[ubuntu/xenial-security] linux-kvm 4.4.0-1059.66 (Accepted)
Andy Whitcroft
apw at canonical.com
Tue Oct 1 13:02:19 UTC 2019
linux-kvm (4.4.0-1059.66) xenial; urgency=medium
* xenial/linux-kvm: 4.4.0-1059.66 -proposed tracker (LP: #1844407)
[ Ubuntu: 4.4.0-165.193 ]
* xenial/linux: 4.4.0-165.193 -proposed tracker (LP: #1844416)
* Xenial update: 4.4.187 upstream stable release (LP: #1840081)
- MIPS: ath79: fix ar933x uart parity mode
- MIPS: fix build on non-linux hosts
- dmaengine: imx-sdma: fix use-after-free on probe error path
- ath10k: Do not send probe response template for mesh
- ath9k: Check for errors when reading SREV register
- ath6kl: add some bounds checking
- ath: DFS JP domain W56 fixed pulse type 3 RADAR detection
- batman-adv: fix for leaked TVLV handler.
- media: dvb: usb: fix use after free in dvb_usb_device_exit
- crypto: talitos - fix skcipher failure due to wrong output IV
- media: marvell-ccic: fix DMA s/g desc number calculation
- media: vpss: fix a potential NULL pointer dereference
- net: stmmac: dwmac1000: Clear unused address entries
- signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig
- af_key: fix leaks in key_pol_get_resp and dump_sp.
- xfrm: Fix xfrm sel prefix length validation
- media: staging: media: davinci_vpfe: - Fix for memory leak if decoder
initialization fails.
- net: phy: Check against net_device being NULL
- tua6100: Avoid build warnings.
- locking/lockdep: Fix merging of hlocks with non-zero references
- media: wl128x: Fix some error handling in fm_v4l2_init_video_device()
- cpupower : frequency-set -r option misses the last cpu in related cpu list
- net: fec: Do not use netdev messages too early
- net: axienet: Fix race condition causing TX hang
- s390/qdio: handle PENDING state for QEBSM devices
- perf test 6: Fix missing kvm module load for s390
- gpio: omap: fix lack of irqstatus_raw0 for OMAP4
- gpio: omap: ensure irq is enabled before wakeup
- regmap: fix bulk writes on paged registers
- bpf: silence warning messages in core
- rcu: Force inlining of rcu_read_lock()
- xfrm: fix sa selector validation
- perf evsel: Make perf_evsel__name() accept a NULL argument
- vhost_net: disable zerocopy by default
- EDAC/sysfs: Fix memory leak when creating a csrow object
- media: i2c: fix warning same module names
- ntp: Limit TAI-UTC offset
- timer_list: Guard procfs specific code
- acpi/arm64: ignore 5.1 FADTs that are reported as 5.0
- media: coda: fix mpeg2 sequence number handling
- media: coda: increment sequence offset for the last returned frame
- mt7601u: do not schedule rx_tasklet when the device has been disconnected
- x86/build: Add 'set -e' to mkcapflags.sh to delete broken capflags.c
- mt7601u: fix possible memory leak when the device is disconnected
- ath10k: fix PCIE device wake up failed
- rslib: Fix decoding of shortened codes
- rslib: Fix handling of of caller provided syndrome
- ixgbe: Check DDM existence in transceiver before access
- EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec
- bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush()
- Bluetooth: hci_bcsp: Fix memory leak in rx_skb
- Bluetooth: 6lowpan: search for destination address in all peers
- Bluetooth: Check state in l2cap_disconnect_rsp
- Bluetooth: validate BLE connection interval updates
- crypto: ghash - fix unaligned memory access in ghash_setkey()
- crypto: arm64/sha1-ce - correct digest for empty data in finup
- crypto: arm64/sha2-ce - correct digest for empty data in finup
- Input: gtco - bounds check collection indent level
- regulator: s2mps11: Fix buck7 and buck8 wrong voltages
- tracing/snapshot: Resize spare buffer if size changed
- NFSv4: Handle the special Linux file open access mode
- lib/scatterlist: Fix mapping iterator when sg->offset is greater than
PAGE_SIZE
- ALSA: seq: Break too long mutex context in the write loop
- media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom()
- media: coda: Remove unbalanced and unneeded mutex unlock
- KVM: x86/vPMU: refine kvm_pmu err msg when event creation failed
- drm/nouveau/i2c: Enable i2c pads & busses during preinit
