[ubuntu/xenial-security] linux-snapdragon 4.4.0-1128.136 (Accepted)

Andy Whitcroft apw at canonical.com
Tue Oct 22 11:01:12 UTC 2019


linux-snapdragon (4.4.0-1128.136) xenial; urgency=medium

  * xenial/linux-snapdragon: 4.4.0-1128.136 -proposed tracker (LP: #1846064)

  * Xenial update: 4.4.190 upstream stable release (LP: #1845038)
    - [config] Update config with new option

  [ Ubuntu: 4.4.0-166.195 ]

  * xenial/linux: 4.4.0-166.195 -proposed tracker (LP: #1846069)
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
  * CVE-2017-18232
    - scsi: libsas: direct call probe and destruct
  * CVE-2018-21008
    - rsi: add fix for crash during assertions
  * Xenial update: 4.4.194 upstream stable release (LP: #1845405)
    - bridge/mdb: remove wrong use of NLM_F_MULTI
    - cdc_ether: fix rndis support for Mediatek based smartphones
    - ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()'
    - isdn/capi: check message length in capi_write()
    - net: Fix null de-reference of device refcount
    - sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
    - sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()'
    - sctp: use transport pf_retrans in sctp_do_8_2_transport_strike
    - tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR
    - tipc: add NULL pointer check before calling kfree_rcu
    - tun: fix use-after-free when register netdev failed
    - Revert "MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur"
    - Btrfs: fix assertion failure during fsync and use of stale transaction
    - genirq: Prevent NULL pointer dereference in resend_irqs()
    - KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl
    - KVM: x86: work around leak of uninitialized stack contents
    - KVM: nVMX: handle page fault in vmread
    - MIPS: VDSO: Prevent use of smp_processor_id()
    - MIPS: VDSO: Use same -m%-float cflag as the kernel proper
    - clk: rockchip: Don't yell about bad mmc phases when getting
    - driver core: Fix use-after-free and double free on glue directory
    - crypto: talitos - check AES key size
    - crypto: talitos - check data blocksize in ablkcipher.
    - x86/build: Add -Wnoaddress-of-packed-member to REALMODE_CFLAGS, to silence
      GCC9 build warning
    - MIPS: netlogic: xlr: Remove erroneous check in nlm_fmn_send()
    - ARC: configs: Remove CONFIG_INITRAMFS_SOURCE from defconfigs
    - USB: usbcore: Fix slab-out-of-bounds bug during device reset
    - media: tm6000: double free if usb disconnect while streaming
    - x86/boot: Add missing bootparam that breaks boot on some platforms
    - xen-netfront: do not assume sk_buff_head list is empty in error handling
    - serial: sprd: correct the wrong sequence of arguments
    - tty/serial: atmel: reschedule TX after RX was started
    - mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings
    - s390/bpf: fix lcgr instruction encoding
    - ARM: OMAP2+: Fix omap4 errata warning on other SoCs
    - s390/bpf: use 32-bit index for tail calls
    - NFSv4: Fix return values for nfs4_file_open()
    - NFS: Fix initialisation of I/O result struct in nfs_pgio_rpcsetup
    - Kconfig: Fix the reference to the IDT77105 Phy driver in the description of
      ATM_NICSTAR_USE_IDT77105
    - ARM: 8874/1: mm: only adjust sections of valid mm structures
    - r8152: Set memory to all 0xFFs on failed reg reads
    - x86/apic: Fix arch_dynirq_lower_bound() bug for DT enabled machines
    - netfilter: nf_conntrack_ftp: Fix debug output
    - NFSv2: Fix eof handling
    - NFSv2: Fix write regression
    - cifs: set domainName when a domain-key is used in multiuser
    - cifs: Use kzfree() to zero out the password
    - sky2: Disable MSI on yet another ASUS boards (P6Xxxx)
    - tools/power turbostat: fix buffer overrun
    - net: seeq: Fix the function used to release some memory in an error handling
      path
    - dmaengine: ti: omap-dma: Add cleanup in omap_dma_probe()
