This bug was fixed in the package linux - 4.8.0-32.34 --------------- linux (4.8.0-32.34) yakkety; urgency=low
[ Thadeu Lima de Souza Cascardo ] * Release Tracking Bug - LP: #1649358 * Vulnerability picked up from 4.8.10 stable kernel (LP: #1648662) - net: handle no dst on skb in icmp6_send linux (4.8.0-31.33) yakkety; urgency=low [ Luis Henriques ] * Release Tracking Bug - LP: #1648034 * Update hio driver to 2.1.0.28 (LP: #1646643) - SAUCE: hio: update to Huawei ES3000_V2 (2.1.0.28) * Yakkety update to v4.8.11 stable release (LP: #1645421) - x86/cpu/AMD: Fix cpu_llc_id for AMD Fam17h systems - KVM: x86: fix missed SRCU usage in kvm_lapic_set_vapic_addr - KVM: Disable irq while unregistering user notifier - arm64: KVM: pmu: Fix AArch32 cycle counter access - KVM: arm64: Fix the issues when guest PMCCFILTR is configured - ftrace: Ignore FTRACE_FL_DISABLED while walking dyn_ftrace records - ftrace: Add more checks for FTRACE_FL_DISABLED in processing ip records - genirq: Use irq type from irqdata instead of irqdesc - fuse: fix fuse_write_end() if zero bytes were copied - IB/rdmavt: rdmavt can handle non aligned page maps - IB/hfi1: Fix rnr_timer addition - mfd: intel-lpss: Do not put device in reset state on suspend - mfd: stmpe: Fix RESET regression on STMPE2401 - can: bcm: fix warning in bcm_connect/proc_register - gpio: do not double-check direction on sleeping chips - ALSA: usb-audio: Fix use-after-free of usb_device at disconnect - ALSA: hda - add a new condition to check if it is thinkpad - ALSA: hda - Fix mic regression by ASRock mobo fixup - i2c: mux: fix up dependencies - i2c: i2c-mux-pca954x: fix deselect enabling for device-tree - Disable the __builtin_return_address() warning globally after all - kbuild: add -fno-PIE - scripts/has-stack-protector: add -fno-PIE - x86/kexec: add -fno-PIE - kbuild: Steal gcc's pie from the very beginning - ext4: sanity check the block and cluster size at mount time - ARM: dts: imx53-qsb: Fix regulator constraints - crypto: caam - do not register AES-XTS mode on LP units - powerpc/64: Fix setting of AIL in hypervisor mode - drm/amdgpu: Attach exclusive fence to prime exported bo's. (v5) - drm/i915: Refresh that status of MST capable connectors in ->detect() - drm/i915: Assume non-DP++ port if dvo_port is HDMI and there's no AUX ch specified in the VBT - virtio-net: drop legacy features in virtio 1 mode - clk: mmp: pxa910: fix return value check in pxa910_clk_init() - clk: mmp: pxa168: fix return value check in pxa168_clk_init() - clk: mmp: mmp2: fix return value check in mmp2_clk_init() - clk: imx: fix integer overflow in AV PLL round rate - rtc: omap: Fix selecting external osc - iwlwifi: pcie: fix SPLC structure parsing - iwlwifi: pcie: mark command queue lock with separate lockdep class - iwlwifi: mvm: fix netdetect starting/stopping for unified images - iwlwifi: mvm: fix d3_test with unified D0/D3 images - iwlwifi: mvm: wake the wait queue when the RX sync counter is zero - mfd: core: Fix device reference leak in mfd_clone_cell - sunrpc: svc_age_temp_xprts_now should not call setsockopt non-tcp transports - uwb: fix device reference leaks - PM / sleep: fix device reference leak in test_suspend - PM / sleep: don't suspend parent when async child suspend_{noirq, late} fails - perf hists: Fix column length on --hierarchy - IB/rxe: Update qp state for user query - IB/rxe: Fix kernel panic in UDP tunnel with GRO and RX checksum - IB/rxe: Fix handling of erroneous WR - IB/rxe: Clear queue buffer when modifying QP to reset - IB/mlx4: Check gid_index return value - IB/mlx4: Fix create CQ error flow - IB/mlx5: Validate requested RQT size - IB/mlx5: Use cache line size to select CQE