[ubuntu/xenial-security] linux-aws 4.4.0-1106.117 (Accepted)
Andy Whitcroft
apw at canonical.com
Wed Apr 29 14:58:06 UTC 2020
linux-aws (4.4.0-1106.117) xenial; urgency=medium
* xenial/linux-aws: 4.4.0-1106.117 -proposed tracker (LP: #1870649)
[ Ubuntu: 4.4.0-178.208 ]
* xenial/linux: 4.4.0-178.208 -proposed tracker (LP: #1870660)
* CVE-2019-19768
- blktrace: Protect q->blk_trace with RCU
- blktrace: fix dereference after null check
* Multiple Kexec in AWS Nitro instances fail (LP: #1869948)
- net: ena: Add PCI shutdown handler to allow safe kexec
* Insert test_bpf module will report 4 failures for ubuntu_bpf_jit on X s390x
(LP: #1768452)
- test_bpf: flag tests that cannot be jited on s390
* Mounting LVM snapshots with xfs can hit kernel BUG in nvme driver
(LP: #1869229)
- block: fix bio_will_gap() for first bvec with offset
* Xenial update: 4.4.217 upstream stable release (LP: #1868629)
- NFS: Remove superfluous kmap in nfs_readdir_xdr_to_array
- r8152: check disconnect status after long sleep
- net: nfc: fix bounds checking bugs on "pipe"
- bnxt_en: reinitialize IRQs when MTU is modified
- fib: add missing attribute validation for tun_id
- nl802154: add missing attribute validation
- nl802154: add missing attribute validation for dev_type
- team: add missing attribute validation for port ifindex
- team: add missing attribute validation for array index
- nfc: add missing attribute validation for SE API
- nfc: add missing attribute validation for vendor subcommand
- ipvlan: add cond_resched_rcu() while processing muticast backlog
- ipvlan: do not add hardware address of master to its unicast filter list
- ipvlan: egress mcast packets are not exceptional
- ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast()
- ipvlan: don't deref eth hdr before checking it's set
- macvlan: add cond_resched() during multicast processing
- net: fec: validate the new settings in fec_enet_set_coalesce()
- slip: make slhc_compress() more robust against malicious packets
- bonding/alb: make sure arp header is pulled before accessing it
- net: fq: add missing attribute validation for orphan mask
- iommu/vt-d: quirk_ioat_snb_local_iommu: replace WARN_TAINT with pr_warn +
add_taint
- drm/amd/display: remove duplicated assignment to grph_obj_type
- gfs2_atomic_open(): fix O_EXCL|O_CREAT handling on cold dcache
- KVM: x86: clear stale x86_emulate_ctxt->intercept value
- ARC: define __ALIGN_STR and __ALIGN symbols for ARC
- efi: Fix a race and a buffer overflow while reading efivars via sysfs
- iommu/vt-d: dmar: replace WARN_TAINT with pr_warn + add_taint
- iommu/vt-d: Fix a bug in intel_iommu_iova_to_phys() for huge page
- nl80211: add missing attribute validation for critical protocol indication
- nl80211: add missing attribute validation for channel switch
- netfilter: cthelper: add missing attribute validation for cthelper
- iommu/vt-d: Fix the wrong printing in RHSA parsing
- iommu/vt-d: Ignore devices with out-of-spec domain number
- ipv6: restrict IPV6_ADDRFORM operation
- efi: Add a sanity check to efivar_store_raw()
- batman-adv: Fix invalid read while copying bat_iv.bcast_own
- batman-adv: Only put gw_node list reference when removed
- batman-adv: Only put orig_node_vlan list reference when removed
- batman-adv: Avoid endless loop in bat-on-bat netdevice check
- batman-adv: Fix unexpected free of bcast_own on add_if error
- batman-adv: Fix integer overflow in batadv_iv_ogm_calc_tq
- batman-adv: init neigh node last seen field
- batman-adv: Deactivate TO_BE_ACTIVATED hardif on shutdown
- batman-adv: Drop reference to netdevice on last reference
- batman-adv: Fix reference counting of vlan object for tt_local_entry
- batman-adv: Avoid duplicate neigh_node additions
- batman-adv: fix skb deref after free
- batman-adv: Fix use-after-free/double-free of tt_req_node
- batman-adv: Fix ICMP RR ethernet access after skb_linearize
- batman-adv: Clean up untagged vlan when destroying via rtnl-link
- batman-adv: Avoid nullptr dereference in bla after vlan_insert_tag
- batman-adv: Avoid nullptr dereference in dat after vlan_insert_tag
- batman-adv: Fix orig_node_vlan leak on orig_node_release
- batman-adv: lock crc access in bridge loop avoidance
