[ubuntu/xenial-security] linux-kvm 4.4.0-1054.61 (Accepted)
Andy Whitcroft
apw at canonical.com
Wed Aug 14 10:15:16 UTC 2019
linux-kvm (4.4.0-1054.61) xenial; urgency=medium
[ Ubuntu: 4.4.0-159.187 ]
* CVE-2019-1125
- x86/cpufeatures: Carve out CQM features retrieval
- x86/cpufeatures: Combine word 11 and 12 into a new scattered features word
- x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations
- x86/speculation: Enable Spectre v1 swapgs mitigations
- x86/entry/64: Use JMP instead of JMPQ
- x86/speculation/swapgs: Exclude ATOMs from speculation through SWAPGS
linux-kvm (4.4.0-1053.60) xenial; urgency=medium
* xenial/linux-kvm: 4.4.0-1053.60 -proposed tracker (LP: #1837591)
* CVE-2018-5383
- kvm: [Config]: CRYPTO_ECDH=m
* linux-kvm: please support kexec (LP: #1799791)
- [Config]: enable KEXEC and KEXEC_FILE
[ Ubuntu: 4.4.0-158.186 ]
* xenial/linux: 4.4.0-158.186 -proposed tracker (LP: #1837609)
* Packaging resync (LP: #1786013)
- [Packaging] resync git-ubuntu-log
- [Packaging] update helper scripts
* ixgbe{vf} - Physical Function gets IRQ when VF checks link state
(LP: #1836760)
- ixgbevf: Use cached link state instead of re-reading the value for ethtool
* CVE-2018-5383
- crypto: kpp - Key-agreement Protocol Primitives API (KPP)
- crypto: dh - Add DH software implementation
- crypto: ecdh - Add ECDH software support
- crypto: ecdh - make ecdh_shared_secret unique
- crypto: doc - add KPP documentation
- crypto: kpp, (ec)dh - fix typos
- crypto: ecc - remove unused function arguments
- crypto: ecc - remove unnecessary casts
- crypto: ecc - rename ecdh_make_pub_key()
- crypto: ecdh - add privkey generation support
- crypto: ecc - Fix NULL pointer deref. on no default_rng
- [Config] CRYPTO_ECDH=m
- Bluetooth: convert smp and selftest to crypto kpp API
- crypto: ecdh - add public key verification test
* Xenial update: 4.4.185 upstream stable release (LP: #1836668)
- fs/binfmt_flat.c: make load_flat_shared_library() work
- scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck()
- tracing: Silence GCC 9 array bounds warning
- gcc-9: silence 'address-of-packed-member' warning
- usb: chipidea: udc: workaround for endpoint conflict issue
- Input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD
- apparmor: enforce nullbyte at end of tag string
- parport: Fix mem leak in parport_register_dev_model
- parisc: Fix compiler warnings in float emulation code
- IB/hfi1: Insure freeze_work work_struct is canceled on shutdown
- MIPS: uprobes: remove set but not used variable 'epc'
- net: hns: Fix loopback test failed at copper ports
- sparc: perf: fix updated event period in response to PERF_EVENT_IOC_PERIOD
- scripts/checkstack.pl: Fix arm64 wrong or unknown architecture
- scsi: ufs: Check that space was properly alloced in copy_query_response
- s390/qeth: fix VLAN attribute in bridge_hostnotify udev event
- hwmon: (pmbus/core) Treat parameters as paged if on multiple pages
- Btrfs: fix race between readahead and device replace/removal
- btrfs: start readahead also in seed devices
- can: flexcan: fix timeout when set small bitrate
- can: purge socket error queue on sock destruct
- ARM: imx: cpuidle-imx6sx: Restrict the SW2ISO increase to i.MX6SX
- Bluetooth: Align minimum encryption key size for LE and BR/EDR connections
- Bluetooth: Fix regression with minimum encryption key size alignment
- SMB3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write
- cfg80211: fix memory leak of wiphy device name
- mac80211: drop robust management frames from unknown TA
- perf ui helpline: Use strlcpy() as a shorter form of strncpy() + explicit
set nul
- perf help: Remove needless use of strncpy()
- 9p/rdma: do not disconnect on down_interruptible EAGAIN
- 9p: acl: fix uninitialized iattr access
- 9p/rdma: remove useless check in cm_event_handler
- 9p: p9dirent_read: check network-provided name length
- net/9p: include trans_common.h to fix missing prototype warning.