stride - IB/mlx5: Fix memory leak in query device - IB/mlx5: Fix fatal error dispatching - IB/mlx5: Fix NULL pointer dereference on debug print - IB/core: Avoid unsigned int overflow in sg_alloc_table - IB/hfi1: Remove incorrect IS_ERR check - IB/uverbs: Fix leak of XRC target QPs - IB/cm: Mark stale CM id's whenever the mad agent was unregistered - netfilter: nft_dynset: fix element timeout for HZ != 1000 - gpio: pca953x: Move memcpy into mutex lock for set multiple - gpio: pca953x: Fix corruption of other gpios in set_multiple. - Linux 4.8.11 * Upstream stable 4.4.34 and 4.8.10 regression (LP: #1645278) - flow_dissect: call init_default_flow_dissectors() earlier * Fix Kernel Crashing under IBM Virtual Scsi Driver (LP: #1642299) - SAUCE: ibmvscsis: Rearrange functions for future patches - SAUCE: ibmvscsis: Synchronize cmds at tpg_enable_store time - SAUCE: ibmvscsis: Synchronize cmds at remove time - SAUCE: ibmvscsis: Clean up properly if target_submit_cmd/tmr fails - SAUCE: ibmvscsis: Return correct partition name/# to client - SAUCE: ibmvscsis: Issues from Dan Carpenter/Smatch * Add a driver for Amazon Elastic Network Adapters (ENA) (LP: #1635721) - net: ena: Add a driver for Amazon Elastic Network Adapters (ENA) - [config] enable CONFIG_ENA_ETHERNET=m (Amazon ENA driver) * Move some kernel modules to the main kernel package (LP: #1642228) - [Config] Move some powerpc kernel modules to the main kernel package * Yakkety update to 4.8.10 stable release (LP: #1643639) - dctcp: avoid bogus doubling of cwnd after loss - net: clear sk_err_soft in sk_clone_lock() - net: mangle zero checksum in skb_checksum_help() - bgmac: stop clearing DMA receive control register right after it is set - ip6_tunnel: Clear IP6CB in ip6tunnel_xmit() - tcp: fix potential memory corruption - ipv4: allow local fragmentation in ip_finish_output_gso() - tcp: fix return value for partial writes - dccp: do not release listeners too soon - dccp: do not send reset to already closed sockets - dccp: fix out of bound access in dccp_v4_err() - ipv6: dccp: fix out of bound access in dccp_v6_err() - ipv6: dccp: add missing bind_conflict to dccp_ipv6_mapped - sctp: assign assoc_id earlier in __sctp_connect - bpf: fix htab map destruction when extra reserve is in use - net: icmp6_send should use dst dev to determine L3 domain - fib_trie: Correct /proc/net/route off by one error - sock: fix sendmmsg for partial sendmsg - net: icmp_route_lookup should use rt dev to determine L3 domain - net: __skb_flow_dissect() must cap its return value - ipv4: use new_gw for redirect neigh lookup - tcp: take care of truncations done by sk_filter() - Revert "include/uapi/linux/atm_zatm.h: include linux/time.h" - mlxsw: spectrum: Fix refcount bug on span entries - mlxsw: spectrum_router: Correctly dump neighbour activity - Revert "bnx2: Reset device during driver initialization" - bnx2: Wait for in-flight DMA to complete at probe stage - sctp: change sk state only when it has assocs in sctp_shutdown - net: stmmac: Fix lack of link transition for fixed PHYs - spi: spidev_test: fix build with musl libc - sparc: Handle negative offsets in arch_jump_label_transform - sparc64: Handle extremely large kernel TSB range flushes sanely. - sparc64: Fix illegal relative branches in hypervisor patched TLB code. - sparc64: Fix instruction count in comment for __hypervisor_flush_tlb_pending. - sparc64: Fix illegal relative branches in hypervisor patched TLB cross-call code. - sparc64: Handle extremely large kernel TLB range flushes more gracefully. - sparc64: Delete __ret_efault. - sparc64: Prepare to move to more saner user copy exception handling. - sparc64: Convert copy_in_user to accurate