    - keys: Fix missing null pointer check in request_key_auth_describe()
    - floppy: fix usercopy direction
    - media: technisat-usb2: break out of loop at end of buffer
    - ARC: export "abort" for modules
    - net_sched: let qdisc_put() accept NULL pointer
    - Linux 4.4.194
  * CVE-2019-14821
    - KVM: coalesced_mmio: add bounds checking
  * Xenial update: 4.4.193 upstream stable release (LP: #1845395)
    - ALSA: hda - Fix potential endless loop at applying quirks
    - ALSA: hda/realtek - Fix overridden device-specific initialization
    - xfrm: clean up xfrm protocol checks
    - vhost/test: fix build for vhost test
    - scripts/decode_stacktrace: match basepath using shell prefix operator, not
      regex
    - clk: s2mps11: Add used attribute to s2mps11_dt_match
    - x86, boot: Remove multiple copy of static function sanitize_boot_params()
    - af_packet: tone down the Tx-ring unsupported spew.
    - Linux 4.4.193
  * Xenial update: 4.4.192 upstream stable release (LP: #1845374)
    - net: tundra: tsi108: use spin_lock_irqsave instead of spin_lock_irq in IRQ
      context
    - net: tc35815: Explicitly check NET_IP_ALIGN is not zero in tc35815_rx
    - Bluetooth: btqca: Add a short delay before downloading the NVM
    - ibmveth: Convert multicast list size for little-endian system
    - gpio: Fix build error of function redefinition
    - cxgb4: fix a memory leak bug
    - net: myri10ge: fix memory leaks
    - cx82310_eth: fix a memory leak bug
    - net: kalmia: fix memory leaks
    - wimax/i2400m: fix a memory leak bug
    - ravb: Fix use-after-free ravb_tstamp_skb
    - Tools: hv: kvp: eliminate 'may be used uninitialized' warning
    - IB/mlx4: Fix memory leaks
    - ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr()
    - KVM: arm/arm64: Only skip MMIO insn once
    - libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer
    - spi: bcm2835aux: ensure interrupts are enabled for shared handler
    - spi: bcm2835aux: unifying code between polling and interrupt driven code
    - spi: bcm2835aux: remove dangerous uncontrolled read of fifo
    - spi: bcm2835aux: fix corruptions for longer spi transfers
    - Revert "x86/apic: Include the LDR when clearing out APIC registers"
    - net: fix skb use after free in netpoll
    - net: stmmac: dwmac-rk: Don't fail if phy regulator is absent
    - Linux 4.4.192
  * Xenial update: 4.4.191 upstream stable release (LP: #1845036)
    - HID: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT
    - MIPS: kernel: only use i8253 clocksource with periodic clockevent
    - netfilter: ebtables: fix a memory leak bug in compat
    - bonding: Force slave speed check after link state recovery for 802.3ad
    - can: dev: call netif_carrier_off() in register_candev()
    - st21nfca_connectivity_event_received: null check the allocation
    - st_nci_hci_connectivity_event_received: null check the allocation
    - ASoC: ti: davinci-mcasp: Correct slot_width posed constraint
    - net: usb: qmi_wwan: Add the BroadMobi BM818 card
    - isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in
      start_isoc_chain()
    - isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack
    - perf bench numa: Fix cpu0 binding
    - can: sja1000: force the string buffer NULL-terminated
    - can: peak_usb: force the string buffer NULL-terminated
    - NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim()
    - net: cxgb3_main: Fix a resource leak in a error path in 'init_one()'
    - net: hisilicon: make hip04_tx_reclaim non-reentrant
    - net: hisilicon: fix hip04-xmit never return TX_BUSY
    - net: hisilicon: Fix dma_map_single failed on arm64
    - libata: add SG safety checks in SFF pio transfers
    - selftests: kvm: Adding config fragments
    - HID: wacom: correct misreported EKR ring values
    - Revert "dm bufio: fix deadlock with loop device"
