[ubuntu/trusty-security] linux-lts-xenial 4.4.0-83.106~14.04.1 (Accepted)

Łukasz Zemczak lukasz.zemczak at canonical.com
Wed Jun 28 16:51:35 UTC 2017


linux-lts-xenial (4.4.0-83.106~14.04.1) trusty; urgency=low

  * linux-lts-xenial: 4.4.0-83.106~14.04.1 -proposed tracker (LP: #1700542)

  * linux: 4.4.0-83.106 -proposed tracker (LP: #1700541)

  * CVE-2017-1000364
    - Revert "UBUNTU: SAUCE: mm: Only expand stack if guard area is hit"
    - Revert "mm: do not collapse stack gap into THP"
    - Revert "mm: enlarge stack guard gap"
    - mm: vma_adjust: remove superfluous confusing update in remove_next == 1 case
    - mm: larger stack guard gap, between vmas
    - mm: fix new crash in unmapped_area_topdown()
    - Allow stack to grow up to address space limit

linux (4.4.0-82.105) xenial; urgency=low

  * linux: 4.4.0-82.105 -proposed tracker (LP: #1699064)

  * CVE-2017-1000364
    - SAUCE: mm: Only expand stack if guard area is hit

  * linux-aws/linux-gke incorrectly producing and using linux-*-tools-
    common/linux-*-cloud-tools-common (LP: #1688579)
    - [Config] make linux-tools-common and linux-cloud-tools-common protection
      consistent

  * CVE-2017-9242
    - ipv6: fix out of bound writes in __ip6_append_data()

  * CVE-2017-9075
    - sctp: do not inherit ipv6_{mc|ac|fl}_list from parent

  * CVE-2017-9074
    - ipv6: Prevent overrun when parsing v6 header options

  * CVE-2017-9076
    - ipv6/dccp: do not inherit ipv6_mc_list from parent

  * CVE-2017-9077
    - ipv6/dccp: do not inherit ipv6_mc_list from parent

  * CVE-2017-8890
    - dccp/tcp: do not inherit mc_list from parent

  * Module signing exclusion for staging drivers does not work properly
    (LP: #1690908)
    - SAUCE: Fix module signing exclusion in package builds

  * extend-diff-ignore should use exact matches (LP: #1693504)
    - [Packaging] exact extend-diff-ignore matches

  * Dell XPS 9360 wifi 5G performance is poor (LP: #1692836)
    - SAUCE: ath10k: fix the wifi speed issue for kill 1535

  *  Upgrade Redpine WLAN/BT driver to ver. 1.2.RC12 (LP: #1694607)
    - SAUCE: Redpine: Upgrade to ver. 1.2.RC12

  * [DP MST] No audio output through HDMI/DP/mDP ports in Dell WD15 and TB15
    docking stations (LP: #1694665)
    - drm/i915: Store port enum in intel_encoder
    - drm/i915: Eliminate redundant local variable definition
    - drm/i915: Switch to using port stored in intel_encoder
    - drm/i915: Move audio_connector to intel_encoder
    - drm/i915/dp: DP audio API changes for MST
    - drm/i915: abstract ddi being audio enabled
    - drm/i915/audio: extend get_saved_enc() to support more scenarios
    - drm/i915: enable dp mst audio