exception reporting. - sparc64: Convert GENcopy_{from,to}_user to accurate exception reporting. - sparc64: Convert U1copy_{from,to}_user to accurate exception reporting. - sparc64: Convert NG4copy_{from,to}_user to accurate exception reporting. - sparc64: Convert NGcopy_{from,to}_user to accurate exception reporting. - sparc64: Convert NG2copy_{from,to}_user to accurate exception reporting. - sparc64: Convert U3copy_{from,to}_user to accurate exception reporting. - sparc64: Delete now unused user copy assembler helpers. - sparc64: Delete now unused user copy fixup functions. - usb: gadget: f_fs: edit epfile->ep under lock - usb: gadget: f_fs: stop sleeping in ffs_func_eps_disable - Linux 4.8.10 * Yakkety update to v4.8.9 stable release (LP: #1642972) - ALSA: info: Return error for invalid read/write - ALSA: info: Limit the proc text input size - ASoC: cs4270: fix DAPM stream name mismatch - dib0700: fix nec repeat handling - mm, frontswap: make sure allocated frontswap map is assigned - shmem: fix pageflags after swapping DMA32 object - swapfile: fix memory corruption via malformed swapfile - mm: hwpoison: fix thp split handling in memory_failure() - mm/hugetlb: fix huge page reservation leak in private mapping error paths - coredump: fix unfreezable coredumping task - s390/hypfs: Use get_free_page() instead of kmalloc to ensure page alignment - ARC: timer: rtc: implement read loop in "C" vs. inline asm - PCI: Don't attempt to claim shadow copies of ROM - arc: Implement arch-specific dma_map_ops.mmap - pinctrl: cherryview: Serialize register access in suspend/resume - pinctrl: cherryview: Prevent possible interrupt storm on resume - cpupower: Correct return type of cpu_power_is_cpu_online() in cpufreq-set - mmc: sdhci: Fix CMD line reset interfering with ongoing data transfer - mmc: sdhci: Fix unexpected data interrupt handling - mmc: mmc: Use 500ms as the default generic CMD6 timeout - staging: iio: ad5933: avoid uninitialized variable in error case - staging: sm750fb: Fix bugs introduced by early commits - staging: comedi: ni_tio: fix buggy ni_tio_clock_period_ps() return value - drivers: staging: nvec: remove bogus reset command for PS/2 interface - Revert "staging: nvec: ps2: change serio type to passthrough" - staging: nvec: remove managed resource from PS2 driver - usb: dwc3: Fix error handling for core init - USB: cdc-acm: fix TIOCMIWAIT - usb: gadget: u_ether: remove interrupt throttling - drbd: Fix kernel_sendmsg() usage - potential NULL deref - toshiba-wmi: Fix loading the driver on non Toshiba laptops - clk: qoriq: Don't allow CPU clocks higher than starting value - cdc-acm: fix uninitialized variable - iio: hid-sensors: Increase the precision of scale to fix wrong reading interpretation. - iio: orientation: hid-sensor-rotation: Add PM function (fix non working driver) - iio: st_sensors: fix scale configuration for h3lis331dl - scsi: qla2xxx: Fix scsi scan hang triggered if adapter fails during init - scsi: mpt3sas: Fix for block device of raid exists even after deleting raid disk - scsi: scsi_dh_alua: fix missing kref_put() in alua_rtpg_work() - scsi: scsi_dh_alua: Fix a reference counting bug - KVM: arm/arm64: vgic: Prevent access to invalid SPIs - drm/radeon: disable runtime pm in certain cases - drm/i915: Respect alternate_ddc_pin for all DDI ports - drm/i915/dp: BDW cdclk fix for DP audio - drm/i915/dp: Extend BDW DP audio workaround to GEN9 platforms - drm/amdgpu: disable runtime pm in certain cases - drm/amdgpu: fix crash in acp_hw_fini - tty/serial: at91: fix hardware handshake on Atmel platforms - drm/amdgpu: fix sched fence slab teardown - drm/amd: fix scheduler fence teardown order v2 - xprtrdma: use complete() instead complete_all() - xprtrdma: Fix DMAR failure in frwr_op_map() after reconnect - iommu/io-pgtable-arm: Check for v7s-incapable systems - iommu/amd: Free domain id when free a domain of struct dma_ops_domain - iommu/vt-d: Fix dead-locks in disable_dmar_iommu() path - agp/intel: Flush chipset writes after updating a single PTE - watchdog: core: Fix devres_alloc() allocation size - Input: synaptics-rmi4 - fix error handling in SPI transport driver - Input: synaptics-rmi4 - fix error handling in I2C transport driver - perf top: Fix refreshing hierarchy entries on TUI - mei: bus: fix received data size check in NFC fixup - svcrdma: Skip put_page() when send_reply() fails - svcrdma: Tail iovec leaves an orphaned DMA mapping - nvme: Delete created IO queues on reset - Revert "clocksource/drivers/timer_sun5i: Replace code by clocksource_mmio_init" - x86/build: Fix build with older GCC versions - clk: samsung: clk-exynos-audss: Fix module autoload - rtc: pcf2123: Add missing error code assignment before test - s390/dumpstack: restore reliable indicator for call traces - lib/genalloc.c: start search from start of chunk - hwrng: core - Don't use a stack buffer in add_early_randomness() - i40e: fix call of ndo_dflt_bridge_getlink() - mmc: sdhci-msm: Fix error return code in sdhci_msm_probe() - ACPI / APEI: Fix incorrect return value of ghes_proc() - ACPI/PCI/IRQ: assign ISA IRQ directly during early boot stages - ACPI/PCI: pci_link: penalize SCI correctly - ACPI/PCI: pci_link: Include PIRQ_PENALTY_PCI_USING for ISA IRQs - batman-adv: Modify neigh_list only with rcu-list functions - gpio/mvebu: Use irq_domain_add_linear - gpio: of: fix GPIO drivers with multiple gpio_chip for a single node - ASoC: Intel: Skylake: Always acquire runtime pm ref on unload - ASoC: sun4i-codec: return error code instead of NULL when create_card fails - pinctrl: iproc: Fix iProc and NSP GPIO support - mmc: mxs: Initialize the spinlock prior to using it - memcg: prevent memcg caches to be both OFF_SLAB & OBJFREELIST_SLAB - libceph: fix legacy layout decode with pool 0 - NFSv4.1: work around -Wmaybe-uninitialized warning - drm/amdgpu: fix fence slab teardown - drm/amdgpu: fix a vm_flush fence leak - drm/i915: Fix mismatched INIT power domain disabling during suspend - netfilter: fix namespace handling in nf_log_proc_dostring - Linux 4.8.9 * Yakkety update to 4.8.8 stable release (LP: #1642607) - net: fec: set mac address unconditionally - net: pktgen: fix pkt_size - net/sched: act_vlan: Push skb->data to mac_header prior calling skb_vlan_*() functions - net: Add netdev all_adj_list refcnt propagation to fix panic - packet: call fanout_release, while UNREGISTERING a netdev - netlink: do not enter direct reclaim from netlink_dump() - drivers/ptp: Fix kernel memory disclosure - net_sched: reorder pernet ops and act ops registrations - ipv6: tcp: restore IP6CB for pktoptions skbs - net: phy: Trigger state machine on state change and not polling. - ip6_tunnel: fix ip6_tnl_lookup - IB/ipoib: move back IB LL address into the hard header - net/mlx4_en: fixup xdp tx irq to match rx - net: pktgen: remove rcu locking in pktgen_change_name() - bridge: multicast: restore perm router ports on multicast enable - switchdev: Execute bridge ndos only for bridge ports - rtnetlink: Add rtnexthop offload flag to compare mask - net: core: Correctly iterate over lower adjacency list - net: add recursion limit to GRO - ipv4: disable BH in set_ping_group_range() - ipv4: use the right lock for ping_group_range - net: fec: Call swap_buffer() prior to IP header alignment - net: sctp, forbid negative length - sctp: fix the panic caused by route update - udp: fix