[ubuntu/xenial-updates] linux-kvm 4.4.0-1059.66 (Accepted)

Andy Whitcroft apw at canonical.com
Mon Sep 30 22:18:35 UTC 2019


linux-kvm (4.4.0-1059.66) xenial; urgency=medium

  * xenial/linux-kvm: 4.4.0-1059.66 -proposed tracker (LP: #1844407)

  [ Ubuntu: 4.4.0-165.193 ]

  * xenial/linux: 4.4.0-165.193 -proposed tracker (LP: #1844416)
  * Xenial update: 4.4.187 upstream stable release (LP: #1840081)
    - MIPS: ath79: fix ar933x uart parity mode
    - MIPS: fix build on non-linux hosts
    - dmaengine: imx-sdma: fix use-after-free on probe error path
    - ath10k: Do not send probe response template for mesh
    - ath9k: Check for errors when reading SREV register
    - ath6kl: add some bounds checking
    - ath: DFS JP domain W56 fixed pulse type 3 RADAR detection
    - batman-adv: fix for leaked TVLV handler.
    - media: dvb: usb: fix use after free in dvb_usb_device_exit
    - crypto: talitos - fix skcipher failure due to wrong output IV
    - media: marvell-ccic: fix DMA s/g desc number calculation
    - media: vpss: fix a potential NULL pointer dereference
    - net: stmmac: dwmac1000: Clear unused address entries
    - signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig
    - af_key: fix leaks in key_pol_get_resp and dump_sp.
    - xfrm: Fix xfrm sel prefix length validation
    - media: staging: media: davinci_vpfe: - Fix for memory leak if decoder
      initialization fails.
    - net: phy: Check against net_device being NULL
    - tua6100: Avoid build warnings.
    - locking/lockdep: Fix merging of hlocks with non-zero references
    - media: wl128x: Fix some error handling in fm_v4l2_init_video_device()
    - cpupower : frequency-set -r option misses the last cpu in related cpu list
    - net: fec: Do not use netdev messages too early
    - net: axienet: Fix race condition causing TX hang
    - s390/qdio: handle PENDING state for QEBSM devices
    - perf test 6: Fix missing kvm module load for s390
    - gpio: omap: fix lack of irqstatus_raw0 for OMAP4
    - gpio: omap: ensure irq is enabled before wakeup
    - regmap: fix bulk writes on paged registers
    - bpf: silence warning messages in core
    - rcu: Force inlining of rcu_read_lock()
    - xfrm: fix sa selector validation
    - perf evsel: Make perf_evsel__name() accept a NULL argument
    - vhost_net: disable zerocopy by default
    - EDAC/sysfs: Fix memory leak when creating a csrow object
    - media: i2c: fix warning same module names
    - ntp: Limit TAI-UTC offset
    - timer_list: Guard procfs specific code
    - acpi/arm64: ignore 5.1 FADTs that are reported as 5.0
    - media: coda: fix mpeg2 sequence number handling
    - media: coda: increment sequence offset for the last returned frame
    - mt7601u: do not schedule rx_tasklet when the device has been disconnected
    - x86/build: Add 'set -e' to mkcapflags.sh to delete broken capflags.c
    - mt7601u: fix possible memory leak when the device is disconnected
    - ath10k: fix PCIE device wake up failed
    - rslib: Fix decoding of shortened codes
    - rslib: Fix handling of of caller provided syndrome
    - ixgbe: Check DDM existence in transceiver before access
    - EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec
    - bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush()
    - Bluetooth: hci_bcsp: Fix memory leak in rx_skb
    - Bluetooth: 6lowpan: search for destination address in all peers
    - Bluetooth: Check state in l2cap_disconnect_rsp
    - Bluetooth: validate BLE connection interval updates
    - crypto: ghash - fix unaligned memory access in ghash_setkey()
    - crypto: arm64/sha1-ce - correct digest for empty data in finup
    - crypto: arm64/sha2-ce - correct digest for empty data in finup
    - Input: gtco - bounds check collection indent level
    - regulator: s2mps11: Fix buck7 and buck8 wrong voltages
    - tracing/snapshot: Resize spare buffer if size changed
    - NFSv4: Handle the special Linux file open access mode
    - lib/scatterlist: Fix mapping iterator when sg->offset is greater than
      PAGE_SIZE
    - ALSA: seq: Break too long mutex context in the write loop
    - media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom()
    - media: coda: Remove unbalanced and unneeded mutex unlock
    - KVM: x86/vPMU: refine kvm_pmu err msg when event creation failed
    - drm/nouveau/i2c: Enable i2c pads & busses during preinit
    - padata: use smp_mb in padata_reorder to avoid orphaned padata jobs
