the addr before looking up assoc
    - romfs: use different way to generate fsid for BLOCK or MTD
    - proc: add a schedule point in proc_pid_readdir()
    - tipc: ignore requests when the connection state is not CONNECTED
    - xtensa: don't use linux IRQ #0
    - s390/kvm: do not rely on the ILC on kvm host protection fauls
    - sparc64: make string buffers large enough
    - Linux 4.4.73

  * Xenial update to 4.4.72 stable release (LP: #1698799)
    - bnx2x: Fix Multi-Cos
    - ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt()
    - cxgb4: avoid enabling napi twice to the same queue
    - tcp: disallow cwnd undo when switching congestion control
    - vxlan: fix use-after-free on deletion
    - ipv6: Fix leak in ipv6_gso_segment().
    - net: ping: do not abuse udp_poll()
    - net: ethoc: enable NAPI before poll may be scheduled
    - net: bridge: start hello timer only if device is up
    - sparc64: mm: fix copy_tsb to correctly copy huge page TSBs
    - sparc: Machine description indices can vary
    - sparc64: reset mm cpumask after wrap
    - sparc64: combine activate_mm and switch_mm
    - sparc64: redefine first version
    - sparc64: add per-cpu mm of secondary contexts
    - sparc64: new context wrap
    - sparc64: delete old wrap code
    - arch/sparc: support NR_CPUS = 4096
    - serial: ifx6x60: fix use-after-free on module unload
    - ptrace: Properly initialize ptracer_cred on fork
    - KEYS: fix dereferencing NULL payload with nonzero length
    - KEYS: fix freeing uninitialized memory in key_update()
    - crypto: gcm - wait for crypto op not signal safe
    - drm/amdgpu/ci: disable mclk switching for high refresh rates (v2)
    - nfsd4: fix null dereference on replay
    - nfsd: Fix up the "supattr_exclcreat" attributes
    - kvm: async_pf: fix rcu_irq_enter() with irqs enabled
    - KVM: cpuid: Fix read/write out-of-bounds vulnerability in cpuid emulation
    - arm: KVM: Allow unaligned accesses at HYP
    - KVM: async_pf: avoid async pf injection when in guest mode
    - dmaengine: usb-dmac: Fix DMAOR AE bit definition
    - dmaengine: ep93xx: Always start from BASE0
    - xen/privcmd: Support correctly 64KB page granularity when mapping memory
    - xen-netfront: do not cast grant table reference to signed short
    - xen-netfront: cast grant table reference first to type int
    - ext4: fix SEEK_HOLE
    - ext4: keep existing extra fields when inode expands
    - ext4: fix fdatasync(2) after extent manipulation operations
    - usb: gadget: f_mass_storage: Serialize wake and sleep execution
    - usb: chipidea: udc: fix NULL pointer dereference if udc_start failed
    - usb: chipidea: debug: check before accessing ci_role
    - staging/lustre/lov: remove set_fs() call from lov_getstripe()
    - iio: light: ltr501 Fix interchanged als/ps register field
    - iio: proximity: as3935: fix AS3935_INT mask
    - drivers: char: random: add get_random_long()
    - random: properly align get_random_int_hash
    - stackprotector: Increase the per-task stack canary's random range from 32
      bits to 64 bits on 64-bit platforms
    - cpufreq: cpufreq_register_driver() should return -ENODEV if init fails
    - target: Re-add check to reject control WRITEs with overflow data
    - drm/msm: Expose our reservation object when exporting a dmabuf.
    - Input: elantech - add Fujitsu Lifebook E546/E557 to force crc_enabled
    - cpuset: consider dying css as offline
    - fs: add i_blocksize()
    - ufs: restore proper tail allocation
    - fix ufs_isblockset()
    - ufs: restore maintaining ->i_blocks
    - ufs: set correct ->s_maxsize
    - ufs_extend_tail(): fix the braino in calling conventions of
      ufs_new_fragments()
    - ufs_getfrag_block(): we only grab ->truncate_mutex on block creation path
    - cxl: Fix error path on bad ioctl
    - btrfs: use correct types for page indices in btrfs_page_exists_in_range
    - btrfs: fix memory leak in update_space_info failure path
    - KVM: arm/arm64: Handle possible NULL stage2 pud when ageing pages
    - scsi: qla2xxx: don't disable a not previously enabled PCI device
    - powerpc/eeh: Avoid use after free in eeh_handle_special_event()
    - powerpc/numa: Fix percpu allocations to be NUMA aware
    - powerpc/hotplug-mem: Fix missing endian conversion of aa_index
    - perf/core: Drop kernel samples even though :u is specified
    - drm/vmwgfx: Handle vmalloc() failure in vmw_local_fifo_reserve()
    - drm/vmwgfx: Make sure backup_handle is always valid
    - drm/nouveau/tmr: fully separate alarm execution/pending lists
    - ALSA: timer: Fix race between read and ioctl
    - ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT
    - ASoC: Fix use-after-free at card unregistration
    - drivers: char: mem: Fix wraparound check to allow mappings up to the end
    - tty: Drop krefs for interrupted tty lock
    - serial: sh-sci: Fix panic when serial console and DMA are enabled
    - mm: consider memblock reservations for deferred memory initialization sizing
    - NFS: Ensure we revalidate attributes before using execute_ok()
    - NFSv4: Don't perform cached access checks before we've OPENed the file
    - Make __xfs_xattr_put_listen preperly report errors.
    - arm64: hw_breakpoint: fix watchpoint matching for tagged pointers
    - arm64: entry: improve data abort handling of tagged pointers
    - RDMA/qib,hfi1: Fix MR reference count leak on write with immediate
    - usercopy: Adjust tests to deal with SMAP/PAN
    - arm64: armv8_deprecated: ensure extension of addr
    - arm64: ensure extension of smp_store_release value
    - Linux 4.4.72