  * Xenial update to 4.4.70 stable release (LP: #1694621)
    - usb: misc: legousbtower: Fix buffers on stack
    - usb: misc: legousbtower: Fix memory leak
    - USB: ene_usb6250: fix DMA to the stack
    - watchdog: pcwd_usb: fix NULL-deref at probe
    - char: lp: fix possible integer overflow in lp_setup()
    - USB: core: replace %p with %pK
    - ARM: tegra: paz00: Mark panel regulator as enabled on boot
    - tpm_crb: check for bad response size
    - infiniband: call ipv6 route lookup via the stub interface
    - dm btree: fix for dm_btree_find_lowest_key()
    - dm raid: select the Kconfig option CONFIG_MD_RAID0
    - dm bufio: avoid a possible ABBA deadlock
    - dm bufio: check new buffer allocation watermark every 30 seconds
    - dm cache metadata: fail operations if fail_io mode has been established
    - dm bufio: make the parameter "retain_bytes" unsigned long
    - dm thin metadata: call precommit before saving the roots
    - dm space map disk: fix some book keeping in the disk space map
    - md: update slab_cache before releasing new stripes when stripes resizing
    - rtlwifi: rtl8821ae: setup 8812ae RFE according to device type
    - mwifiex: pcie: fix cmd_buf use-after-free in remove/reset
    - ima: accept previously set IMA_NEW_FILE
    - KVM: x86: Fix load damaged SSEx MXCSR register
    - KVM: X86: Fix read out-of-bounds vulnerability in kvm pio emulation
    - regulator: tps65023: Fix inverted core enable logic.
    - s390/kdump: Add final note
    - s390/cputime: fix incorrect system time
    - ath9k_htc: Add support of AirTies 1eda:2315 AR9271 device
    - ath9k_htc: fix NULL-deref at probe
    - drm/amdgpu: Avoid overflows/divide-by-zero in latency_watermark
      calculations.
    - drm/amdgpu: Make display watermark calculations more accurate
    - drm/nouveau/therm: remove ineffective workarounds for alarm bugs
    - drm/nouveau/tmr: ack interrupt before processing alarms
    - drm/nouveau/tmr: fix corruption of the pending list when rescheduling an
      alarm
    - drm/nouveau/tmr: avoid processing completed alarms when adding a new one
    - drm/nouveau/tmr: handle races with hw when updating the next alarm time
    - cdc-acm: fix possible invalid access when processing notification
    - proc: Fix unbalanced hard link numbers
    - of: fix sparse warning in of_pci_range_parser_one
    - iio: dac: ad7303: fix channel description
    - pid_ns: Sleep in TASK_INTERRUPTIBLE in zap_pid_ns_processes
    - pid_ns: Fix race between setns'ed fork() and zap_pid_ns_processes()
    - USB: serial: ftdi_sio: fix setting latency for unprivileged users
    - USB: serial: ftdi_sio: add Olimex ARM-USB-TINY(H) PIDs
    - ext4 crypto: don't let data integrity writebacks fail with ENOMEM
    - ext4 crypto: fix some error handling
    - net: qmi_wwan: Add SIMCom 7230E
    - fscrypt: fix context consistency check when key(s) unavailable
    - f2fs: check entire encrypted bigname when finding a dentry
    - fscrypt: avoid collisions when presenting long encrypted filenames
    - usb: host: xhci-plat: propagate return value of platform_get_irq()
    - xhci: apply PME_STUCK_QUIRK and MISSING_CAS quirk for Denverton
    - usb: host: xhci-mem: allocate zeroed Scratchpad Buffer
    - net: irda: irda-usb: fix firmware name on big-endian hosts
    - usbvision: fix NULL-deref at probe
    - mceusb: fix NULL-deref at probe
    - ttusb2: limit messages to buffer size
    - usb: musb: tusb6010_omap: Do not reset the other direction's packet size
    - USB: iowarrior: fix info ioctl on big-endian hosts
    - usb: serial: option: add Telit ME910 support
    - USB: serial: qcserial: add more Lenovo EM74xx device IDs
    - USB: serial: mct_u232: fix big-endian baud-rate handling
    - USB: serial: io_ti: fix div-by-zero in set_termios
    - USB: hub: fix SS hub-descriptor handling
    - USB: hub: fix non-SS hub-descriptor handling
    - ipx: call ipxitf_put() in ioctl error path
    - iio: proximity: as3935: fix as3935_write
    - ceph: fix recursion between ceph_set_acl() and __ceph_setattr()
    - gspca: konica: add missing endpoint sanity check
    - s5p-mfc: Fix unbalanced call to clock management
    - dib0700: fix NULL-deref at probe
    - zr364xx: enforce minimum size when reading header
    - dvb-frontends/cxd2841er: define symbol_rate_min/max in T/C fe-ops
    - cx231xx-audio: fix init error path
    - cx231xx-audio: fix NULL-deref at probe
    - cx231xx-cards: fix NULL-deref at probe
    - powerpc/book3s/mce: Move add_taint() later in virtual mode
    - powerpc/pseries: Fix of_node_put() underflow during DLPAR remove
    - powerpc/64e: Fix hang when debugging programs with relocated kernel
    - ARM: dts: at91: sama5d3_xplained: fix ADC vref
    - ARM: dts: at91: sama5d3_xplained: not all ADC channels are available
    - arm64: xchg: hazard against entire exchange variable
    - arm64: uaccess: ensure extension of access_ok() addr
    - arm64: documentation: document tagged pointer stack constraints
    - xc2028: Fix use-after-free bug properly
    - Revert "UBUNTU: SAUCE: mm: Respect FOLL_FORCE/FOLL_COW for thp"
    - mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp
    - staging: rtl8192e: fix 2 byte alignment of register BSSIDR.
    - staging: rtl8192e: rtl92e_get_eeprom_size Fix read size of EPROM_CMD.
    - iommu/vt-d: Flush the IOTLB to get rid of the initial kdump mappings
    - metag/uaccess: Fix access_ok()
    - metag/uaccess: Check access_ok in strncpy_from_user
    - uwb: fix device quirk on big-endian hosts
    - genirq: Fix chained interrupt data ordering
    - osf_wait4(): fix infoleak
    - tracing/kprobes: Enforce kprobes teardown after testing
    - PCI: Fix pci_mmap_fits() for HAVE_PCI_RESOURCE_TO_USER platforms
    - PCI: Freeze PME scan before suspending devices
    - drm/edid: Add 10 bpc quirk for LGD 764 panel in HP zBook 17 G2
    - nfsd: encoders mustn't use unitialized values in error cases
    - drivers: char: mem: Check for address space wraparound with mmap()
    - Linux 4.4.70