- batman-adv: Fix non-atomic bla_claim::backbone_gw access
- batman-adv: Fix reference leak in batadv_find_router
- batman-adv: Free last_bonding_candidate on release of orig_node
- batman-adv: Fix speedy join in gateway client mode
- batman-adv: Add missing refcnt for last_candidate
- batman-adv: Fix double free during fragment merge error
- batman-adv: Fix transmission of final, 16th fragment
- batman-adv: Fix rx packet/bytes stats on local ARP reply
- batman-adv: fix TT sync flag inconsistencies
- batman-adv: Fix lock for ogm cnt access in batadv_iv_ogm_calc_tq
- batman-adv: Fix internal interface indices types
- batman-adv: update data pointers after skb_cow()
- batman-adv: Fix skbuff rcsum on packet reroute
- batman-adv: Avoid race in TT TVLV allocator helper
- batman-adv: Fix TT sync flags for intermediate TT responses
- batman-adv: prevent TT request storms by not sending inconsistent TT TLVLs
- batman-adv: Fix debugfs path for renamed hardif
- batman-adv: Fix debugfs path for renamed softif
- batman-adv: Avoid storing non-TT-sync flags on singular entries too
- batman-adv: Prevent duplicated gateway_node entry
- batman-adv: Prevent duplicated nc_node entry
- batman-adv: Prevent duplicated global TT entry
- batman-adv: Prevent duplicated tvlv handler
- batman-adv: Reduce claim hash refcnt only for removed entry
- batman-adv: Reduce tt_local hash refcnt only for removed entry
- batman-adv: Reduce tt_global hash refcnt only for removed entry
- batman-adv: Only read OGM tvlv_len after buffer len check
- batman-adv: Avoid free/alloc race when handling OGM buffer
- batman-adv: Don't schedule OGM for disabled interface
- perf/amd/uncore: Replace manual sampling check with CAP_NO_INTERRUPT flag
- net: ks8851-ml: Fix IRQ handling and locking
- signal: avoid double atomic counter increments for user accounting
- jbd2: fix data races at struct journal_head
- ARM: 8957/1: VDSO: Match ARMv8 timer in cntvct_functional()
- ARM: 8958/1: rename missed uaccess .fixup section
- mm: slub: add missing TID bump in kmem_cache_alloc_bulk()
- ipv4: ensure rcu_read_lock() in cipso_v4_error()
- Linux 4.4.217
* Xenial update: 4.4.216 upstream stable release (LP: #1868628)
- iwlwifi: pcie: fix rb_allocator workqueue allocation
- ext4: fix potential race between online resizing and write operations
- ext4: fix potential race between s_flex_groups online resizing and access
- ext4: fix potential race between s_group_info online resizing and access
- ipmi:ssif: Handle a possible NULL pointer reference
- mac80211: consider more elements in parsing CRC
- cfg80211: check wiphy driver existence for drvinfo report
- cifs: Fix mode output in debugging statements
- cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE
- sysrq: Restore original console_loglevel when sysrq disabled
- sysrq: Remove duplicated sysrq message
- net: fib_rules: Correctly set table field when table number exceeds 8 bits
- net: phy: restore mdio regs in the iproc mdio driver
- ipv6: Fix nlmsg_flags when splitting a multipath route
- ipv6: Fix route replacement with dev-only route
- sctp: move the format error check out of __sctp_sf_do_9_1_abort
- nfc: pn544: Fix occasional HW initialization failure
- net: sched: correct flower port blocking
- ext4: potential crash on allocation error in ext4_alloc_flex_bg_array()
- audit: fix error handling in audit_data_to_entry()
- HID: core: fix off-by-one memset in hid_report_raw_event()
- HID: core: increase HID report buffer size to 8KiB
- HID: hiddev: Fix race in in hiddev_disconnect()
- MIPS: VPE: Fix a double free and a memory leak in 'release_vpe()'
- i2c: jz4780: silence log flood on txabrt
- ecryptfs: Fix up bad backport of fe2e082f5da5b4a0a92ae32978f81507ef37ec66
- net: netlink: cap max groups which will be considered in netlink_bind()
- namei: only return -ECHILD from follow_dotdot_rcu()
- KVM: Check for a bad hva before dropping into the ghc slow path
- slip: stop double free sl->dev in slip_open
- mm: make page ref count overflow check tighter and more explicit
- mm, gup: remove broken VM_BUG_ON_PAGE compound check for hugepages
- audit: always check the netlink payload length in audit_receive_msg()
- serial: ar933x_uart: set UART_CS_{RX,TX}_READY_ORIDE
- usb: gadget: ffs: ffs_aio_cancel(): Save/restore IRQ flags
- usb: gadget: serial: fix Tx stall after buffer overflow
- drm: msm: Fix return type of dsi_mgr_connector_mode_valid for kCFI
- drm/msm/dsi: save pll state before dsi host is powered off
- net: ks8851-ml: Remove 8-bit bus accessors
- net: ks8851-ml: Fix 16-bit data access
- net: ks8851-ml: Fix 16-bit IO operation
- watchdog: da9062: do not ping the hw during stop()
- s390/cio: cio_ignore_proc_seq_next should increase position index
- cifs: don't leak -EAGAIN for stat() during reconnect
- usb: storage: Add quirk for Samsung Fit flash
- usb: quirks: add NO_LPM quirk for Logitech Screen Share
- usb: core: hub: do error out if usb_autopm_get_interface() fails
- usb: core: port: do error out if usb_autopm_get_interface() fails
- vgacon: Fix a UAF in vgacon_invert_region
- fat: fix uninit-memory access for partial initialized inode
- vt: selection, close sel_buffer race
- vt: selection, push console lock down
- vt: selection, push sel_lock up
- dmaengine: tegra-apb: Fix use-after-free
- dmaengine: tegra-apb: Prevent race conditions of tasklet vs free list
- ASoC: pcm: Fix possible buffer overflow in dpcm state sysfs output
- ASoC: pcm512x: Fix unbalanced regulator enable call in probe error path
- ASoC: dapm: Correct DAPM handling of active widgets during shutdown
- RDMA/iwcm: Fix iwcm work deallocation
- RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen()
- ARM: imx: build v7_cpu_resume() unconditionally
- hwmon: (adt7462) Fix an error return in ADT7462_REG_VOLT()
- dmaengine: coh901318: Fix a double lock bug in dma_tc_handle()
- powerpc: fix hardware PMU exception bug on PowerVM compatibility mode
systems
- dm cache: fix a crash due to incorrect work item cancelling
- crypto: algif_skcipher - use ZERO_OR_NULL_PTR in skcipher_recvmsg_async
- Linux 4.4.216
* Xenial update: 4.4.215 upstream stable release (LP: #1868627)
- ALSA: hda: Use scnprintf() for printing texts for sysfs/procfs
- ecryptfs: fix a memory leak bug in parse_tag_1_packet()
- ecryptfs: fix a memory leak bug in ecryptfs_init_messaging()
- ALSA: usb-audio: Apply sample rate quirk for Audioengine D1
- ubifs: Fix deadlock in concurrent bulk-read and writepage
- ext4: fix checksum errors with indexed dirs
- Btrfs: fix race between using extent maps and merging them
- btrfs: log message when rw remount is attempted with unclean tree-log
- padata: Remove broken queue flushing
- s390/time: Fix clk type in get_tod_clock
- hwmon: (pmbus/ltc2978) Fix PMBus polling of MFR_COMMON definitions.
- jbd2: move the clearing of b_modified flag to the journal_unmap_buffer()
- jbd2: do not clear the BH_Mapped flag when forgetting a metadata buffer
- btrfs: print message when tree-log replay starts
- scsi: qla2xxx: fix a potential NULL pointer dereference
- Revert "KVM: VMX: Add non-canonical check on writes to RTIT address MSRs"
- drm/gma500: Fixup fbdev stolen size usage evaluation
- brcmfmac: Fix use after free in brcmf_sdio_readframes()
- gianfar: Fix TX timestamping with a stacked DSA driver
- pinctrl: sh-pfc: sh7264: Fix CAN function GPIOs
- media: i2c: mt9v032: fix enum mbus codes and frame sizes
- media: sti: bdisp: fix a possible sleep-in-atomic-context bug in
bdisp_device_run()
- efi/x86: Map the entire EFI vendor string before copying it
- MIPS: Loongson: Fix potential NULL dereference in loongson3_platform_init()
- uio: fix a sleep-in-atomic-context bug in uio_dmem_genirq_irqcontrol()
- usb: gadget: udc: fix possible sleep-in-atomic-context bugs in gr_probe()
- nfs: NFS_SWAP should depend on SWAP
- jbd2: clear JBD2_ABORT flag before journal_reset to update log tail info
when load journal
- tracing: Fix very unlikely race of registering two stat tracers
- ext4, jbd2: ensure panic when aborting with zero errno
- kconfig: fix broken dependency in randconfig-generated .config
- clk: qcom: rcg2: Don't crash if our parent can't be found; return an error
- drm/amdgpu: remove 4 set but not used variable in
amdgpu_atombios_get_connector_info_from_object_table
- regulator: rk808: Lower log level on optional GPIOs being not available
- NFC: port100: Convert cpu_to_le16(le16_to_cpu(E1) + E2) to use
le16_add_cpu().