    - userfaultfd_release: always remove uffd flags and clear vm_userfaultfd_ctx
    - x86/retpoline: Don't clobber RFLAGS during CALL_NOSPEC on i386
    - x86/apic: Handle missing global clockevent gracefully
    - x86/boot: Save fields explicitly, zero out everything else
    - x86/boot: Fix boot regression caused by bootparam sanitizing
    - dm btree: fix order of block initialization in btree_split_beneath
    - dm space map metadata: fix missing store of apply_bops() return value
    - dm table: fix invalid memory accesses with too high sector number
    - cgroup: Disable IRQs while holding css_set_lock
    - net: arc_emac: fix koops caused by sk_buff free
    - siphash: implement HalfSipHash1-3 for hash tables
    - netfilter: ctnetlink: don't use conntrack/expect object addresses as id
    - netfilter: conntrack: Use consistent ct id hash calculation
    - x86/pm: Introduce quirk framework to save/restore extra MSR registers around
      suspend/resume
    - x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h
    - scsi: ufs: Fix NULL pointer dereference in ufshcd_config_vreg_hpm()
    - dmaengine: ste_dma40: fix unneeded variable warning
    - usb: gadget: composite: Clear "suspended" on reset/disconnect
    - usb: host: fotg2: restart hcd after port reset
    - tools: hv: fix KVP and VSS daemons exit code
    - watchdog: bcm2835_wdt: Fix module autoload
    - tcp: fix tcp_rtx_queue_tail in case of empty retransmit queue
    - ALSA: usb-audio: Fix a stack buffer overflow bug in check_input_term
    - ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit
    - tcp: make sure EPOLLOUT wont be missed
    - ALSA: seq: Fix potential concurrent access to the deleted pool
    - KVM: x86: Don't update RIP or do single-step on faulting emulation
    - x86/apic: Do not initialize LDR and DFR for bigsmp
    - x86/apic: Include the LDR when clearing out APIC registers
    - usb-storage: Add new JMS567 revision to unusual_devs
    - USB: cdc-wdm: fix race between write and disconnect due to flag abuse
    - usb: host: ohci: fix a race condition between shutdown and irq
    - USB: storage: ums-realtek: Update module parameter description for
      auto_delink_en
    - ptrace,x86: Make user_64bit_mode() available to 32-bit builds
    - uprobes/x86: Fix detection of 32-bit user mode
    - mmc: sdhci-of-at91: add quirk for broken HS200
    - mmc: core: Fix init of SD cards reporting an invalid VDD range
    - stm class: Fix a double free of stm_source_device
    - VMCI: Release resource if the work is already queued
    - Revert "cfg80211: fix processing world regdomain when non modular"
    - mac80211: fix possible sta leak
    - x86/ptrace: fix up botched merge of spectrev1 fix
    - Linux 4.4.191
  * New ID in ums-realtek module breaks cardreader (LP: #1838886) // Xenial
    update: 4.4.191 upstream stable release (LP: #1845036)
    - USB: storage: ums-realtek: Whitelist auto-delink support
  * Xenial update: 4.4.190 upstream stable release (LP: #1845038)
    - usb: iowarrior: fix deadlock on disconnect
    - sound: fix a memory leak bug
    - x86/mm: Check for pfn instead of page in vmalloc_sync_one()
    - x86/mm: Sync also unmappings in vmalloc_sync_all()
    - mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy()
    - perf db-export: Fix thread__exec_comm()
    - usb: yurex: Fix use-after-free in yurex_delete
    - can: peak_usb: fix potential double kfree_skb()
    - netfilter: nfnetlink: avoid deadlock due to synchronous request_module
    - iscsi_ibft: make ISCSI_IBFT dependson ACPI instead of ISCSI_IBFT_FIND
    - mac80211: don't warn about CW params when not using them
    - hwmon: (nct6775) Fix register address and added missed tolerance for nct6106
    - cpufreq/pasemi: fix use-after-free in pas_cpufreq_cpu_init()
    - s390/qdio: add sanity checks to the fast-requeue path
    - ALSA: compress: Fix regression on compressed capture streams
    - ALSA: compress: Prevent bypasses of set_params