- padata: use smp_mb in padata_reorder to avoid orphaned padata jobs
- 9p/virtio: Add cleanup path in p9_virtio_init
- PCI: Do not poll for PME if the device is in D3cold
- take floppy compat ioctls to sodding floppy.c
- floppy: fix out-of-bounds read in next_valid_format
- floppy: fix invalid pointer dereference in drive_name
- coda: pass the host file in vma->vm_file on mmap
- gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM
- parisc: Fix kernel panic due invalid values in IAOQ0 or IAOQ1
- powerpc/32s: fix suspend/resume when IBATs 4-7 are used
- powerpc/watchpoint: Restore NV GPRs while returning from exception
- eCryptfs: fix a couple type promotion bugs
- intel_th: msu: Fix single mode with disabled IOMMU
- Bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug
- usb: Handle USB3 remote wakeup for LPM enabled devices correctly
- dm bufio: fix deadlock with loop device
- bnx2x: Prevent load reordering in tx completion processing
- caif-hsi: fix possible deadlock in cfhsi_exit_module()
- ipv4: don't set IPv6 only flags to IPv4 addresses
- net: bcmgenet: use promisc for unsupported filters
- net: neigh: fix multiple neigh timer scheduling
- nfc: fix potential illegal memory access
- sky2: Disable MSI on ASUS P6T
- netrom: fix a memory leak in nr_rx_frame()
- netrom: hold sock when setting skb->destructor
- tcp: Reset bytes_acked and bytes_received when disconnecting
- bonding: validate ip header before check IPPROTO_IGMP
- net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling
- net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query
- net: bridge: stp: don't cache eth dest pointer before skb pull
- elevator: fix truncation of icq_cache_name
- NFSv4: Fix open create exclusive when the server reboots
- nfsd: increase DRC cache limit
- nfsd: give out fewer session slots as limit approaches
- nfsd: fix performance-limiting session calculation
- nfsd: Fix overflow causing non-working mounts on 1 TB machines
- drm/panel: simple: Fix panel_simple_dsi_probe
- usb: core: hub: Disable hub-initiated U1/U2
- tty: max310x: Fix invalid baudrate divisors calculator
- pinctrl: rockchip: fix leaked of_node references
- tty: serial: cpm_uart - fix init when SMC is relocated
- memstick: Fix error cleanup path of memstick_init
- tty/serial: digicolor: Fix digicolor-usart already registered warning
- tty: serial: msm_serial: avoid system lockup condition
- drm/virtio: Add memory barriers for capset cache.
- phy: renesas: rcar-gen2: Fix memory leak at error paths
- usb: gadget: Zero ffs_io_data
- powerpc/pci/of: Fix OF flags parsing for 64bit BARs
- PCI: sysfs: Ignore lockdep for remove attribute
- iio: iio-utils: Fix possible incorrect mask calculation
- recordmcount: Fix spurious mcount entries on powerpc
- mfd: core: Set fwnode for created devices
- mfd: arizona: Fix undefined behavior
- um: Silence lockdep complaint about mmap_sem
- powerpc/4xx/uic: clear pending interrupt after irq type/pol change
- serial: sh-sci: Fix TX DMA buffer flushing and workqueue races
- kallsyms: exclude kasan local symbols on s390
- perf test mmap-thread-lookup: Initialize variable to suppress memory
sanitizer warning
- f2fs: avoid out-of-range memory access
- mailbox: handle failed named mailbox channel request
- powerpc/eeh: Handle hugepages in ioremap space
- sh: prevent warnings when using iounmap
- mm/kmemleak.c: fix check for softirq context
- 9p: pass the correct prototype to read_cache_page
- mm/mmu_notifier: use hlist_add_head_rcu()
- locking/lockdep: Fix lock used or unused stats error
- locking/lockdep: Hide unused 'class' variable
- usb: wusbcore: fix unbalanced get/put cluster_id
- usb: pci-quirks: Correct AMD PLL quirk detection
- x86/sysfb_efi: Add quirks for some devices with swapped width and height
- x86/speculation/mds: Apply more accurate check on hypervisor platform
- hpet: Fix division by zero in hpet_time_div()
- ALSA: hda - Add a conexant codec entry to let mute led work
- access: avoid the RCU grace period for the temporary subjective credentials
- vmstat: Remove BUG_ON from vmstat_update
- mm, vmstat: make quiet_vmstat lighter
- ipv6: check sk sk_type and protocol early in ip_mroute_set/getsockopt