- ovl: modify ovl_permission() to do checks on two inodes
- x86/speculation: Allow guests to use SSBD even if host does not
- cpu/speculation: Warn on unsupported mitigations= parameter
- sctp: change to hold sk after auth shkey is created successfully
- tipc: change to use register_pernet_device
- tipc: check msg->req data len in tipc_nl_compat_bearer_disable
- team: Always enable vlan tx offload
- ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while loop
- bonding: Always enable vlan tx offload
- net: check before dereferencing netdev_ops during busy poll
- Bluetooth: Fix faulty expression for minimum encryption key size check
- um: Compile with modern headers
- ASoC : cs4265 : readable register too low
- spi: bitbang: Fix NULL pointer dereference in spi_unregister_master
- ASoC: max98090: remove 24-bit format support if RJ is 0
- usb: gadget: fusb300_udc: Fix memory leak of fusb300->ep[i]
- usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC
- scsi: hpsa: correct ioaccel2 chaining
- ARC: Assume multiplier is always present
- ARC: fix build warning in elf.h
- MIPS: math-emu: do not use bools for arithmetic
- mfd: omap-usb-tll: Fix register offsets
- swiotlb: Make linux/swiotlb.h standalone includible
- bug.h: work around GCC PR82365 in BUG()
- MIPS: Workaround GCC __builtin_unreachable reordering bug
- ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME
- crypto: user - prevent operating on larval algorithms
- ALSA: seq: fix incorrect order of dest_client/dest_ports arguments
- ALSA: firewire-lib/fireworks: fix miss detection of received MIDI messages
- ALSA: usb-audio: fix sign unintended sign extension on left shifts
- lib/mpi: Fix karactx leak in mpi_powm
- btrfs: Ensure replaced device doesn't have pending chunk allocation
- tty: rocket: fix incorrect forward declaration of 'rp_init()'
- ARC: handle gcc generated __builtin_trap for older compiler
- arm64, vdso: Define vdso_{start,end} as array
- KVM: x86: degrade WARN to pr_warn_ratelimited
- dmaengine: imx-sdma: remove BD_INTR for channel0
- Linux 4.4.185
* Xenial update: 4.4.184 upstream stable release (LP: #1836667)
- Linux 4.4.184
* Xenial update: 4.4.183 upstream stable release (LP: #1836666)
- fs/fat/file.c: issue flush after the writeback of FAT
- sysctl: return -EINVAL if val violates minmax
- ipc: prevent lockup on alloc_msg and free_msg
- hugetlbfs: on restore reserve error path retain subpool reservation
- mm/cma.c: fix crash on CMA allocation if bitmap allocation fails
- mm/cma_debug.c: fix the break condition in cma_maxchunk_get()
- kernel/sys.c: prctl: fix false positive in validate_prctl_map()
- mfd: intel-lpss: Set the device in reset state when init
- mfd: twl6040: Fix device init errors for ACCCTL register
- perf/x86/intel: Allow PEBS multi-entry in watermark mode
- drm/bridge: adv7511: Fix low refresh rate selection
- ntp: Allow TAI-UTC offset to be set to zero
- f2fs: fix to avoid panic in do_recover_data()
- f2fs: fix to do sanity check on valid block count of segment
- iommu/vt-d: Set intel_iommu_gfx_mapped correctly
- ALSA: hda - Register irq handler after the chip initialization
- nvmem: core: fix read buffer in place
- fuse: retrieve: cap requested size to negotiated max_write
- nfsd: allow fh_want_write to be called twice
- x86/PCI: Fix PCI IRQ routing table memory leak
- platform/chrome: cros_ec_proto: check for NULL transfer function
- soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher
- clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288
- ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ahb" clock to SDMA
- ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ipg" clock to SDMA
- ARM: dts: imx6qdl: Specify IMX6QDL_CLK_IPG as "ipg" clock to SDMA
- PCI: rpadlpar: Fix leaked device_node references in add/remove paths
- PCI: rcar: Fix a potential NULL pointer dereference
- video: hgafb: fix potential NULL pointer dereference
- video: imsttfb: fix potential NULL pointer dereferences
- PCI: xilinx: Check for __get_free_pages() failure
- gpio: gpio-omap: add check for off wake capable gpios
- dmaengine: idma64: Use actual device for DMA transfers
- pwm: tiehrpwm: Update shadow register for disabling PWMs
- ARM: dts: exynos: Always enable necessary APIO_1V8 and ABB_1V8 regulators on
Arndale Octa
- pwm: Fix deadlock warning when removing PWM device
- ARM: exynos: Fix undefined instruction during Exynos5422 resume
- futex: Fix futex lock the wrong page
- ALSA: seq: Cover unsubscribe_port() in list_mutex
- libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk
- mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node
- fs/ocfs2: fix race in ocfs2_dentry_attach_lock()
- signal/ptrace: Don't leak unitialized kernel memory with PTRACE_PEEK_SIGINFO
- ptrace: restore smp_rmb() in __ptrace_may_access()
- i2c: acorn: fix i2c warning
- bcache: fix stack corruption by PRECEDING_KEY()
- cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css()
- ASoC: cs42xx8: Add regcache mask dirty
- Drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var
- scsi: lpfc: add check for loss of ndlp when sending RRQ
- scsi: bnx2fc: fix incorrect cast to u64 on shift operation
- usbnet: ipheth: fix racing condition
- KVM: x86/pmu: do not mask the value that is written to fixed PMUs
- KVM: s390: fix memory slot handling for KVM_SET_USER_MEMORY_REGION
- drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to an
invalid read
- drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define()
- USB: Fix chipmunk-like voice when using Logitech C270 for recording audio.