  * Xenial update to 4.4.69 stable release (LP: #1692900)
    - xen: adjust early dom0 p2m handling to xen hypervisor behavior
    - target: Fix compare_and_write_callback handling for non GOOD status
    - target/fileio: Fix zero-length READ and WRITE handling
    - target: Convert ACL change queue_depth se_session reference usage
    - iscsi-target: Set session_fall_back_to_erl0 when forcing reinstatement
    - usb: host: xhci: print correct command ring address
    - USB: serial: ftdi_sio: add device ID for Microsemi/Arrow SF2PLUS Dev Kit
    - USB: Proper handling of Race Condition when two USB class drivers try to
      call init_usb_class simultaneously
    - staging: vt6656: use off stack for in buffer USB transfers.
    - staging: vt6656: use off stack for out buffer USB transfers.
    - staging: gdm724x: gdm_mux: fix use-after-free on module unload
    - staging: comedi: jr3_pci: fix possible null pointer dereference
    - staging: comedi: jr3_pci: cope with jiffies wraparound
    - usb: misc: add missing continue in switch
    - usb: Make sure usb/phy/of gets built-in
    - usb: hub: Fix error loop seen after hub communication errors
    - usb: hub: Do not attempt to autosuspend disconnected devices
    - x86/boot: Fix BSS corruption/overwrite bug in early x86 kernel startup
    - selftests/x86/ldt_gdt_32: Work around a glibc sigaction() bug
    - x86, pmem: Fix cache flushing for iovec write < 8 bytes
    - um: Fix PTRACE_POKEUSER on x86_64
    - KVM: x86: fix user triggerable warning in kvm_apic_accept_events()
    - KVM: arm/arm64: fix races in kvm_psci_vcpu_on
    - block: fix blk_integrity_register to use template's interval_exp if not 0
    - crypto: algif_aead - Require setkey before accept(2)
    - dm era: save spacemap metadata root after the pre-commit
    - vfio/type1: Remove locked page accounting workqueue
    - IB/core: Fix sysfs registration error flow
    - IB/IPoIB: ibX: failed to create mcg debug file
    - IB/mlx4: Fix ib device initialization error flow
    - IB/mlx4: Reduce SRIOV multicast cleanup warning message to debug level
    - ext4: evict inline data when writing to memory map
    - fs/xattr.c: zero out memory copied to userspace in getxattr
    - ceph: fix memory leak in __ceph_setxattr()
    - fs/block_dev: always invalidate cleancache in invalidate_bdev()
    - Set unicode flag on cifs echo request to avoid Mac error
    - SMB3: Work around mount failure when using SMB3 dialect to Macs
    - CIFS: fix mapping of SFM_SPACE and SFM_PERIOD
    - cifs: fix CIFS_IOC_GET_MNT_INFO oops
    - CIFS: add misssing SFM mapping for doublequote
    - padata: free correct variable
    - arm64: KVM: Fix decoding of Rt/Rt2 when trapping AArch32 CP accesses
    - serial: samsung: Use right device for DMA-mapping calls
    - serial: omap: fix runtime-pm handling on unbind
    - serial: omap: suspend device on probe errors
    - tty: pty: Fix ldisc flush after userspace become aware of the data already
    - Bluetooth: Fix user channel for 32bit userspace on 64bit kernel
    - Bluetooth: hci_bcm: add missing tty-device sanity check
    - Bluetooth: hci_intel: add missing tty-device sanity check
    - mac80211: pass RX aggregation window size to driver
    - mac80211: pass block ack session timeout to to driver
    - mac80211: RX BA support for sta max_rx_aggregation_subframes
    - wlcore: Pass win_size taken from ieee80211_sta to FW
    - wlcore: Add RX_BA_WIN_SIZE_CHANGE_EVENT event
    - ipmi: Fix kernel panic at ipmi_ssif_thread()
    - Linux 4.4.69