IP_CHECKSUM handling - netvsc: fix incorrect receive checksum offloading - macsec: Fix header length if SCI is added if explicitly disabled - net: ipv6: Do not consider link state for nexthop validation - net sched filters: fix notification of filter delete with proper handle - sctp: validate chunk len before actually using it - ip6_tunnel: Update skb->protocol to ETH_P_IPV6 in ip6_tnl_xmit() - packet: on direct_xmit, limit tso and csum to supported devices - arch/powerpc: Update parameters for csum_tcpudp_magic & csum_tcpudp_nofold - usb: dwc3: gadget: properly account queued requests - scsi: megaraid_sas: Fix data integrity failure for JBOD (passthrough) devices - scsi: megaraid_sas: fix macro MEGASAS_IS_LOGICAL to avoid regression - Linux 4.8.8 * Yakkety update to 4.8.7 stable release (LP: #1642606) - i2c: rk3x: Give the tuning value 0 during rk3x_i2c_v0_calc_timings - i2c: xgene: Avoid dma_buffer overrun - i2c: core: fix NULL pointer dereference under race condition - drm/dp/mst: Clear port->pdt when tearing down the i2c adapter - spi: fsl-espi: avoid processing uninitalized data on error - spi: mark device nodes only in case of successful instantiation - h8300: fix syscall restarting - gpio / ACPI: fix returned error from acpi_dev_gpio_irq_get() - gpio: GPIO_GET_CHIPINFO_IOCTL: Fix line offset validation - gpio: GPIO_GET_CHIPINFO_IOCTL: Fix information leak - gpio: GPIO_GET_LINEHANDLE_IOCTL: Validate line offset - gpio: GPIOHANDLE_GET_LINE_VALUES_IOCTL: Fix information leak - gpio: GPIO_GET_LINEEVENT_IOCTL: Validate line offset - gpio: GPIO_GET_LINEHANDLE_IOCTL: Reject invalid line flags - gpio: GPIO_GET_LINEEVENT_IOCTL: Reject invalid line and event flags - gpio: GPIOHANDLE_GET_LINE_VALUES_IOCTL: Fix another information leak - gpio: GPIO_GET_LINE{HANDLE,EVENT}_IOCTL: Fix file descriptor leak - libxfs: clean up _calc_dquots_per_chunk - mm/list_lru.c: avoid error-path NULL pointer deref - mm/slab: fix kmemcg cache creation delayed issue - mm: memcontrol: do not recurse in direct reclaim - KEYS: Sort out big_key initialisation - security/keys: make BIG_KEYS dependent on stdrng. - device-dax: fix percpu_ref_exit ordering - ALSA: usb-audio: Add quirk for Syntek STK1160 - ALSA: seq: Fix time account regression - ALSA: hda - allow 40 bit DMA mask for NVidia devices - ALSA: hda - Adding a new group of pin cfg into ALC295 pin quirk table - ALSA: hda - Fix surround output pins for ASRock B150M mobo - ALSA: hda - Fix headset mic detection problem for two Dell laptops - ANDROID: binder: Add strong ref checks - ANDROID: binder: Clear binder and cookie when setting handle in flat binder struct - cxl: Fix leaking pid refs in some error paths - btrfs: fix races on root_log_ctx lists - powerpc: Convert cmp to cmpd in idle enter sequence - powerpc/mm/radix: Use tlbiel only if we ever ran on the current cpu - x86/microcode/AMD: Fix more fallout from CONFIG_RANDOMIZE_MEMORY=y - timers: Prevent base clock rewind when forwarding clock - timers: Prevent base clock corruption when forwarding - timers: Plug locking race vs. timer migration - timers: Lock base for same bucket optimization - ubifs: Abort readdir upon error - ubifs: Fix regression in ubifs_readdir() - mei: txe: don't clean an unprocessed interrupt cause. - usb: gadget: udc: atmel: fix endpoint name - usb: gadget: function: u_ether: don't starve tx request queue - USB: serial: fix potential NULL-dereference at probe - USB: serial: cp210x: fix tiocmget error handling - USB: serial: ftdi_sio: add support for Infineon TriBoard TC2X7 - xhci: use default USB_RESUME_TIMEOUT when resuming ports. - usb: renesas_usbhs: add wait after initialization for R-Car Gen3 - usb: increase ohci