    - 9p/virtio: Add cleanup path in p9_virtio_init
    - PCI: Do not poll for PME if the device is in D3cold
    - take floppy compat ioctls to sodding floppy.c
    - floppy: fix out-of-bounds read in next_valid_format
    - floppy: fix invalid pointer dereference in drive_name
    - coda: pass the host file in vma->vm_file on mmap
    - gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM
    - parisc: Fix kernel panic due invalid values in IAOQ0 or IAOQ1
    - powerpc/32s: fix suspend/resume when IBATs 4-7 are used
    - powerpc/watchpoint: Restore NV GPRs while returning from exception
    - eCryptfs: fix a couple type promotion bugs
    - intel_th: msu: Fix single mode with disabled IOMMU
    - Bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug
    - usb: Handle USB3 remote wakeup for LPM enabled devices correctly
    - dm bufio: fix deadlock with loop device
    - bnx2x: Prevent load reordering in tx completion processing
    - caif-hsi: fix possible deadlock in cfhsi_exit_module()
    - ipv4: don't set IPv6 only flags to IPv4 addresses
    - net: bcmgenet: use promisc for unsupported filters
    - net: neigh: fix multiple neigh timer scheduling
    - nfc: fix potential illegal memory access
    - sky2: Disable MSI on ASUS P6T
    - netrom: fix a memory leak in nr_rx_frame()
    - netrom: hold sock when setting skb->destructor
    - tcp: Reset bytes_acked and bytes_received when disconnecting
    - bonding: validate ip header before check IPPROTO_IGMP
    - net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling
    - net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query
    - net: bridge: stp: don't cache eth dest pointer before skb pull
    - elevator: fix truncation of icq_cache_name
    - NFSv4: Fix open create exclusive when the server reboots
    - nfsd: increase DRC cache limit
    - nfsd: give out fewer session slots as limit approaches
    - nfsd: fix performance-limiting session calculation
    - nfsd: Fix overflow causing non-working mounts on 1 TB machines
    - drm/panel: simple: Fix panel_simple_dsi_probe
    - usb: core: hub: Disable hub-initiated U1/U2
    - tty: max310x: Fix invalid baudrate divisors calculator
    - pinctrl: rockchip: fix leaked of_node references
    - tty: serial: cpm_uart - fix init when SMC is relocated
    - memstick: Fix error cleanup path of memstick_init
    - tty/serial: digicolor: Fix digicolor-usart already registered warning
    - tty: serial: msm_serial: avoid system lockup condition
    - drm/virtio: Add memory barriers for capset cache.
    - phy: renesas: rcar-gen2: Fix memory leak at error paths
    - usb: gadget: Zero ffs_io_data
    - powerpc/pci/of: Fix OF flags parsing for 64bit BARs
    - PCI: sysfs: Ignore lockdep for remove attribute
    - iio: iio-utils: Fix possible incorrect mask calculation
    - recordmcount: Fix spurious mcount entries on powerpc
    - mfd: core: Set fwnode for created devices
    - mfd: arizona: Fix undefined behavior
    - um: Silence lockdep complaint about mmap_sem
    - powerpc/4xx/uic: clear pending interrupt after irq type/pol change
    - serial: sh-sci: Fix TX DMA buffer flushing and workqueue races
    - kallsyms: exclude kasan local symbols on s390
    - perf test mmap-thread-lookup: Initialize variable to suppress memory
      sanitizer warning
    - f2fs: avoid out-of-range memory access
    - mailbox: handle failed named mailbox channel request
    - powerpc/eeh: Handle hugepages in ioremap space
    - sh: prevent warnings when using iounmap
    - mm/kmemleak.c: fix check for softirq context
    - 9p: pass the correct prototype to read_cache_page
    - mm/mmu_notifier: use hlist_add_head_rcu()
    - locking/lockdep: Fix lock used or unused stats error
    - locking/lockdep: Hide unused 'class' variable
    - usb: wusbcore: fix unbalanced get/put cluster_id
    - usb: pci-quirks: Correct AMD PLL quirk detection
    - x86/sysfb_efi: Add quirks for some devices with swapped width and height
    - x86/speculation/mds: Apply more accurate check on hypervisor platform
    - hpet: Fix division by zero in hpet_time_div()
    - ALSA: hda - Add a conexant codec entry to let mute led work
    - access: avoid the RCU grace period for the temporary subjective credentials
    - vmstat: Remove BUG_ON from vmstat_update
    - mm, vmstat: make quiet_vmstat lighter
    - ipv6: check sk sk_type and protocol early in ip_mroute_set/getsockopt