    - ALSA: compress: Be more restrictive about when a drain is allowed
    - perf probe: Avoid calling freeing routine multiple times for same pointer
    - ARM: davinci: fix sleep.S build error on ARMv4
    - scsi: megaraid_sas: fix panic on loading firmware crashdump
    - scsi: ibmvfc: fix WARN_ON during event pool release
    - tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop
    - perf/core: Fix creating kernel counters for PMUs that override event->cpu
    - can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices
    - can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices
    - hwmon: (nct7802) Fix wrong detection of in4 presence
    - ALSA: firewire: fix a memory leak bug
    - mac80211: don't WARN on short WMM parameters from AP
    - SMB3: Fix deadlock in validate negotiate hits reconnect
    - smb3: send CAP_DFS capability during session setup
    - mwifiex: fix 802.11n/WPA detection
    - scsi: mpt3sas: Use 63-bit DMA addressing on SAS35 HBA
    - sh: kernel: hw_breakpoint: Fix missing break in switch statement
    - mm/memcontrol.c: fix use after free in mem_cgroup_iter()
    - ALSA: hda - Fix a memory leak bug
    - HID: holtek: test for sanity of intfdata
    - HID: hiddev: avoid opening a disconnected device
    - HID: hiddev: do cleanup in failure of opening a device
    - Input: kbtab - sanity check for endpoint type
    - Input: iforce - add sanity checks
    - net: usb: pegasus: fix improper read if get_registers() fail
    - xen/pciback: remove set but not used variable 'old_state'
    - irqchip/irq-imx-gpcv2: Forward irq type to parent
    - perf header: Fix divide by zero error if f_header.attr_size==0
    - perf header: Fix use of unitialized value warning
    - libata: zpodd: Fix small read overflow in zpodd_get_mech_type()
    - scsi: hpsa: correct scsi command status issue after reset
    - ata: libahci: do not complain in case of deferred probe
    - kbuild: modpost: handle KBUILD_EXTRA_SYMBOLS only for external modules
    - IB/core: Add mitigation for Spectre V1
    - ocfs2: remove set but not used variable 'last_hash'
    - asm-generic: fix -Wtype-limits compiler warnings
    - staging: comedi: dt3000: Fix signed integer overflow 'divider * base'
    - staging: comedi: dt3000: Fix rounding up of timer divisor
    - USB: core: Fix races in character device registration and deregistraion
    - usb: cdc-acm: make sure a refcount is taken early enough
    - USB: serial: option: add D-Link DWM-222 device ID
    - USB: serial: option: Add support for ZTE MF871A
    - USB: serial: option: add the BroadMobi BM818 card
    - USB: serial: option: Add Motorola modem UARTs
    - Backport minimal compiler_attributes.h to support GCC 9
    - include/linux/module.h: copy __init/__exit attrs to init/cleanup_module
    - arm64: compat: Allow single-byte watchpoints on all addresses
    - Input: psmouse - fix build error of multiple definition
    - asm-generic: default BUG_ON(x) to if(x)BUG()
    - scsi: fcoe: Embed fc_rport_priv in fcoe_rport structure
    - RDMA: Directly cast the sockaddr union to sockaddr
    - IB/mlx5: Make coding style more consistent
    - x86/vdso: Remove direct HPET access through the vDSO
    - iommu/amd: Move iommu_init_pci() to .init section
    - x86/boot: Disable the address-of-packed-member compiler warning
    - net/packet: fix race in tpacket_snd()
    - xen/netback: Reset nr_frags before freeing skb
    - net/mlx5e: Only support tx/rx pause setting for port owner
    - sctp: fix the transport error_count check
    - bonding: Add vlan tx offload to hw_enc_features
    - Linux 4.4.190

Date: 2019-10-02 03:21:13.432055+00:00
Changed-By: Khaled El Mously <khalid.elmously at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1128.136
-------------- next part --------------
Sorry, changesfile not available.


More information about the Xenial-changes mailing list