[ubuntu/xenial-security] linux-gke 4.4.0-1018.18 (Accepted)
Łukasz Zemczak
lukasz.zemczak at canonical.com
Wed Jun 28 16:42:37 UTC 2017
linux-gke (4.4.0-1018.18) xenial; urgency=low
* linux-gke: 4.4.0-1018.18 -proposed tracker (LP: #1700550)
[ Ubuntu: 4.4.0-83.106 ]
* linux: 4.4.0-83.106 -proposed tracker (LP: #1700541)
* CVE-2017-1000364
- Revert "UBUNTU: SAUCE: mm: Only expand stack if guard area is hit"
- Revert "mm: do not collapse stack gap into THP"
- Revert "mm: enlarge stack guard gap"
- mm: vma_adjust: remove superfluous confusing update in remove_next == 1 case
- mm: larger stack guard gap, between vmas
- mm: fix new crash in unmapped_area_topdown()
- Allow stack to grow up to address space limit
linux-gke (4.4.0-1017.17) xenial; urgency=low
* linux-gke: 4.4.0-1017.17 -proposed tracker (LP: #1699070)
[ Ubuntu: 4.4.0-82.105 ]
* linux: 4.4.0-82.105 -proposed tracker (LP: #1699064)
* CVE-2017-1000364
- SAUCE: mm: Only expand stack if guard area is hit
* linux-aws/linux-gke incorrectly producing and using linux-*-tools-
common/linux-*-cloud-tools-common (LP: #1688579)
- [Config] make linux-tools-common and linux-cloud-tools-common protection
consistent
* CVE-2017-9242
- ipv6: fix out of bound writes in __ip6_append_data()
* CVE-2017-9075
- sctp: do not inherit ipv6_{mc|ac|fl}_list from parent
* CVE-2017-9074
- ipv6: Prevent overrun when parsing v6 header options
* CVE-2017-9076
- ipv6/dccp: do not inherit ipv6_mc_list from parent
* CVE-2017-9077
- ipv6/dccp: do not inherit ipv6_mc_list from parent
* CVE-2017-8890
- dccp/tcp: do not inherit mc_list from parent
* Module signing exclusion for staging drivers does not work properly
(LP: #1690908)
- SAUCE: Fix module signing exclusion in package builds
* extend-diff-ignore should use exact matches (LP: #1693504)
- [Packaging] exact extend-diff-ignore matches
* Dell XPS 9360 wifi 5G performance is poor (LP: #1692836)
- SAUCE: ath10k: fix the wifi speed issue for kill 1535
* Upgrade Redpine WLAN/BT driver to ver. 1.2.RC12 (LP: #1694607)
- SAUCE: Redpine: Upgrade to ver. 1.2.RC12
* [DP MST] No audio output through HDMI/DP/mDP ports in Dell WD15 and TB15
docking stations (LP: #1694665)
- drm/i915: Store port enum in intel_encoder
- drm/i915: Eliminate redundant local variable definition
- drm/i915: Switch to using port stored in intel_encoder
- drm/i915: Move audio_connector to intel_encoder
- drm/i915/dp: DP audio API changes for MST
- drm/i915: abstract ddi being audio enabled
- drm/i915/audio: extend get_saved_enc() to support more scenarios
- drm/i915: enable dp mst audio
* Xenial update to 4.4.70 stable release (LP: #1694621)
- usb: misc: legousbtower: Fix buffers on stack
- usb: misc: legousbtower: Fix memory leak
- USB: ene_usb6250: fix DMA to the stack
- watchdog: pcwd_usb: fix NULL-deref at probe
- char: lp: fix possible integer overflow in lp_setup()
- USB: core: replace %p with %pK
- ARM: tegra: paz00: Mark panel regulator as enabled on boot
- tpm_crb: check for bad response size
- infiniband: call ipv6 route lookup via the stub interface
- dm btree: fix for dm_btree_find_lowest_key()
- dm raid: select the Kconfig option CONFIG_MD_RAID0
- dm bufio: avoid a possible ABBA deadlock
- dm bufio: check new buffer allocation watermark every 30 seconds
- dm cache metadata: fail operations if fail_io mode has been established
- dm bufio: make the parameter "retain_bytes" unsigned long
- dm thin metadata: call precommit before saving the roots
- dm space map disk: fix some book keeping in the disk space map
- md: update slab_cache before releasing new stripes when stripes resizing
- rtlwifi: rtl8821ae: setup 8812ae RFE according to device type
- mwifiex: pcie: fix cmd_buf use-after-free in remove/reset
- ima: accept previously set IMA_NEW_FILE
- KVM: x86: Fix load damaged SSEx MXCSR register
- KVM: X86: Fix read out-of-bounds vulnerability in kvm pio emulation
- regulator: tps65023: Fix inverted core enable logic.
