[ubuntu/xenial-security] linux-gcp 4.10.0-1004.4 (Accepted)

Łukasz Zemczak lukasz.zemczak at canonical.com
Mon Aug 28 10:28:39 UTC 2017 

linux-gcp (4.10.0-1004.4) xenial; urgency=low

  * linux-gcp: 4.10.0-1004.4 -proposed tracker (LP: #1712170)
    - [Packaging]: update common config

  * Please only recommend or suggest initramfs-tools | linux-initramfs-tool for
    kernels able to boot without initramfs (LP: #1700972)
    - [Debian] Don't depend on initramfs-tools

  [ Ubuntu: 4.10.0-33.37 ]

  * linux: 4.10.0-33.37 -proposed tracker (LP: #1709303)
  * CVE-2017-1000112
    - Revert "udp: consistently apply ufo or fragmentation"
    - udp: consistently apply ufo or fragmentation
  * CVE-2017-1000111
    - Revert "net-packet: fix race in packet_set_ring on PACKET_RESERVE"
    - packet: fix tp_reserve race in packet_set_ring
  * ThunderX: soft lockup on 4.8+ kernels when running qemu-efi with vhost=on
    (LP: #1673564)
    - irqchip/gic-v3: Add missing system register definitions
    - arm64: KVM: Do not use stack-protector to compile EL2 code
    - KVM: arm/arm64: vgic-v3: Use PREbits to infer the number of ICH_APxRn_EL2
      registers
    - KVM: arm/arm64: vgic-v3: Fix nr_pre_bits bitfield extraction
    - arm64: Add a facility to turn an ESR syndrome into a sysreg encoding
    - KVM: arm/arm64: vgic-v3: Add accessors for the ICH_APxRn_EL2 registers
    - KVM: arm64: Make kvm_condition_valid32() accessible from EL2
    - KVM: arm64: vgic-v3: Add hook to handle guest GICv3 sysreg accesses at EL2
    - KVM: arm64: vgic-v3: Add ICV_BPR1_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_IGRPEN1_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_IAR1_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_EOIR1_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_AP1Rn_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_HPPIR1_EL1 handler
    - KVM: arm64: vgic-v3: Enable trapping of Group-1 system registers
    - KVM: arm64: Enable GICv3 Group-1 sysreg trapping via command-line
    - KVM: arm64: vgic-v3: Add ICV_BPR0_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_IGNREN0_EL1 handler
    - KVM: arm64: vgic-v3: Add misc Group-0 handlers
    - KVM: arm64: vgic-v3: Enable trapping of Group-0 system registers
    - KVM: arm64: Enable GICv3 Group-0 sysreg trapping via command-line
    - arm64: Add MIDR values for Cavium cn83XX SoCs
    - [Config] CONFIG_CAVIUM_ERRATUM_30115=y
    - arm64: Add workaround for Cavium Thunder erratum 30115
    - KVM: arm64: vgic-v3: Add ICV_DIR_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_RPR_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_CTLR_EL1 handler
    - KVM: arm64: vgic-v3: Add ICV_PMR_EL1 handler
    - KVM: arm64: Enable GICv3 common sysreg trapping via command-line
    - KVM: arm64: vgic-v3: Log which GICv3 system registers are trapped
    - arm64: KVM: Make unexpected reads from WO registers inject an undef
    - KVM: arm64: Log an error if trapping a read-from-write-only GICv3 access
    - KVM: arm64: Log an error if trapping a write-to-read-only GICv3 access
  * ibmvscsis: Do not send aborted task response (LP: #1689365)
    - target: Fix unknown fabric callback queue-full errors
    - ibmvscsis: Do not send aborted task response
    - ibmvscsis: Clear left-over abort_cmd pointers
    - ibmvscsis: Fix the incorrect req_lim_delta
  * hisi_sas performance improvements (LP: #1708734)
    - scsi: hisi_sas: define hisi_sas_device.device_id as int
    - scsi: hisi_sas: optimise the usage of hisi_hba.lock
    - scsi: hisi_sas: relocate sata_done_v2_hw()
    - scsi: hisi_sas: optimise DMA slot memory
  * hisi_sas driver reports mistakes timed out task for internal abort
    (LP: #1708730)
    - scsi: hisi_sas: fix timeout check in hisi_sas_internal_task_abort()
  * scsi: hisi_sas: add null check before indirect pointer dereference
    (LP: #1708714)
    - scsi: hisi_sas: add null check before indirect pointer dereference
  * [LTCTest][Opal][FW860.20] HMI recoverable errors failed to recover and
    system goes to dump state. (LP: #1684054)
    - powerpc/64: Fix HMI exception on LE with CONFIG_RELOCATABLE=y
  * Set CONFIG_SATA_HIGHBANK=y on armhf (LP: #1703430)
    - [Config] CONFIG_SATA_HIGHBANK=y
  * Adt tests of src:linux time out often on armhf lxc containers (LP: #1705495)
    - [Packaging] tests -- reduce rebuild test to one flavour
  * support Hip07/08 I2C controller (LP: #1708293)
    - ACPI / APD: Add clock frequency for Hisilicon Hip07/08 I2C controller
    - i2c: designware: Add ACPI HID for Hisilicon Hip07/08 I2C controller
  * Mute key LED does not work on HP ProBook 440 (LP: #1705586)
    - ALSA: hda - Add HP ZBook 15u G3 Conexant CX20724 GPIO mute leds
    - ALSA: hda - Add mute led support for HP ProBook 440 G4
  * Hisilicon D05 onboard fibre NIC link indicator LEDs don't work
    (LP: #1704903)