    - tcp: reset sk_send_head in tcp_write_queue_purge
    - ISDN: hfcsusb: checking idx of ep configuration
    - media: cpia2_usb: first wake up, then free in disconnect
    - media: radio-raremono: change devm_k*alloc to k*alloc
    - Bluetooth: hci_uart: check for missing tty operations
    - sched/fair: Don't free p->numa_faults with concurrent readers
    - drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl
    - ceph: hold i_ceph_lock when removing caps for freeing inode
    - Linux 4.4.187
    - perf tests: Add valid callback for parse-events test
    - SAUCE: Fix perf test 6: Fix missing kvm module load for s390
  * CVE-2018-20976
    - xfs: clear sb->s_fs_info on mount failure
  * Xenial update: 4.4.189 upstream stable release (LP: #1840335)
    - arm64: cpufeature: Fix CTR_EL0 field definitions
    - arm64: cpufeature: Fix feature comparison for CTR_EL0.{CWG,ERG}
    - netfilter: nfnetlink_acct: validate NFACCT_QUOTA parameter
    - HID: Add quirk for HP X1200 PIXART OEM mouse
    - tcp: be more careful in tcp_fragment()
    - atm: iphase: Fix Spectre v1 vulnerability
    - net: bridge: delete local fdb on device init failure
    - net: fix ifindex collision during namespace removal
    - tipc: compat: allow tipc commands without arguments
    - net: sched: Fix a possible null-pointer dereference in dequeue_func()
    - net/mlx5: Use reversed order when unregister devices
    - bnx2x: Disable multi-cos feature.
    - compat_ioctl: pppoe: fix PPPOEIOCSFWD handling
    - spi: bcm2835: Fix 3-wire mode if DMA is enabled
    - x86: cpufeatures: Sort feature word 7
    - x86/entry/64: Fix context tracking state warning when load_gs_index fails
    - Linux 4.4.189
  * CVE-2019-0136
    - mac80211: handle deauthentication/disassociation from TDLS peer
  * skb_warn_bad_offload kernel splat due to CHECKSUM target not compatible with
    GSO skbs (LP: #1840619)
    - netfilter: xt_checksum: ignore gso skbs
  * CVE-2018-20961
    - usb: gadget: f_midi: fail if set_alt fails to allocate requests
    - USB: gadget: f_midi: fixing a possible double-free in f_midi
  * CVE-2019-11487
    - pipe: add pipe_buf_get() helper
    - mm: add 'try_get_page()' helper function
    - fs: prevent page refcount overflow in pipe_buf_get
    - mm: make page ref count overflow check tighter and more explicit
    - mm, gup: ensure real head page is ref-counted when using hugepages
    - mm: prevent get_user_pages() from overflowing page refcount
  * Xenial update: 4.4.188 upstream stable release (LP: #1840289)
    - ARM: riscpc: fix DMA
    - ARM: dts: rockchip: Mark that the rk3288 timer might stop in suspend
    - kernel/module.c: Only return -EEXIST for modules that have finished loading
    - MIPS: lantiq: Fix bitfield masking
    - dmaengine: rcar-dmac: Reject zero-length slave DMA requests
    - fs/adfs: super: fix use-after-free bug
    - btrfs: fix minimum number of chunk errors for DUP
    - ceph: fix improper use of smp_mb__before_atomic()
    - scsi: zfcp: fix GCC compiler warning emitted with -Wmaybe-uninitialized
    - ACPI: fix false-positive -Wuninitialized warning
    - be2net: Signal that the device cannot transmit during reconfiguration
    - x86/apic: Silence -Wtype-limits compiler warnings
    - x86: math-emu: Hide clang warnings for 16-bit overflow
    - mm/cma.c: fail if fixed declaration can't be honored
    - coda: add error handling for fget
    - coda: fix build using bare-metal toolchain
    - uapi linux/coda_psdev.h: move upc_req definition from uapi to kernel side
      headers
    - ipc/mqueue.c: only perform resource calculation if user valid
    - x86/kvm: Don't call kvm_spurious_fault() from .fixup
    - selinux: fix memory leak in policydb_init()
    - s390/dasd: fix endless loop after read unit address configuration
    - xen/swiotlb: fix condition for calling xen_destroy_contiguous_region()
    - Linux 4.4.188
  * Line 6 POD HD500 driver fault (LP: #1790595) // Xenial update: 4.4.187
    upstream stable release (LP: #1840081)
    - ALSA: line6: Fix wrong altsetting for LINE6_PODHD500_1
  * CVE-2016-10905
    - GFS2: don't set rgrp gl_object until it's inserted into rgrp tree

Date: 2019-09-18 15:16:17.080575+00:00
Changed-By: Khaled El Mously <khalid.elmously at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1059.66
-------------- next part --------------
Sorry, changesfile not available.


More information about the Xenial-changes mailing list