- s390/kdump: Add final note
- s390/cputime: fix incorrect system time
- ath9k_htc: Add support of AirTies 1eda:2315 AR9271 device
- ath9k_htc: fix NULL-deref at probe
- drm/amdgpu: Avoid overflows/divide-by-zero in latency_watermark
calculations.
- drm/amdgpu: Make display watermark calculations more accurate
- drm/nouveau/therm: remove ineffective workarounds for alarm bugs
- drm/nouveau/tmr: ack interrupt before processing alarms
- drm/nouveau/tmr: fix corruption of the pending list when rescheduling an
alarm
- drm/nouveau/tmr: avoid processing completed alarms when adding a new one
- drm/nouveau/tmr: handle races with hw when updating the next alarm time
- cdc-acm: fix possible invalid access when processing notification
- proc: Fix unbalanced hard link numbers
- of: fix sparse warning in of_pci_range_parser_one
- iio: dac: ad7303: fix channel description
- pid_ns: Sleep in TASK_INTERRUPTIBLE in zap_pid_ns_processes
- pid_ns: Fix race between setns'ed fork() and zap_pid_ns_processes()
- USB: serial: ftdi_sio: fix setting latency for unprivileged users
- USB: serial: ftdi_sio: add Olimex ARM-USB-TINY(H) PIDs
- ext4 crypto: don't let data integrity writebacks fail with ENOMEM
- ext4 crypto: fix some error handling
- net: qmi_wwan: Add SIMCom 7230E
- fscrypt: fix context consistency check when key(s) unavailable
- f2fs: check entire encrypted bigname when finding a dentry
- fscrypt: avoid collisions when presenting long encrypted filenames
- usb: host: xhci-plat: propagate return value of platform_get_irq()
- xhci: apply PME_STUCK_QUIRK and MISSING_CAS quirk for Denverton
- usb: host: xhci-mem: allocate zeroed Scratchpad Buffer
- net: irda: irda-usb: fix firmware name on big-endian hosts
- usbvision: fix NULL-deref at probe
- mceusb: fix NULL-deref at probe
- ttusb2: limit messages to buffer size
- usb: musb: tusb6010_omap: Do not reset the other direction's packet size
- USB: iowarrior: fix info ioctl on big-endian hosts
- usb: serial: option: add Telit ME910 support
- USB: serial: qcserial: add more Lenovo EM74xx device IDs
- USB: serial: mct_u232: fix big-endian baud-rate handling
- USB: serial: io_ti: fix div-by-zero in set_termios
- USB: hub: fix SS hub-descriptor handling
- USB: hub: fix non-SS hub-descriptor handling
- ipx: call ipxitf_put() in ioctl error path
- iio: proximity: as3935: fix as3935_write
- ceph: fix recursion between ceph_set_acl() and __ceph_setattr()
- gspca: konica: add missing endpoint sanity check
- s5p-mfc: Fix unbalanced call to clock management
- dib0700: fix NULL-deref at probe
- zr364xx: enforce minimum size when reading header
- dvb-frontends/cxd2841er: define symbol_rate_min/max in T/C fe-ops
- cx231xx-audio: fix init error path
- cx231xx-audio: fix NULL-deref at probe
- cx231xx-cards: fix NULL-deref at probe
- powerpc/book3s/mce: Move add_taint() later in virtual mode
- powerpc/pseries: Fix of_node_put() underflow during DLPAR remove
- powerpc/64e: Fix hang when debugging programs with relocated kernel
- ARM: dts: at91: sama5d3_xplained: fix ADC vref
- ARM: dts: at91: sama5d3_xplained: not all ADC channels are available
- arm64: xchg: hazard against entire exchange variable
- arm64: uaccess: ensure extension of access_ok() addr
- arm64: documentation: document tagged pointer stack constraints
- xc2028: Fix use-after-free bug properly
- Revert "UBUNTU: SAUCE: mm: Respect FOLL_FORCE/FOLL_COW for thp"
- mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp
- staging: rtl8192e: fix 2 byte alignment of register BSSIDR.