- reiserfs: Fix spurious unlock in reiserfs_fill_super() error handling
- ALSA: usx2y: Adjust indentation in snd_usX2Y_hwdep_dsp_status
- b43legacy: Fix -Wcast-function-type
- ipw2x00: Fix -Wcast-function-type
- iwlegacy: Fix -Wcast-function-type
- rtlwifi: rtl_pci: Fix -Wcast-function-type
- orinoco: avoid assertion in case of NULL pointer
- ACPICA: Disassembler: create buffer fields in ACPI_PARSE_LOAD_PASS1
- scsi: aic7xxx: Adjust indentation in ahc_find_syncrate
- ARM: dts: r8a7779: Add device node for ARM global timer
- x86/vdso: Provide missing include file
- pinctrl: sh-pfc: sh7269: Fix CAN function GPIOs
- ALSA: sh: Fix compile warning wrt const
- tools lib api fs: Fix gcc9 stringop-truncation compilation error
- usbip: Fix unsafe unaligned pointer usage
- soc/tegra: fuse: Correct straps' address for older Tegra124 device trees
- rcu: Use WRITE_ONCE() for assignments to ->pprev for hlist_nulls
- Input: edt-ft5x06 - work around first register access error
- wan: ixp4xx_hss: fix compile-testing on 64-bit
- ASoC: atmel: fix build error with CONFIG_SND_ATMEL_SOC_DMA=m
- PCI: Don't disable bridge BARs when assigning bus resources
- driver core: Print device when resources present in really_probe()
- drm/nouveau: Fix copy-paste error in nouveau_fence_wait_uevent_handler
- drm/vmwgfx: prevent memory leak in vmw_cmdbuf_res_add
- iommu/arm-smmu-v3: Use WRITE_ONCE() when changing validity of an STE
- scsi: iscsi: Don't destroy session if there are outstanding connections
- cmd64x: potential buffer overflow in cmd64x_program_timings()
- ide: serverworks: potential overflow in svwks_set_pio_mode()
- remoteproc: Initialize rproc_class before use
- s390/ftrace: generate traced function stack frame
- ALSA: hda - Add docking station support for Lenovo Thinkpad T420s
- jbd2: switch to use jbd2_journal_abort() when failed to submit the commit
record
- ARM: 8951/1: Fix Kexec compilation issue.
- hostap: Adjust indentation in prism2_hostapd_add_sta
- iwlegacy: ensure loop counter addr does not wrap and cause an infinite loop
- drm/nouveau/disp/nv50-: prevent oops when no channel method map provided
- trigger_next should increase position index
- radeon: insert 10ms sleep in dce5_crtc_load_lut
- ocfs2: fix a NULL pointer dereference when call
ocfs2_update_inode_fsync_trans()
- lib/scatterlist.c: adjust indentation in __sg_alloc_table
- reiserfs: prevent NULL pointer dereference in reiserfs_insert_item()
- bcache: explicity type cast in bset_bkey_last()
- irqchip/gic-v3-its: Reference to its_invall_cmd descriptor when building
INVALL
- microblaze: Prevent the overflow of the start
- brd: check and limit max_part par
- selinux: ensure we cleanup the internal AVC counters on error in
avc_update()
- enic: prevent waking up stopped tx queues over watchdog reset
- floppy: check FDC index for errors before assigning it
- staging: android: ashmem: Disallow ashmem memory from being remapped
- staging: vt6656: fix sign of rx_dbm to bb_pre_ed_rssi.
- usb: uas: fix a plug & unplug racing
- USB: Fix novation SourceControl XL after suspend
- USB: hub: Don't record a connect-change event during reset-resume
- staging: rtl8188eu: Fix potential security hole
- staging: rtl8188eu: Fix potential overuse of kernel memory
- x86/mce/amd: Fix kobject lifetime
- tty: serial: imx: setup the correct sg entry for tx dma
- xhci: apply XHCI_PME_STUCK_QUIRK to Intel Comet Lake platforms
- VT_RESIZEX: get rid of field-by-field copyin
- vt: vt_ioctl: fix race in VT_RESIZEX
- netfilter: xt_bpf: add overflow checks
- ext4: fix a data race in EXT4_I(inode)->i_disksize
- ext4: add cond_resched() to __ext4_find_entry()
- KVM: apic: avoid calculating pending eoi from an uninitialized val
- Btrfs: fix btrfs_wait_ordered_range() so that it waits for all ordered
extents
- scsi: Revert "RDMA/isert: Fix a recently introduced regression related to
logout"
- scsi: Revert "target: iscsi: Wait for all commands to finish before freeing
a session"
- ecryptfs: replace BUG_ON with error handling code
- ALSA: rawmidi: Avoid bit fields for state flags
- ALSA: seq: Avoid concurrent access to queue flags
- ALSA: seq: Fix concurrent access to queue current tick/time
- xen: Enable interrupts when calling _cond_resched()
- Linux 4.4.215
Date: 2020-04-08 09:48:23.210305+00:00
Changed-By: Kelsey Margarete Skunberg <kelsey.skunberg at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1106.117
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list