- USB: usb-storage: Add new ID to ums-realtek
- USB: serial: pl2303: add Allied Telesis VT-Kit3
- USB: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode
- USB: serial: option: add Telit 0x1260 and 0x1261 compositions
- ax25: fix inconsistent lock state in ax25_destroy_timer
- be2net: Fix number of Rx queues used for flow hashing
- ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero
- lapb: fixed leak of control-blocks.
- neigh: fix use-after-free read in pneigh_get_next
- sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg
- mISDN: make sure device name is NUL terminated
- x86/CPU/AMD: Don't force the CPB cap when running under a hypervisor
- perf/ring_buffer: Fix exposing a temporarily decreased data_head
- perf/ring_buffer: Add ordering to rb->nest increment
- gpio: fix gpio-adp5588 build errors
- net: tulip: de4x5: Drop redundant MODULE_DEVICE_TABLE()
- i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr
- configfs: Fix use-after-free when accessing sd->s_dentry
- ia64: fix build errors by exporting paddr_to_nid()
- KVM: PPC: Book3S: Use new mutex to synchronize access to rtas token list
- net: sh_eth: fix mdio access in sh_eth_close() for R-Car Gen2 and RZ/A1 SoCs
- scsi: libcxgbi: add a check for NULL pointer in cxgbi_check_route()
- scsi: libsas: delete sas port if expander discover failed
- Revert "crypto: crypto4xx - properly set IV after de- and encrypt"
- coredump: fix race condition between mmget_not_zero()/get_task_mm() and core
dumping
- Abort file_remove_privs() for non-reg. files
- Linux 4.4.183
* CVE-2019-12614
- powerpc/pseries/dlpar: Fix a missing check in dlpar_parse_cc_property()
* bnx2x driver causes 100% CPU load (LP: #1832082)
- bnx2x: Prevent ptp_task to be rescheduled indefinitely
* Xenial update: 4.4.182 upstream stable release (LP: #1836665)
- Linux 4.4.182
* Xenial kernel 4.4.0-155.182 fails to build perf with libnuma (LP: #1836585)
- Revert "UBUNTU: SAUCE: perf/bench: Drop definition of BIT in numa.c"
* CVE-2019-10126
- mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies()
* CVE-2019-3846
- mwifiex: Fix possible buffer overflows at parsing bss descriptor
[ Ubuntu: 4.4.0-157.185 ]
* linux: 4.4.0-157.185 -proposed tracker (LP: #1837476)
* systemd 229-4ubuntu21.22 ADT test failure with linux 4.4.0-156.183 (storage)
(LP: #1837235)
- Revert "block/bio: Do not zero user pages"
- Revert "block: Clear kernel memory before copying to user"
- Revert "bio_copy_from_iter(): get rid of copying iov_iter"
[ Ubuntu: 4.4.0-156.183 ]
* linux: 4.4.0-156.183 -proposed tracker (LP: #1836880)
* BCM43602 802.11ac Wireless regression - PCI ID 14e4:43ba (LP: #1836801)
- brcmfmac: add eth_type_trans back for PCIe full dongle
Date: 2019-08-02 09:28:27.199457+00:00
Changed-By: Kleber Sacilotto de Souza <kleber.souza at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1054.61
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list