- tcp: reset sk_send_head in tcp_write_queue_purge
- ISDN: hfcsusb: checking idx of ep configuration
- media: cpia2_usb: first wake up, then free in disconnect
- media: radio-raremono: change devm_k*alloc to k*alloc
- Bluetooth: hci_uart: check for missing tty operations
- sched/fair: Don't free p->numa_faults with concurrent readers
- drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl
- ceph: hold i_ceph_lock when removing caps for freeing inode
- Linux 4.4.187
- perf tests: Add valid callback for parse-events test
- SAUCE: Fix perf test 6: Fix missing kvm module load for s390
* CVE-2018-20976
- xfs: clear sb->s_fs_info on mount failure
* Xenial update: 4.4.189 upstream stable release (LP: #1840335)
- arm64: cpufeature: Fix CTR_EL0 field definitions
- arm64: cpufeature: Fix feature comparison for CTR_EL0.{CWG,ERG}
- netfilter: nfnetlink_acct: validate NFACCT_QUOTA parameter
- HID: Add quirk for HP X1200 PIXART OEM mouse
- tcp: be more careful in tcp_fragment()
- atm: iphase: Fix Spectre v1 vulnerability
- net: bridge: delete local fdb on device init failure
- net: fix ifindex collision during namespace removal
- tipc: compat: allow tipc commands without arguments
- net: sched: Fix a possible null-pointer dereference in dequeue_func()
- net/mlx5: Use reversed order when unregister devices
- bnx2x: Disable multi-cos feature.
- compat_ioctl: pppoe: fix PPPOEIOCSFWD handling
- spi: bcm2835: Fix 3-wire mode if DMA is enabled
- x86: cpufeatures: Sort feature word 7
- x86/entry/64: Fix context tracking state warning when load_gs_index fails
- Linux 4.4.189
* CVE-2019-0136
- mac80211: handle deauthentication/disassociation from TDLS peer
* skb_warn_bad_offload kernel splat due to CHECKSUM target not compatible with
GSO skbs (LP: #1840619)
- netfilter: xt_checksum: ignore gso skbs
* CVE-2018-20961
- usb: gadget: f_midi: fail if set_alt fails to allocate requests
- USB: gadget: f_midi: fixing a possible double-free in f_midi
* CVE-2019-11487
- pipe: add pipe_buf_get() helper
- mm: add 'try_get_page()' helper function
- fs: prevent page refcount overflow in pipe_buf_get
- mm: make page ref count overflow check tighter and more explicit
- mm, gup: ensure real head page is ref-counted when using hugepages
- mm: prevent get_user_pages() from overflowing page refcount
* Xenial update: 4.4.188 upstream stable release (LP: #1840289)
- ARM: riscpc: fix DMA
- ARM: dts: rockchip: Mark that the rk3288 timer might stop in suspend
- kernel/module.c: Only return -EEXIST for modules that have finished loading
- MIPS: lantiq: Fix bitfield masking
- dmaengine: rcar-dmac: Reject zero-length slave DMA requests
- fs/adfs: super: fix use-after-free bug
- btrfs: fix minimum number of chunk errors for DUP
- ceph: fix improper use of smp_mb__before_atomic()
- scsi: zfcp: fix GCC compiler warning emitted with -Wmaybe-uninitialized
- ACPI: fix false-positive -Wuninitialized warning
- be2net: Signal that the device cannot transmit during reconfiguration
- x86/apic: Silence -Wtype-limits compiler warnings
- x86: math-emu: Hide clang warnings for 16-bit overflow
- mm/cma.c: fail if fixed declaration can't be honored
- coda: add error handling for fget
- coda: fix build using bare-metal toolchain
- uapi linux/coda_psdev.h: move upc_req definition from uapi to kernel side
headers
- ipc/mqueue.c: only perform resource calculation if user valid
- x86/kvm: Don't call kvm_spurious_fault() from .fixup
- selinux: fix memory leak in policydb_init()
- s390/dasd: fix endless loop after read unit address configuration
- xen/swiotlb: fix condition for calling xen_destroy_contiguous_region()
- Linux 4.4.188
* Line 6 POD HD500 driver fault (LP: #1790595) // Xenial update: 4.4.187
upstream stable release (LP: #1840081)
- ALSA: line6: Fix wrong altsetting for LINE6_PODHD500_1
* CVE-2016-10905
- GFS2: don't set rgrp gl_object until it's inserted into rgrp tree
Date: 2019-09-18 15:16:17.080575+00:00
Changed-By: Khaled El Mously <khalid.elmously at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1059.66
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list