- staging: rtl8192e: rtl92e_get_eeprom_size Fix read size of EPROM_CMD.
- iommu/vt-d: Flush the IOTLB to get rid of the initial kdump mappings
- metag/uaccess: Fix access_ok()
- metag/uaccess: Check access_ok in strncpy_from_user
- uwb: fix device quirk on big-endian hosts
- genirq: Fix chained interrupt data ordering
- osf_wait4(): fix infoleak
- tracing/kprobes: Enforce kprobes teardown after testing
- PCI: Fix pci_mmap_fits() for HAVE_PCI_RESOURCE_TO_USER platforms
- PCI: Freeze PME scan before suspending devices
- drm/edid: Add 10 bpc quirk for LGD 764 panel in HP zBook 17 G2
- nfsd: encoders mustn't use unitialized values in error cases
- drivers: char: mem: Check for address space wraparound with mmap()
- Linux 4.4.70
* Xenial update to 4.4.69 stable release (LP: #1692900)
- xen: adjust early dom0 p2m handling to xen hypervisor behavior
- target: Fix compare_and_write_callback handling for non GOOD status
- target/fileio: Fix zero-length READ and WRITE handling
- target: Convert ACL change queue_depth se_session reference usage
- iscsi-target: Set session_fall_back_to_erl0 when forcing reinstatement
- usb: host: xhci: print correct command ring address
- USB: serial: ftdi_sio: add device ID for Microsemi/Arrow SF2PLUS Dev Kit
- USB: Proper handling of Race Condition when two USB class drivers try to
call init_usb_class simultaneously
- staging: vt6656: use off stack for in buffer USB transfers.
- staging: vt6656: use off stack for out buffer USB transfers.
- staging: gdm724x: gdm_mux: fix use-after-free on module unload
- staging: comedi: jr3_pci: fix possible null pointer dereference
- staging: comedi: jr3_pci: cope with jiffies wraparound
- usb: misc: add missing continue in switch
- usb: Make sure usb/phy/of gets built-in
- usb: hub: Fix error loop seen after hub communication errors
- usb: hub: Do not attempt to autosuspend disconnected devices
- x86/boot: Fix BSS corruption/overwrite bug in early x86 kernel startup
- selftests/x86/ldt_gdt_32: Work around a glibc sigaction() bug
- x86, pmem: Fix cache flushing for iovec write < 8 bytes
- um: Fix PTRACE_POKEUSER on x86_64
- KVM: x86: fix user triggerable warning in kvm_apic_accept_events()
- KVM: arm/arm64: fix races in kvm_psci_vcpu_on
- block: fix blk_integrity_register to use template's interval_exp if not 0
- crypto: algif_aead - Require setkey before accept(2)
- dm era: save spacemap metadata root after the pre-commit
- vfio/type1: Remove locked page accounting workqueue
- IB/core: Fix sysfs registration error flow
- IB/IPoIB: ibX: failed to create mcg debug file
- IB/mlx4: Fix ib device initialization error flow
- IB/mlx4: Reduce SRIOV multicast cleanup warning message to debug level
- ext4: evict inline data when writing to memory map
- fs/xattr.c: zero out memory copied to userspace in getxattr
- ceph: fix memory leak in __ceph_setxattr()
- fs/block_dev: always invalidate cleancache in invalidate_bdev()
- Set unicode flag on cifs echo request to avoid Mac error
- SMB3: Work around mount failure when using SMB3 dialect to Macs
- CIFS: fix mapping of SFM_SPACE and SFM_PERIOD
- cifs: fix CIFS_IOC_GET_MNT_INFO oops
- CIFS: add misssing SFM mapping for doublequote
- padata: free correct variable
- arm64: KVM: Fix decoding of Rt/Rt2 when trapping AArch32 CP accesses
- serial: samsung: Use right device for DMA-mapping calls
- serial: omap: fix runtime-pm handling on unbind
- serial: omap: suspend device on probe errors
- tty: pty: Fix ldisc flush after userspace become aware of the data already
- Bluetooth: Fix user channel for 32bit userspace on 64bit kernel
- Bluetooth: hci_bcm: add missing tty-device sanity check