  * Xenial update to 4.4.71 stable release (LP: #1697001)
    - sparc: Fix -Wstringop-overflow warning
    - s390/qeth: handle sysfs error during initialization
    - s390/qeth: unbreak OSM and OSN support
    - s390/qeth: avoid null pointer dereference on OSN
    - tcp: avoid fragmenting peculiar skbs in SACK
    - sctp: fix src address selection if using secondary addresses for ipv6
    - tcp: eliminate negative reordering in tcp_clean_rtx_queue
    - net: Improve handling of failures on link and route dumps
    - bridge: netlink: check vlan_default_pvid range
    - qmi_wwan: add another Lenovo EM74xx device ID
    - bridge: start hello_timer when enabling KERNEL_STP in br_stp_start
    - be2net: Fix offload features for Q-in-Q packets
    - virtio-net: enable TSO/checksum offloads for Q-in-Q vlans
    - tcp: avoid fastopen API to be used on AF_UNSPEC
    - sctp: fix ICMP processing if skb is non-linear
    - ipv4: add reference counting to metrics
    - netem: fix skb_orphan_partial()
    - net: phy: marvell: Limit errata to 88m1101
    - vlan: Fix tcp checksum offloads in Q-in-Q vlans
    - i2c: i2c-tiny-usb: fix buffer not being DMA capable
    - mmc: sdhci-iproc: suppress spurious interrupt with Multiblock read
    - HID: wacom: Have wacom_tpc_irq guard against possible NULL dereference
    - scsi: mpt3sas: Force request partial completion alignment
    - drm/radeon/ci: disable mclk switching for high refresh rates (v2)
    - drm/radeon: Unbreak HPD handling for r600+
    - pcmcia: remove left-over %Z format
    - ALSA: hda - apply STAC_9200_DELL_M22 quirk for Dell Latitude D430
    - slub/memcg: cure the brainless abuse of sysfs attributes
    - drm/gma500/psb: Actually use VBT mode when it is found
    - mm/migrate: fix refcount handling when !hugepage_migration_supported()
    - mlock: fix mlock count can not decrease in race condition
    - xfs: Fix missed holes in SEEK_HOLE implementation
    - xfs: fix off-by-one on max nr_pages in xfs_find_get_desired_pgoff()
    - xfs: fix over-copying of getbmap parameters from userspace
    - xfs: handle array index overrun in xfs_dir2_leaf_readbuf()
    - xfs: prevent multi-fsb dir readahead from reading random blocks
    - xfs: fix up quotacheck buffer list error handling
    - xfs: support ability to wait on new inodes
    - xfs: update ag iterator to support wait on new inodes
    - xfs: wait on new inodes during quotaoff dquot release
    - xfs: fix indlen accounting error on partial delalloc conversion
    - xfs: bad assertion for delalloc an extent that start at i_size
    - xfs: fix unaligned access in xfs_btree_visit_blocks
    - xfs: in _attrlist_by_handle, copy the cursor back to userspace
    - xfs: only return -errno or success from attr ->put_listent
    - Linux 4.4.71

  * CVE-2017-7346
    - drm/vmwgfx: limit the number of mip levels in vmw_gb_surface_define_ioctl()

  * Power button does not work on Latitude 7480 (LP: #1697116)
    - intel-hid: Remove duplicated acpi_remove_notify_handler
    - platform/x86: intel-hid: Support 5 button array

  * CVE-2017-9074
    - ipv6: Check ip6_find_1stfragopt() return value properly.

  * CVE-2014-9900
    - net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol()

linux (4.4.0-83.106) xenial; urgency=low

  * linux: 4.4.0-83.106 -proposed tracker (LP: #1700541)

  * CVE-2017-1000364
    - Revert "UBUNTU: SAUCE: mm: Only expand stack if guard area is hit"
    - Revert "mm: do not collapse stack gap into THP"
    - Revert "mm: enlarge stack guard gap"
    - mm: vma_adjust: remove superfluous confusing update in remove_next == 1 case
    - mm: larger stack guard gap, between vmas
    - mm: fix new crash in unmapped_area_topdown()
    - Allow stack to grow up to address space limit

Date: 2017-07-18 14:47:16.534843+00:00
Changed-By: Kleber Sacilotto de Souza <kleber.souza at canonical.com>
Signed-By: Łukasz Zemczak <lukasz.zemczak at canonical.com>
https://launchpad.net/ubuntu/+source/linux-lts-xenial/4.4.0-87.110~14.04.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the Trusty-changes mailing list