    - net: hns: add acpi function of xge led control
  * zesty unable to handle kernel NULL pointer dereference (LP: #1680904)
    - drm/i915: Do not drop pagetables when empty
  * hns: use after free in hns_nic_net_xmit_hw (LP: #1704885)
    - net: hns: Fix a skb used after free bug
  * [ARM64] config EDAC_GHES=y depends on EDAC_MM_EDAC=y (LP: #1706141)
    - [Config] set EDAC_MM_EDAC=y for ARM64
  * [Hyper-V] hv_netvsc: Exclude non-TCP port numbers from vRSS hashing
    (LP: #1690174)
    - hv_netvsc: Exclude non-TCP port numbers from vRSS hashing
  * ath10k doesn't report full RSSI information (LP: #1706531)
    - ath10k: add per chain RSSI reporting
  * ideapad_laptop don't support v310-14isk (LP: #1705378)
    - platform/x86: ideapad-laptop: Add several models to no_hw_rfkill
  * hns: ethtool selftest crashes system (LP: #1705712)
    - net/hns:bugfix of ethtool -t phy self_test
  * ath9k freezes suspend resume Ubuntu 17.04 (LP: #1697027)
    - ath9k: fix an invalid pointer dereference in ath9k_rng_stop()
  * xhci_hcd: ERROR Transfer event TRB DMA ptr not part of current TD ep_index 2
    comp_code 13 (LP: #1667750)
    - xhci: Bad Ethernet performance plugged in ASM1042A host
  * Migrating KSM page causes the VM lock up as the KSM page merging list is too
    large (LP: #1680513)
    - ksm: introduce ksm_max_page_sharing per page deduplication limit
    - ksm: fix use after free with merge_across_nodes = 0
    - ksm: cleanup stable_node chain collapse case
    - ksm: swap the two output parameters of chain/chain_prune
    - ksm: optimize refile of stable_node_dup at the head of the chain
  * Change CONFIG_IBMVETH to module (LP: #1704479)
    - [Config] CONFIG_IBMVETH=m
  * CVE-2017-7487
    - ipx: call ipxitf_put() in ioctl error path
  * Hotkeys on new Thinkpad systems aren't working (LP: #1705169)
    - platform/x86: thinkpad_acpi: guard generic hotkey case
    - platform/x86: thinkpad_acpi: add mapping for new hotkeys
  * misleading kernel warning skb_warn_bad_offload during checksum calculation
    (LP: #1705447)
    - net: reduce skb_warn_bad_offload() noise
  * Ubuntu 16.04.02: ibmveth: Support to enable LSO/CSO for Trunk VEA
    (LP: #1692538)
    - ibmveth: Support to enable LSO/CSO for Trunk VEA.
  * bonding: stack dump when unregistering a netdev (LP: #1704102)
    - bonding: avoid NETDEV_CHANGEMTU event when unregistering slave
  * Ubuntu 16.04 IOB Error when the Mustang board rebooted (LP: #1693673)
    - drivers: net: xgene: Fix redundant prefetch buffer cleanup
  * Ubuntu16.04: NVMe 4K+T10 DIF/DIX format returns I/O error on dd with split
    op (LP: #1689946)
    - blk-mq: NVMe 512B/4K+T10 DIF/DIX format returns I/O error on dd with split
      op
  * linux >= 4.2: bonding 802.3ad does not work with 5G, 25G and 50G link speeds
    (LP: #1697892)
    - bonding: add 802.3ad support for 25G speeds
    - bonding: fix 802.3ad support for 5G and 50G speeds
  * [SRU][Zesty] arm64: Add support for handling memory corruption
    (LP: #1696852)
    - arm64: mm: Update perf accounting to handle poison faults
    - arm64: hugetlb: Fix huge_pte_offset to return poisoned page table entries
    - arm64: kconfig: allow support for memory failure handling
    - arm64: hwpoison: add VM_FAULT_HWPOISON[_LARGE] handling
  * [SRU][Zesty] Add UEFI 2.6 and ACPI 6.1 updates for RAS on ARM64
    (LP: #1696570)
    - acpi: apei: read ack upon ghes record consumption
    - ras: acpi/apei: cper: add support for generic data v3 structure
    - cper: add timestamp print to CPER status printing
    - efi: parse ARM processor error
    - arm64: exception: handle Synchronous External Abort
    - acpi: apei: handle SEA notification type for ARMv8
    - acpi: apei: panic OS with fatal error status block
    - efi: print unrecognized CPER section
    - ras: acpi / apei: generate trace event for unrecognized CPER section
    - trace, ras: add ARM processor error trace event
    - ras: mark stub functions as 'inline'
    - arm/arm64: KVM: add guest SEA support
    - acpi: apei: check for pending errors when probing GHES entries
    - [Config] CONFIG_ACPI_APEI_SEA=y

  [ Ubuntu: 4.10.0-32.36 ]

  * CVE-2017-1000112
    - udp: avoid ufo handling on IP payload compression packets
    - net: account for current skb length when deciding about UFO
    - udp: consistently apply ufo or fragmentation
  * CVE-2017-1000111
    - net-packet: fix race in packet_set_ring on PACKET_RESERVE

  [ Ubuntu: 4.10.0-30.34 ]

  * CVE-2017-7533
    - dentry name snapshots

Date: 2017-08-21 19:30:13.394504+00:00
Changed-By: Thadeu Lima de Souza Cascardo <thadeu.cascardo at canonical.com>
Signed-By: Łukasz Zemczak <lukasz.zemczak at canonical.com>
https://launchpad.net/ubuntu/+source/linux-gcp/4.10.0-1004.4
-------------- next part --------------
Sorry, changesfile not available.

More information about the Xenial-changes mailing list