- Bluetooth: hci_intel: add missing tty-device sanity check
- mac80211: pass RX aggregation window size to driver
- mac80211: pass block ack session timeout to to driver
- mac80211: RX BA support for sta max_rx_aggregation_subframes
- wlcore: Pass win_size taken from ieee80211_sta to FW
- wlcore: Add RX_BA_WIN_SIZE_CHANGE_EVENT event
- ipmi: Fix kernel panic at ipmi_ssif_thread()
- Linux 4.4.69
* Support IPMI system interface on Cavium ThunderX (LP: #1688132)
- i2c: octeon: Cleanup kerneldoc comments
- i2c: octeon: Cleanup i2c-octeon driver
- i2c: octeon: Cleanup resource allocation code
- i2c: octeon: Support I2C_M_RECV_LEN
- i2c: octeon: Increase retry default and use fixed timeout value
- i2c: octeon: Move set-clock and init-lowlevel upward
- i2c: octeon: Rename [read|write]_sw to reg_[read|write]
- i2c: octeon: Introduce helper functions for register access
- i2c: octeon: Remove superfluous check in octeon_i2c_test_iflg
- i2c: octeon: Improve error status checking
- i2c: octeon: Use i2c recovery framework
- i2c: octeon: Add flush writeq helper function
- i2c: octeon: Enable High-Level Controller
- i2c: octeon: Add support for cn78xx chips
- i2c: octeon: Remove zero-length message support
- i2c: octeon: Improve performance if interrupt is early
- i2c: octeon: Add workaround for broken irqs on CN3860
- i2c: octeon: Missing AAK flag in case of I2C_M_RECV_LEN
- i2c: octeon: Avoid printk after too long SMBUS message
- i2c: octeon: Rename driver to prepare for split
- i2c: octeon: Split the driver into two parts
- [Config] CONFIG_I2C_THUNDERX=m
- i2c: thunderx: Add i2c driver for ThunderX SOC
- i2c: thunderx: Add SMBUS alert support
- i2c: octeon,thunderx: Move register offsets to struct
- i2c: octeon: Sort include files alphabetically
- i2c: octeon: Use booleon values for booleon variables
- i2c: octeon: thunderx: Add MAINTAINERS entry
- i2c: octeon: Fix set SCL recovery function
- i2c: octeon: Avoid sending STOP during recovery
- i2c: octeon: Fix high-level controller status check
- i2c: octeon: thunderx: TWSI software reset in recovery
- i2c: octeon: thunderx: Remove double-check after interrupt
- i2c: octeon: thunderx: Limit register access retries
- i2c: thunderx: Enable HWMON class probing
* Xenial update to 4.4.68 stable release (LP: #1691418)
- 9p: fix a potential acl leak
- ARM: 8452/3: PJ4: make coprocessor access sequences buildable in Thumb2 mode
- cpupower: Fix turbo frequency reporting for pre-Sandy Bridge cores
- powerpc/powernv: Fix opal_exit tracepoint opcode
- power: supply: bq24190_charger: Fix irq trigger to IRQF_TRIGGER_FALLING
- power: supply: bq24190_charger: Call set_mode_host() on pm_resume()
- power: supply: bq24190_charger: Install irq_handler_thread() at end of
probe()
- power: supply: bq24190_charger: Call power_supply_changed() for relevant
component
- power: supply: bq24190_charger: Don't read fault register outside
irq_handle_thread()
- power: supply: bq24190_charger: Handle fault before status on interrupt
- leds: ktd2692: avoid harmless maybe-uninitialized warning
- ARM: OMAP5 / DRA7: Fix HYP mode boot for thumb2 build
- mwifiex: debugfs: Fix (sometimes) off-by-1 SSID print
- mwifiex: remove redundant dma padding in AMSDU
- mwifiex: Avoid skipping WEP key deletion for AP
- x86/ioapic: Restore IO-APIC irq_chip retrigger callback
- x86/pci-calgary: Fix iommu_free() comparison of unsigned expression >= 0
- clk: Make x86/ conditional on CONFIG_COMMON_CLK
- kprobes/x86: Fix kernel panic when certain exception-handling addresses are
probed
- x86/platform/intel-mid: Correct MSI IRQ line for watchdog device
- Revert "KVM: nested VMX: disable perf cpuid reporting"
- KVM: nVMX: initialize PML fields in vmcs02
- KVM: nVMX: do not leak PML full vmexit to L1
- usb: host: ehci-exynos: Decrese node refcount on exynos_ehci_get_phy() error
paths
- usb: host: ohci-exynos: Decrese node refcount on exynos_ehci_get_phy() error
paths
- usb: chipidea: Only read/write OTGSC from one place
- usb: chipidea: Handle extcon events properly
- USB: serial: keyspan_pda: fix receive sanity checks
- USB: serial: digi_acceleport: fix incomplete rx sanity check
- USB: serial: ssu100: fix control-message error handling
- USB: serial: io_edgeport: fix epic-descriptor handling
- USB: serial: ti_usb_3410_5052: fix control-message error handling
- USB: serial: ark3116: fix open error handling
- USB: serial: ftdi_sio: fix latency-timer error handling
- USB: serial: quatech2: fix control-message error handling
- USB: serial: mct_u232: fix modem-status error handling
- USB: serial: io_edgeport: fix descriptor error handling
- phy: qcom-usb-hs: Add depends on EXTCON
- serial: 8250_omap: Fix probe and remove for PM runtime
- scsi: mac_scsi: Fix MAC_SCSI=m option when SCSI=m
- MIPS: R2-on-R6 MULTU/MADDU/MSUBU emulation bugfix
- brcmfmac: Ensure pointer correctly set if skb data location changes
- brcmfmac: Make skb header writable before use
- staging: wlan-ng: add missing byte order conversion
- staging: emxx_udc: remove incorrect __init annotations
- ALSA: hda - Fix deadlock of controller device lock at unbinding
- tcp: do not underestimate skb->truesize in tcp_trim_head()
- bpf, arm64: fix jit branch offset related to ldimm64
- tcp: fix wraparound issue in tcp_lp
- tcp: do not inherit fastopen_req from parent
- ipv4, ipv6: ensure raw socket message is big enough to hold an IP header
- rtnetlink: NUL-terminate IFLA_PHYS_PORT_NAME string
- ipv6: initialize route null entry in addrconf_init()
- ipv6: reorder ip6_route_dev_notifier after ipv6_dev_notf
- bnxt_en: allocate enough space for ->ntp_fltr_bmap
- f2fs: sanity check segment count
- drm/ttm: fix use-after-free races in vm fault handling
- block: get rid of blk_integrity_revalidate()
- Linux 4.4.68
* Keyboard backlight control does not work on some dell laptops.
(LP: #1693126)
- platform/x86: dell-laptop: Add Latitude 7480 and others to the DMI whitelist
- platform/x86: dell-laptop: Add keyboard backlight timeout AC settings
* Upgrade Redpine WLAN/BT driver to ver. 1.2.RC9 (LP: #1690498)
- SAUCE: Redpine: Upgrade to ver. 1.2.RC9
* exec'ing a setuid binary from a threaded program sometimes fails to setuid
(LP: #1672819)
- SAUCE: exec: ensure file system accounting in check_unsafe_exec is correct
* attempts to rename vlans / vlans have addr_assign_type of 0 on kernel 4.4
(LP: #1682871)
- vlan: Propagate MAC address to VLANs
* Exar usb-serial doesn't restore baud rate after resume from S3/S4
(LP: #1690362)
- SAUCE: xr-usb-serial: re-initialise baudrate after resume from S3/S4
* st_pressure, st_accel IIO drivers fail to detect sensors after reloading
kernel modules (LP: #1690310)
- SAUCE: (no-up) iio: st_pressure: st_accel: Initialise sensor platform data
properly
* nvidia-docker on ppc64le-ubuntu16.04 issue due to cross-thread naming if
!PR_DUMPABLE (LP: #1690225)
- procfs: fix pthread cross-thread naming if !PR_DUMPABLE
* linux xenial derivatives fail to build (LP: #1691814)
- [Packaging] Set do_tools_common in common vars
Date: 2017-06-26 22:22:13.800812+00:00
Changed-By: Thadeu Lima de Souza Cascardo <thadeu.cascardo at canonical.com>
Signed-By: Łukasz Zemczak <lukasz.zemczak at canonical.com>
https://launchpad.net/ubuntu/+source/linux-gke/4.4.0-1018.18
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list