watchdog delay to 275 msec - x86/smpboot: Init apic mapping before usage - vt: clear selection before resizing - xhci: add restart quirk for Intel Wildcatpoint PCH - xhci: workaround for hosts missing CAS bit - tty: limit terminal size to 4M chars - arm64: dts: marvell: fix clocksource for CP110 master SPI0 - iio:chemical:atlas-ph-sensor: Fix use of 32 bit int to hold 16 bit big endian value - Staging: wilc1000: Fix kernel Oops on opening the device - dm: free io_barrier after blk_cleanup_queue call - KVM: x86: fix wbinvd_dirty_mask use-after-free - KVM: s390: Fix STHYI buffer alignment for diag224 - KVM: MIPS: Make ERET handle ERL before EXL - KVM: MIPS: Precalculate MMIO load resume PC - ARM: mvebu: Select corediv clk for all mvebu v7 SoC - ARM: dts: fix the SD card on the Snowball - nfsd: Fix general protection fault in release_lock_stateid() - MIPS: KASLR: Fix handling of NULL FDT - ovl: fix get_acl() on tmpfs - ovl: update S_ISGID when setting posix ACLs - ovl: fsync after copy-up - parisc: Ensure consistent state when switching to kernel stack at syscall entry - virtio_ring: Make interrupt suppression spec compliant - virtio_pci: Limit DMA mask to 44 bits for legacy virtio devices - virtio: console: Unlock vqs while freeing buffers - dm mirror: fix read error on recovery after default leg failure - dm table: fix missing dm_put_target_type() in dm_table_add_target() - dm rq: clear kworker_task if kthread_run() returned an error - dm raid: fix activation of existing raid4/10 devices - rtl8xxxu: Fix memory leak in handling rxdesc16 packets - rtl8xxxu: Fix big-endian problem reporting mactime - rtl8xxxu: Fix rtl8723bu driver reload issue - Input: i8042 - add XMG C504 to keyboard reset table - firewire: net: guard against rx buffer overflows - firewire: net: fix fragmented datagram_size off-by-one - mac80211: discard multicast and 4-addr A-MSDUs - Revert "ath9k_hw: implement temperature compensation support for AR9003+" - ath10k: cache calibration data when the core is stopped - scsi: scsi_debug: Fix memory leak if LBP enabled and module is unloaded - scsi: arcmsr: Send SYNCHRONIZE_CACHE command to firmware - mmc: dw_mmc-pltfm: fix the potential NULL pointer dereference - RAID1: ignore discard error - RAID10: ignore discard error - md: be careful not lot leak internal curr_resync value into metadata. -- (all) - Revert "drm/radeon: fix DP link training issue with second 4K monitor" - drm/imx: ipuv3-plane: Switch EBA buffer only when we don't need modeset - drm/imx: ipuv3-plane: Access old u/vbo properly in ->atomic_check for YU12/YV12 - drm/radeon/si_dpm: Limit clocks on HD86xx part - drm/radeon/si_dpm: workaround for SI kickers - drm/radeon: drop register readback in cayman_cp_int_cntl_setup - drm/nouveau/acpi: fix check for power resources support - drm/fb-helper: Don't call dirty callback for untouched clips - drm/fb-helper: Fix connector ref leak on error - drm/fb-helper: Keep references for the current set of used connectors - drm/i915/gen9: fix DDB partitioning for multi-screen cases - drm/i915/gen9: fix watermarks when using the pipe scaler - drm/dp/mst: Check peer device type before attempting EDID read - drm: Release reference from blob lookup after replacing property - drm/i915: Respect alternate_aux_channel for all DDI ports - drm/i915: Clean up DDI DDC/AUX CH sanitation - drm/i915/fbc: fix CFB size calculation for gen8+ - drm: i915: Wait for fences on new fb, not old - i2c: mark device nodes only in case of successful instantiation - netfilter: xt_NFLOG: fix unexpected truncated packet - UBI: fastmap: scrub PEB when bitflips are detected in a free PEB EC header - uapi: add missing install of sync_file.h - video: fbdev: pxafb: potential NULL dereference on error - omapfb: fix return value check in dsi_bind() - pwm: Unexport children before chip removal - usb: dwc3: Fix size used in dma_free_coherent() - usb: chipidea: host: fix NULL ptr dereference during shutdown - usb: musb: Fix hardirq-safe hardirq-unsafe lock order error - v4l: vsp1: Prevent pipelines from running when not streaming - tty: vt, fix bogus division in csi_J - ARM: fix oops when using older ARMv4T CPUs - kvm: x86: Check memopp before dereference (CVE-2016-8630) - btrfs: qgroup: Prevent qgroup->reserved from going subzero - ubi: fastmap: Fix add_vol() return value test in ubi_attach_fastmap() - cpufreq: intel_pstate: Set P-state upfront in performance mode - HID: usbhid: add ATEN CS962 to list of quirky devices - Linux 4.8.7 - [Config] updateconfigs after 4.8.7 stable update * CVE-2016-6213 - mnt: Add a per mount namespace limit on the number of mounts * Cursor doesn't move after multitouch on alps touchpad (LP: #1641874) - HID: alps: fix multitouch cursor issue * [SRU] Add 0cf3:e009 to btusb (LP: #1641562) - Bluetooth: btusb: Add support for 0cf3:e009 * [Hyper-V] do not lose pending heartbeat vmbus packets (LP: #1632786) - hv: do not lose pending heartbeat vmbus packets * ipv6: connected routes are missing after a down/up cycle on the loopback (LP: #1634545) - ipv6: correctly add local routes when lo goes up * [Feature] Add Knights Mill to Intel processors family list (LP: #1637528) - x86/cpu/intel: Add Knights Mill to Intel family - perf/x86/intel: Add Knights Mill CPUID - perf/x86/intel/rapl: Add Knights Mill CPUID - perf/x86/intel/uncore: Add Knights Mill CPUID * hv_set_ifconfig script parsing fails for certain configuration (LP: #1640109) - hv_set_ifconfig -- handle DHCP interfaces correctly - hv_set_ifconfig -- ensure we include the last stanza * nvme: improve performance for virtual Google NVMe devices (LP: #1637565) - [Config] CONFIG_NVME_VENDOR_EXT_GOOGLE=y - SAUCE: nvme: improve performance for virtual NVMe devices * CVE-2016-7039 and CVE-2016-8666 (LP: #1631287) - Revert "UBUNTU: SAUCE: net: add recursion limit to GRO" -- Thadeu Lima de Souza Cascardo <casca...@canonical.com> Mon, 12 Dec 2016 15:33:04 -0200 ** Changed in: linux (Ubuntu Yakkety) Status: Fix Committed => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-6213 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-7039 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-8630 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-8666 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1648662 Title: Vulnerability picked up from 4.8.10 stable kernel Status in linux package in Ubuntu: Confirmed Status in linux source package in Yakkety: Fix Released Bug description: The yakkety master-next tree tagged Ubuntu-4.8.0-31.33 contains git commit 13119e8d911cd268a57012717874f8ab0f42c252 (upstream commit http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5d41ce29e3b91ef305f88d23f72b3359de329cec, linux-stable commit http://git.kernel.org/cgit/linux/kernel/git/stable /linux- stable.git/commit/?h=linux-4.8.y&id=92fd1c1f2fd27a352b91ad1f874775618aa1865a ). This is considered to have introduced CVE-2016-9919 (see http://www.openwall.com/lists/oss-security/2016/12/08/16 ), a remote denial of service for hosts that use ipv6. Upstream commit http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=79dc7e3f1cd323be4c81aa1a94faa1b3ed987fb2 addresses the issue. Since the issue only affects the yakkety-proposed kernel, we should not release this kernel with this vulnerability intact. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1648662/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp