This bug was fixed in the package linux - 4.8.0-32.34

---------------
linux (4.8.0-32.34) yakkety; urgency=low

  [ Thadeu Lima de Souza Cascardo ]

  * Release Tracking Bug
    - LP: #1649358

  * Vulnerability picked up from 4.8.10 stable kernel (LP: #1648662)
    - net: handle no dst on skb in icmp6_send

linux (4.8.0-31.33) yakkety; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1648034

  * Update hio driver to 2.1.0.28 (LP: #1646643)
    - SAUCE: hio: update to Huawei ES3000_V2 (2.1.0.28)

  * Yakkety update to v4.8.11 stable release (LP: #1645421)
    - x86/cpu/AMD: Fix cpu_llc_id for AMD Fam17h systems
    - KVM: x86: fix missed SRCU usage in kvm_lapic_set_vapic_addr
    - KVM: Disable irq while unregistering user notifier
    - arm64: KVM: pmu: Fix AArch32 cycle counter access
    - KVM: arm64: Fix the issues when guest PMCCFILTR is configured
    - ftrace: Ignore FTRACE_FL_DISABLED while walking dyn_ftrace records
    - ftrace: Add more checks for FTRACE_FL_DISABLED in processing ip records
    - genirq: Use irq type from irqdata instead of irqdesc
    - fuse: fix fuse_write_end() if zero bytes were copied
    - IB/rdmavt: rdmavt can handle non aligned page maps
    - IB/hfi1: Fix rnr_timer addition
    - mfd: intel-lpss: Do not put device in reset state on suspend
    - mfd: stmpe: Fix RESET regression on STMPE2401
    - can: bcm: fix warning in bcm_connect/proc_register
    - gpio: do not double-check direction on sleeping chips
    - ALSA: usb-audio: Fix use-after-free of usb_device at disconnect
    - ALSA: hda - add a new condition to check if it is thinkpad
    - ALSA: hda - Fix mic regression by ASRock mobo fixup
    - i2c: mux: fix up dependencies
    - i2c: i2c-mux-pca954x: fix deselect enabling for device-tree
    - Disable the __builtin_return_address() warning globally after all
    - kbuild: add -fno-PIE
    - scripts/has-stack-protector: add -fno-PIE
    - x86/kexec: add -fno-PIE
    - kbuild: Steal gcc's pie from the very beginning
    - ext4: sanity check the block and cluster size at mount time
    - ARM: dts: imx53-qsb: Fix regulator constraints
    - crypto: caam - do not register AES-XTS mode on LP units
    - powerpc/64: Fix setting of AIL in hypervisor mode
    - drm/amdgpu: Attach exclusive fence to prime exported bo's. (v5)
    - drm/i915: Refresh that status of MST capable connectors in ->detect()
    - drm/i915: Assume non-DP++ port if dvo_port is HDMI and there's no AUX ch
      specified in the VBT
    - virtio-net: drop legacy features in virtio 1 mode
    - clk: mmp: pxa910: fix return value check in pxa910_clk_init()
    - clk: mmp: pxa168: fix return value check in pxa168_clk_init()
    - clk: mmp: mmp2: fix return value check in mmp2_clk_init()
    - clk: imx: fix integer overflow in AV PLL round rate
    - rtc: omap: Fix selecting external osc
    - iwlwifi: pcie: fix SPLC structure parsing
    - iwlwifi: pcie: mark command queue lock with separate lockdep class
    - iwlwifi: mvm: fix netdetect starting/stopping for unified images
    - iwlwifi: mvm: fix d3_test with unified D0/D3 images
    - iwlwifi: mvm: wake the wait queue when the RX sync counter is zero
    - mfd: core: Fix device reference leak in mfd_clone_cell
    - sunrpc: svc_age_temp_xprts_now should not call setsockopt non-tcp 
transports
    - uwb: fix device reference leaks
    - PM / sleep: fix device reference leak in test_suspend
    - PM / sleep: don't suspend parent when async child suspend_{noirq, late}
      fails
    - perf hists: Fix column length on --hierarchy
    - IB/rxe: Update qp state for user query
    - IB/rxe: Fix kernel panic in UDP tunnel with GRO and RX checksum
    - IB/rxe: Fix handling of erroneous WR
    - IB/rxe: Clear queue buffer when modifying QP to reset
    - IB/mlx4: Check gid_index return value
    - IB/mlx4: Fix create CQ error flow
    - IB/mlx5: Validate requested RQT size
    - IB/mlx5: Use cache line size to select CQE stride
    - IB/mlx5: Fix memory leak in query device
    - IB/mlx5: Fix fatal error dispatching
    - IB/mlx5: Fix NULL pointer dereference on debug print
    - IB/core: Avoid unsigned int overflow in sg_alloc_table
    - IB/hfi1: Remove incorrect IS_ERR check
    - IB/uverbs: Fix leak of XRC target QPs
    - IB/cm: Mark stale CM id's whenever the mad agent was unregistered
    - netfilter: nft_dynset: fix element timeout for HZ != 1000
    - gpio: pca953x: Move memcpy into mutex lock for set multiple
    - gpio: pca953x: Fix corruption of other gpios in set_multiple.
    - Linux 4.8.11

  * Upstream stable 4.4.34 and 4.8.10 regression (LP: #1645278)
    - flow_dissect: call init_default_flow_dissectors() earlier

  * Fix Kernel Crashing under IBM Virtual Scsi Driver (LP: #1642299)
    - SAUCE: ibmvscsis: Rearrange functions for future patches
    - SAUCE: ibmvscsis: Synchronize cmds at tpg_enable_store time
    - SAUCE: ibmvscsis: Synchronize cmds at remove time
    - SAUCE: ibmvscsis: Clean up properly if target_submit_cmd/tmr fails
    - SAUCE: ibmvscsis: Return correct partition name/# to client
    - SAUCE: ibmvscsis: Issues from Dan Carpenter/Smatch

  * Add a driver for Amazon Elastic Network Adapters (ENA) (LP: #1635721)
    - net: ena: Add a driver for Amazon Elastic Network Adapters (ENA)
    - [config] enable CONFIG_ENA_ETHERNET=m (Amazon ENA driver)

  * Move some kernel modules to the main kernel package (LP: #1642228)
    - [Config] Move some powerpc kernel modules to the main kernel package

  * Yakkety update to 4.8.10 stable release (LP: #1643639)
    - dctcp: avoid bogus doubling of cwnd after loss
    - net: clear sk_err_soft in sk_clone_lock()
    - net: mangle zero checksum in skb_checksum_help()
    - bgmac: stop clearing DMA receive control register right after it is set
    - ip6_tunnel: Clear IP6CB in ip6tunnel_xmit()
    - tcp: fix potential memory corruption
    - ipv4: allow local fragmentation in ip_finish_output_gso()
    - tcp: fix return value for partial writes
    - dccp: do not release listeners too soon
    - dccp: do not send reset to already closed sockets
    - dccp: fix out of bound access in dccp_v4_err()
    - ipv6: dccp: fix out of bound access in dccp_v6_err()
    - ipv6: dccp: add missing bind_conflict to dccp_ipv6_mapped
    - sctp: assign assoc_id earlier in __sctp_connect
    - bpf: fix htab map destruction when extra reserve is in use
    - net: icmp6_send should use dst dev to determine L3 domain
    - fib_trie: Correct /proc/net/route off by one error
    - sock: fix sendmmsg for partial sendmsg
    - net: icmp_route_lookup should use rt dev to determine L3 domain
    - net: __skb_flow_dissect() must cap its return value
    - ipv4: use new_gw for redirect neigh lookup
    - tcp: take care of truncations done by sk_filter()
    - Revert "include/uapi/linux/atm_zatm.h: include linux/time.h"
    - mlxsw: spectrum: Fix refcount bug on span entries
    - mlxsw: spectrum_router: Correctly dump neighbour activity
    - Revert "bnx2: Reset device during driver initialization"
    - bnx2: Wait for in-flight DMA to complete at probe stage
    - sctp: change sk state only when it has assocs in sctp_shutdown
    - net: stmmac: Fix lack of link transition for fixed PHYs
    - spi: spidev_test: fix build with musl libc
    - sparc: Handle negative offsets in arch_jump_label_transform
    - sparc64: Handle extremely large kernel TSB range flushes sanely.
    - sparc64: Fix illegal relative branches in hypervisor patched TLB code.
    - sparc64: Fix instruction count in comment for
      __hypervisor_flush_tlb_pending.
    - sparc64: Fix illegal relative branches in hypervisor patched TLB 
cross-call
      code.
    - sparc64: Handle extremely large kernel TLB range flushes more gracefully.
    - sparc64: Delete __ret_efault.
    - sparc64: Prepare to move to more saner user copy exception handling.
    - sparc64: Convert copy_in_user to accurate exception reporting.
    - sparc64: Convert GENcopy_{from,to}_user to accurate exception reporting.
    - sparc64: Convert U1copy_{from,to}_user to accurate exception reporting.
    - sparc64: Convert NG4copy_{from,to}_user to accurate exception reporting.
    - sparc64: Convert NGcopy_{from,to}_user to accurate exception reporting.
    - sparc64: Convert NG2copy_{from,to}_user to accurate exception reporting.
    - sparc64: Convert U3copy_{from,to}_user to accurate exception reporting.
    - sparc64: Delete now unused user copy assembler helpers.
    - sparc64: Delete now unused user copy fixup functions.
    - usb: gadget: f_fs: edit epfile->ep under lock
    - usb: gadget: f_fs: stop sleeping in ffs_func_eps_disable
    - Linux 4.8.10

  * Yakkety update to v4.8.9 stable release (LP: #1642972)
    - ALSA: info: Return error for invalid read/write
    - ALSA: info: Limit the proc text input size
    - ASoC: cs4270: fix DAPM stream name mismatch
    - dib0700: fix nec repeat handling
    - mm, frontswap: make sure allocated frontswap map is assigned
    - shmem: fix pageflags after swapping DMA32 object
    - swapfile: fix memory corruption via malformed swapfile
    - mm: hwpoison: fix thp split handling in memory_failure()
    - mm/hugetlb: fix huge page reservation leak in private mapping error paths
    - coredump: fix unfreezable coredumping task
    - s390/hypfs: Use get_free_page() instead of kmalloc to ensure page 
alignment
    - ARC: timer: rtc: implement read loop in "C" vs. inline asm
    - PCI: Don't attempt to claim shadow copies of ROM
    - arc: Implement arch-specific dma_map_ops.mmap
    - pinctrl: cherryview: Serialize register access in suspend/resume
    - pinctrl: cherryview: Prevent possible interrupt storm on resume
    - cpupower: Correct return type of cpu_power_is_cpu_online() in cpufreq-set
    - mmc: sdhci: Fix CMD line reset interfering with ongoing data transfer
    - mmc: sdhci: Fix unexpected data interrupt handling
    - mmc: mmc: Use 500ms as the default generic CMD6 timeout
    - staging: iio: ad5933: avoid uninitialized variable in error case
    - staging: sm750fb: Fix bugs introduced by early commits
    - staging: comedi: ni_tio: fix buggy ni_tio_clock_period_ps() return value
    - drivers: staging: nvec: remove bogus reset command for PS/2 interface
    - Revert "staging: nvec: ps2: change serio type to passthrough"
    - staging: nvec: remove managed resource from PS2 driver
    - usb: dwc3: Fix error handling for core init
    - USB: cdc-acm: fix TIOCMIWAIT
    - usb: gadget: u_ether: remove interrupt throttling
    - drbd: Fix kernel_sendmsg() usage - potential NULL deref
    - toshiba-wmi: Fix loading the driver on non Toshiba laptops
    - clk: qoriq: Don't allow CPU clocks higher than starting value
    - cdc-acm: fix uninitialized variable
    - iio: hid-sensors: Increase the precision of scale to fix wrong reading
      interpretation.
    - iio: orientation: hid-sensor-rotation: Add PM function (fix non working
      driver)
    - iio: st_sensors: fix scale configuration for h3lis331dl
    - scsi: qla2xxx: Fix scsi scan hang triggered if adapter fails during init
    - scsi: mpt3sas: Fix for block device of raid exists even after deleting 
raid
      disk
    - scsi: scsi_dh_alua: fix missing kref_put() in alua_rtpg_work()
    - scsi: scsi_dh_alua: Fix a reference counting bug
    - KVM: arm/arm64: vgic: Prevent access to invalid SPIs
    - drm/radeon: disable runtime pm in certain cases
    - drm/i915: Respect alternate_ddc_pin for all DDI ports
    - drm/i915/dp: BDW cdclk fix for DP audio
    - drm/i915/dp: Extend BDW DP audio workaround to GEN9 platforms
    - drm/amdgpu: disable runtime pm in certain cases
    - drm/amdgpu: fix crash in acp_hw_fini
    - tty/serial: at91: fix hardware handshake on Atmel platforms
    - drm/amdgpu: fix sched fence slab teardown
    - drm/amd: fix scheduler fence teardown order v2
    - xprtrdma: use complete() instead complete_all()
    - xprtrdma: Fix DMAR failure in frwr_op_map() after reconnect
    - iommu/io-pgtable-arm: Check for v7s-incapable systems
    - iommu/amd: Free domain id when free a domain of struct dma_ops_domain
    - iommu/vt-d: Fix dead-locks in disable_dmar_iommu() path
    - agp/intel: Flush chipset writes after updating a single PTE
    - watchdog: core: Fix devres_alloc() allocation size
    - Input: synaptics-rmi4 - fix error handling in SPI transport driver
    - Input: synaptics-rmi4 - fix error handling in I2C transport driver
    - perf top: Fix refreshing hierarchy entries on TUI
    - mei: bus: fix received data size check in NFC fixup
    - svcrdma: Skip put_page() when send_reply() fails
    - svcrdma: Tail iovec leaves an orphaned DMA mapping
    - nvme: Delete created IO queues on reset
    - Revert "clocksource/drivers/timer_sun5i: Replace code by
      clocksource_mmio_init"
    - x86/build: Fix build with older GCC versions
    - clk: samsung: clk-exynos-audss: Fix module autoload
    - rtc: pcf2123: Add missing error code assignment before test
    - s390/dumpstack: restore reliable indicator for call traces
    - lib/genalloc.c: start search from start of chunk
    - hwrng: core - Don't use a stack buffer in add_early_randomness()
    - i40e: fix call of ndo_dflt_bridge_getlink()
    - mmc: sdhci-msm: Fix error return code in sdhci_msm_probe()
    - ACPI / APEI: Fix incorrect return value of ghes_proc()
    - ACPI/PCI/IRQ: assign ISA IRQ directly during early boot stages
    - ACPI/PCI: pci_link: penalize SCI correctly
    - ACPI/PCI: pci_link: Include PIRQ_PENALTY_PCI_USING for ISA IRQs
    - batman-adv: Modify neigh_list only with rcu-list functions
    - gpio/mvebu: Use irq_domain_add_linear
    - gpio: of: fix GPIO drivers with multiple gpio_chip for a single node
    - ASoC: Intel: Skylake: Always acquire runtime pm ref on unload
    - ASoC: sun4i-codec: return error code instead of NULL when create_card 
fails
    - pinctrl: iproc: Fix iProc and NSP GPIO support
    - mmc: mxs: Initialize the spinlock prior to using it
    - memcg: prevent memcg caches to be both OFF_SLAB & OBJFREELIST_SLAB
    - libceph: fix legacy layout decode with pool 0
    - NFSv4.1: work around -Wmaybe-uninitialized warning
    - drm/amdgpu: fix fence slab teardown
    - drm/amdgpu: fix a vm_flush fence leak
    - drm/i915: Fix mismatched INIT power domain disabling during suspend
    - netfilter: fix namespace handling in nf_log_proc_dostring
    - Linux 4.8.9

  * Yakkety update to 4.8.8 stable release (LP: #1642607)
    - net: fec: set mac address unconditionally
    - net: pktgen: fix pkt_size
    - net/sched: act_vlan: Push skb->data to mac_header prior calling 
skb_vlan_*()
      functions
    - net: Add netdev all_adj_list refcnt propagation to fix panic
    - packet: call fanout_release, while UNREGISTERING a netdev
    - netlink: do not enter direct reclaim from netlink_dump()
    - drivers/ptp: Fix kernel memory disclosure
    - net_sched: reorder pernet ops and act ops registrations
    - ipv6: tcp: restore IP6CB for pktoptions skbs
    - net: phy: Trigger state machine on state change and not polling.
    - ip6_tunnel: fix ip6_tnl_lookup
    - IB/ipoib: move back IB LL address into the hard header
    - net/mlx4_en: fixup xdp tx irq to match rx
    - net: pktgen: remove rcu locking in pktgen_change_name()
    - bridge: multicast: restore perm router ports on multicast enable
    - switchdev: Execute bridge ndos only for bridge ports
    - rtnetlink: Add rtnexthop offload flag to compare mask
    - net: core: Correctly iterate over lower adjacency list
    - net: add recursion limit to GRO
    - ipv4: disable BH in set_ping_group_range()
    - ipv4: use the right lock for ping_group_range
    - net: fec: Call swap_buffer() prior to IP header alignment
    - net: sctp, forbid negative length
    - sctp: fix the panic caused by route update
    - udp: fix IP_CHECKSUM handling
    - netvsc: fix incorrect receive checksum offloading
    - macsec: Fix header length if SCI is added if explicitly disabled
    - net: ipv6: Do not consider link state for nexthop validation
    - net sched filters: fix notification of filter delete with proper handle
    - sctp: validate chunk len before actually using it
    - ip6_tunnel: Update skb->protocol to ETH_P_IPV6 in ip6_tnl_xmit()
    - packet: on direct_xmit, limit tso and csum to supported devices
    - arch/powerpc: Update parameters for csum_tcpudp_magic & csum_tcpudp_nofold
    - usb: dwc3: gadget: properly account queued requests
    - scsi: megaraid_sas: Fix data integrity failure for JBOD (passthrough)
      devices
    - scsi: megaraid_sas: fix macro MEGASAS_IS_LOGICAL to avoid regression
    - Linux 4.8.8

  * Yakkety update to 4.8.7 stable release (LP: #1642606)
    - i2c: rk3x: Give the tuning value 0 during rk3x_i2c_v0_calc_timings
    - i2c: xgene: Avoid dma_buffer overrun
    - i2c: core: fix NULL pointer dereference under race condition
    - drm/dp/mst: Clear port->pdt when tearing down the i2c adapter
    - spi: fsl-espi: avoid processing uninitalized data on error
    - spi: mark device nodes only in case of successful instantiation
    - h8300: fix syscall restarting
    - gpio / ACPI: fix returned error from acpi_dev_gpio_irq_get()
    - gpio: GPIO_GET_CHIPINFO_IOCTL: Fix line offset validation
    - gpio: GPIO_GET_CHIPINFO_IOCTL: Fix information leak
    - gpio: GPIO_GET_LINEHANDLE_IOCTL: Validate line offset
    - gpio: GPIOHANDLE_GET_LINE_VALUES_IOCTL: Fix information leak
    - gpio: GPIO_GET_LINEEVENT_IOCTL: Validate line offset
    - gpio: GPIO_GET_LINEHANDLE_IOCTL: Reject invalid line flags
    - gpio: GPIO_GET_LINEEVENT_IOCTL: Reject invalid line and event flags
    - gpio: GPIOHANDLE_GET_LINE_VALUES_IOCTL: Fix another information leak
    - gpio: GPIO_GET_LINE{HANDLE,EVENT}_IOCTL: Fix file descriptor leak
    - libxfs: clean up _calc_dquots_per_chunk
    - mm/list_lru.c: avoid error-path NULL pointer deref
    - mm/slab: fix kmemcg cache creation delayed issue
    - mm: memcontrol: do not recurse in direct reclaim
    - KEYS: Sort out big_key initialisation
    - security/keys: make BIG_KEYS dependent on stdrng.
    - device-dax: fix percpu_ref_exit ordering
    - ALSA: usb-audio: Add quirk for Syntek STK1160
    - ALSA: seq: Fix time account regression
    - ALSA: hda - allow 40 bit DMA mask for NVidia devices
    - ALSA: hda - Adding a new group of pin cfg into ALC295 pin quirk table
    - ALSA: hda - Fix surround output pins for ASRock B150M mobo
    - ALSA: hda - Fix headset mic detection problem for two Dell laptops
    - ANDROID: binder: Add strong ref checks
    - ANDROID: binder: Clear binder and cookie when setting handle in flat 
binder
      struct
    - cxl: Fix leaking pid refs in some error paths
    - btrfs: fix races on root_log_ctx lists
    - powerpc: Convert cmp to cmpd in idle enter sequence
    - powerpc/mm/radix: Use tlbiel only if we ever ran on the current cpu
    - x86/microcode/AMD: Fix more fallout from CONFIG_RANDOMIZE_MEMORY=y
    - timers: Prevent base clock rewind when forwarding clock
    - timers: Prevent base clock corruption when forwarding
    - timers: Plug locking race vs. timer migration
    - timers: Lock base for same bucket optimization
    - ubifs: Abort readdir upon error
    - ubifs: Fix regression in ubifs_readdir()
    - mei: txe: don't clean an unprocessed interrupt cause.
    - usb: gadget: udc: atmel: fix endpoint name
    - usb: gadget: function: u_ether: don't starve tx request queue
    - USB: serial: fix potential NULL-dereference at probe
    - USB: serial: cp210x: fix tiocmget error handling
    - USB: serial: ftdi_sio: add support for Infineon TriBoard TC2X7
    - xhci: use default USB_RESUME_TIMEOUT when resuming ports.
    - usb: renesas_usbhs: add wait after initialization for R-Car Gen3
    - usb: increase ohci watchdog delay to 275 msec
    - x86/smpboot: Init apic mapping before usage
    - vt: clear selection before resizing
    - xhci: add restart quirk for Intel Wildcatpoint PCH
    - xhci: workaround for hosts missing CAS bit
    - tty: limit terminal size to 4M chars
    - arm64: dts: marvell: fix clocksource for CP110 master SPI0
    - iio:chemical:atlas-ph-sensor: Fix use of 32 bit int to hold 16 bit big
      endian value
    - Staging: wilc1000: Fix kernel Oops on opening the device
    - dm: free io_barrier after blk_cleanup_queue call
    - KVM: x86: fix wbinvd_dirty_mask use-after-free
    - KVM: s390: Fix STHYI buffer alignment for diag224
    - KVM: MIPS: Make ERET handle ERL before EXL
    - KVM: MIPS: Precalculate MMIO load resume PC
    - ARM: mvebu: Select corediv clk for all mvebu v7 SoC
    - ARM: dts: fix the SD card on the Snowball
    - nfsd: Fix general protection fault in release_lock_stateid()
    - MIPS: KASLR: Fix handling of NULL FDT
    - ovl: fix get_acl() on tmpfs
    - ovl: update S_ISGID when setting posix ACLs
    - ovl: fsync after copy-up
    - parisc: Ensure consistent state when switching to kernel stack at syscall
      entry
    - virtio_ring: Make interrupt suppression spec compliant
    - virtio_pci: Limit DMA mask to 44 bits for legacy virtio devices
    - virtio: console: Unlock vqs while freeing buffers
    - dm mirror: fix read error on recovery after default leg failure
    - dm table: fix missing dm_put_target_type() in dm_table_add_target()
    - dm rq: clear kworker_task if kthread_run() returned an error
    - dm raid: fix activation of existing raid4/10 devices
    - rtl8xxxu: Fix memory leak in handling rxdesc16 packets
    - rtl8xxxu: Fix big-endian problem reporting mactime
    - rtl8xxxu: Fix rtl8723bu driver reload issue
    - Input: i8042 - add XMG C504 to keyboard reset table
    - firewire: net: guard against rx buffer overflows
    - firewire: net: fix fragmented datagram_size off-by-one
    - mac80211: discard multicast and 4-addr A-MSDUs
    - Revert "ath9k_hw: implement temperature compensation support for AR9003+"
    - ath10k: cache calibration data when the core is stopped
    - scsi: scsi_debug: Fix memory leak if LBP enabled and module is unloaded
    - scsi: arcmsr: Send SYNCHRONIZE_CACHE command to firmware
    - mmc: dw_mmc-pltfm: fix the potential NULL pointer dereference
    - RAID1: ignore discard error
    - RAID10: ignore discard error
    - md: be careful not lot leak internal curr_resync value into metadata. --
      (all)
    - Revert "drm/radeon: fix DP link training issue with second 4K monitor"
    - drm/imx: ipuv3-plane: Switch EBA buffer only when we don't need modeset
    - drm/imx: ipuv3-plane: Access old u/vbo properly in ->atomic_check for
      YU12/YV12
    - drm/radeon/si_dpm: Limit clocks on HD86xx part
    - drm/radeon/si_dpm: workaround for SI kickers
    - drm/radeon: drop register readback in cayman_cp_int_cntl_setup
    - drm/nouveau/acpi: fix check for power resources support
    - drm/fb-helper: Don't call dirty callback for untouched clips
    - drm/fb-helper: Fix connector ref leak on error
    - drm/fb-helper: Keep references for the current set of used connectors
    - drm/i915/gen9: fix DDB partitioning for multi-screen cases
    - drm/i915/gen9: fix watermarks when using the pipe scaler
    - drm/dp/mst: Check peer device type before attempting EDID read
    - drm: Release reference from blob lookup after replacing property
    - drm/i915: Respect alternate_aux_channel for all DDI ports
    - drm/i915: Clean up DDI DDC/AUX CH sanitation
    - drm/i915/fbc: fix CFB size calculation for gen8+
    - drm: i915: Wait for fences on new fb, not old
    - i2c: mark device nodes only in case of successful instantiation
    - netfilter: xt_NFLOG: fix unexpected truncated packet
    - UBI: fastmap: scrub PEB when bitflips are detected in a free PEB EC header
    - uapi: add missing install of sync_file.h
    - video: fbdev: pxafb: potential NULL dereference on error
    - omapfb: fix return value check in dsi_bind()
    - pwm: Unexport children before chip removal
    - usb: dwc3: Fix size used in dma_free_coherent()
    - usb: chipidea: host: fix NULL ptr dereference during shutdown
    - usb: musb: Fix hardirq-safe hardirq-unsafe lock order error
    - v4l: vsp1: Prevent pipelines from running when not streaming
    - tty: vt, fix bogus division in csi_J
    - ARM: fix oops when using older ARMv4T CPUs
    - kvm: x86: Check memopp before dereference (CVE-2016-8630)
    - btrfs: qgroup: Prevent qgroup->reserved from going subzero
    - ubi: fastmap: Fix add_vol() return value test in ubi_attach_fastmap()
    - cpufreq: intel_pstate: Set P-state upfront in performance mode
    - HID: usbhid: add ATEN CS962 to list of quirky devices
    - Linux 4.8.7
    - [Config] updateconfigs after 4.8.7 stable update