  * Support IPMI system interface on Cavium ThunderX (LP: #1688132)
    - i2c: octeon: Cleanup kerneldoc comments
    - i2c: octeon: Cleanup i2c-octeon driver
    - i2c: octeon: Cleanup resource allocation code
    - i2c: octeon: Support I2C_M_RECV_LEN
    - i2c: octeon: Increase retry default and use fixed timeout value
    - i2c: octeon: Move set-clock and init-lowlevel upward
    - i2c: octeon: Rename [read|write]_sw to reg_[read|write]
    - i2c: octeon: Introduce helper functions for register access
    - i2c: octeon: Remove superfluous check in octeon_i2c_test_iflg
    - i2c: octeon: Improve error status checking
    - i2c: octeon: Use i2c recovery framework
    - i2c: octeon: Add flush writeq helper function
    - i2c: octeon: Enable High-Level Controller
    - i2c: octeon: Add support for cn78xx chips
    - i2c: octeon: Remove zero-length message support
    - i2c: octeon: Improve performance if interrupt is early
    - i2c: octeon: Add workaround for broken irqs on CN3860
    - i2c: octeon: Missing AAK flag in case of I2C_M_RECV_LEN
    - i2c: octeon: Avoid printk after too long SMBUS message
    - i2c: octeon: Rename driver to prepare for split
    - i2c: octeon: Split the driver into two parts
    - [Config] CONFIG_I2C_THUNDERX=m
    - i2c: thunderx: Add i2c driver for ThunderX SOC
    - i2c: thunderx: Add SMBUS alert support
    - i2c: octeon,thunderx: Move register offsets to struct
    - i2c: octeon: Sort include files alphabetically
    - i2c: octeon: Use booleon values for booleon variables
    - i2c: octeon: thunderx: Add MAINTAINERS entry
    - i2c: octeon: Fix set SCL recovery function
    - i2c: octeon: Avoid sending STOP during recovery
    - i2c: octeon: Fix high-level controller status check
    - i2c: octeon: thunderx: TWSI software reset in recovery
    - i2c: octeon: thunderx: Remove double-check after interrupt
    - i2c: octeon: thunderx: Limit register access retries
    - i2c: thunderx: Enable HWMON class probing

  * Xenial update to 4.4.68 stable release (LP: #1691418)
    - 9p: fix a potential acl leak
    - ARM: 8452/3: PJ4: make coprocessor access sequences buildable in Thumb2 mode
    - cpupower: Fix turbo frequency reporting for pre-Sandy Bridge cores
    - powerpc/powernv: Fix opal_exit tracepoint opcode
    - power: supply: bq24190_charger: Fix irq trigger to IRQF_TRIGGER_FALLING
    - power: supply: bq24190_charger: Call set_mode_host() on pm_resume()
    - power: supply: bq24190_charger: Install irq_handler_thread() at end of
      probe()
    - power: supply: bq24190_charger: Call power_supply_changed() for relevant
      component
    - power: supply: bq24190_charger: Don't read fault register outside
      irq_handle_thread()
    - power: supply: bq24190_charger: Handle fault before status on interrupt
    - leds: ktd2692: avoid harmless maybe-uninitialized warning
    - ARM: OMAP5 / DRA7: Fix HYP mode boot for thumb2 build
    - mwifiex: debugfs: Fix (sometimes) off-by-1 SSID print
    - mwifiex: remove redundant dma padding in AMSDU
    - mwifiex: Avoid skipping WEP key deletion for AP
    - x86/ioapic: Restore IO-APIC irq_chip retrigger callback
    - x86/pci-calgary: Fix iommu_free() comparison of unsigned expression >= 0
    - clk: Make x86/ conditional on CONFIG_COMMON_CLK
    - kprobes/x86: Fix kernel panic when certain exception-handling addresses are
      probed
    - x86/platform/intel-mid: Correct MSI IRQ line for watchdog device
    - Revert "KVM: nested VMX: disable perf cpuid reporting"
    - KVM: nVMX: initialize PML fields in vmcs02
    - KVM: nVMX: do not leak PML full vmexit to L1
    - usb: host: ehci-exynos: Decrese node refcount on exynos_ehci_get_phy() error
      paths
    - usb: host: ohci-exynos: Decrese node refcount on exynos_ehci_get_phy() error
      paths
    - usb: chipidea: Only read/write OTGSC from one place
    - usb: chipidea: Handle extcon events properly
    - USB: serial: keyspan_pda: fix receive sanity checks
    - USB: serial: digi_acceleport: fix incomplete rx sanity check
    - USB: serial: ssu100: fix control-message error handling
    - USB: serial: io_edgeport: fix epic-descriptor handling
    - USB: serial: ti_usb_3410_5052: fix control-message error handling
    - USB: serial: ark3116: fix open error handling
    - USB: serial: ftdi_sio: fix latency-timer error handling
    - USB: serial: quatech2: fix control-message error handling
    - USB: serial: mct_u232: fix modem-status error handling
    - USB: serial: io_edgeport: fix descriptor error handling
    - phy: qcom-usb-hs: Add depends on EXTCON
    - serial: 8250_omap: Fix probe and remove for PM runtime
    - scsi: mac_scsi: Fix MAC_SCSI=m option when SCSI=m
    - MIPS: R2-on-R6 MULTU/MADDU/MSUBU emulation bugfix
    - brcmfmac: Ensure pointer correctly set if skb data location changes
    - brcmfmac: Make skb header writable before use
    - staging: wlan-ng: add missing byte order conversion
    - staging: emxx_udc: remove incorrect __init annotations
    - ALSA: hda - Fix deadlock of controller device lock at unbinding
    - tcp: do not underestimate skb->truesize in tcp_trim_head()
    - bpf, arm64: fix jit branch offset related to ldimm64
    - tcp: fix wraparound issue in tcp_lp
    - tcp: do not inherit fastopen_req from parent
    - ipv4, ipv6: ensure raw socket message is big enough to hold an IP header
    - rtnetlink: NUL-terminate IFLA_PHYS_PORT_NAME string
    - ipv6: initialize route null entry in addrconf_init()
    - ipv6: reorder ip6_route_dev_notifier after ipv6_dev_notf
    - bnxt_en: allocate enough space for ->ntp_fltr_bmap
    - f2fs: sanity check segment count
    - drm/ttm: fix use-after-free races in vm fault handling
    - block: get rid of blk_integrity_revalidate()
    - Linux 4.4.68

  * Keyboard backlight control does not work on some dell laptops.
    (LP: #1693126)
    - platform/x86: dell-laptop: Add Latitude 7480 and others to the DMI whitelist
    - platform/x86: dell-laptop: Add keyboard backlight timeout AC settings

  * Upgrade Redpine WLAN/BT driver to ver. 1.2.RC9 (LP: #1690498)
    - SAUCE: Redpine: Upgrade to ver. 1.2.RC9

  * exec'ing a setuid binary from a threaded program sometimes fails to setuid
    (LP: #1672819)
    - SAUCE: exec: ensure file system accounting in check_unsafe_exec is correct

  * attempts to rename vlans / vlans have addr_assign_type of 0 on kernel 4.4
    (LP: #1682871)
    - vlan: Propagate MAC address to VLANs

  * Exar usb-serial doesn't restore baud rate after resume from S3/S4
    (LP: #1690362)
    - SAUCE: xr-usb-serial: re-initialise baudrate after resume from S3/S4

  * st_pressure, st_accel IIO drivers fail to detect sensors after reloading
    kernel modules (LP: #1690310)
    - SAUCE: (no-up) iio: st_pressure: st_accel: Initialise sensor platform data
      properly

  * nvidia-docker on ppc64le-ubuntu16.04  issue due to cross-thread naming if
    !PR_DUMPABLE (LP: #1690225)
    - procfs: fix pthread cross-thread naming if !PR_DUMPABLE

  * linux xenial derivatives fail to build (LP: #1691814)
    - [Packaging] Set do_tools_common in common vars

linux (4.4.0-81.104) xenial; urgency=low

  * CVE-2017-1000364
    - mm: enlarge stack guard gap
    - mm: do not collapse stack gap into THP

Date: 2017-06-26 18:07:13.901327+00:00
Changed-By: Thadeu Lima de Souza Cascardo <thadeu.cascardo at canonical.com>
Signed-By: Łukasz Zemczak <lukasz.zemczak at canonical.com>
https://launchpad.net/ubuntu/+source/linux-lts-xenial/4.4.0-83.106~14.04.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the Trusty-changes mailing list