  * CVE-2016-6213
    - mnt: Add a per mount namespace limit on the number of mounts

  * Cursor doesn't move after multitouch on alps touchpad (LP: #1641874)
    - HID: alps: fix multitouch cursor issue

  * [SRU] Add 0cf3:e009 to btusb (LP: #1641562)
    - Bluetooth: btusb: Add support for 0cf3:e009

  * [Hyper-V] do not lose pending heartbeat vmbus packets (LP: #1632786)
    - hv: do not lose pending heartbeat vmbus packets

  * ipv6: connected routes are missing after a down/up cycle on the loopback
    (LP: #1634545)
    - ipv6: correctly add local routes when lo goes up

  * [Feature] Add Knights Mill to Intel processors family list (LP: #1637528)
    - x86/cpu/intel: Add Knights Mill to Intel family
    - perf/x86/intel: Add Knights Mill CPUID
    - perf/x86/intel/rapl: Add Knights Mill CPUID
    - perf/x86/intel/uncore: Add Knights Mill CPUID

  * hv_set_ifconfig script parsing fails for certain configuration
    (LP: #1640109)
    - hv_set_ifconfig -- handle DHCP interfaces correctly
    - hv_set_ifconfig -- ensure we include the last stanza

  * nvme: improve performance for virtual Google NVMe devices (LP: #1637565)
    - [Config] CONFIG_NVME_VENDOR_EXT_GOOGLE=y
    - SAUCE: nvme: improve performance for virtual NVMe devices

  * CVE-2016-7039 and CVE-2016-8666 (LP: #1631287)
    - Revert "UBUNTU: SAUCE: net: add recursion limit to GRO"

 -- Thadeu Lima de Souza Cascardo <casca...@canonical.com>  Mon, 12 Dec
2016 15:33:04 -0200

** Changed in: linux (Ubuntu Yakkety)
       Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-6213

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-7039

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-8630

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-8666

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1648662

Title:
  Vulnerability picked up from 4.8.10 stable kernel

Status in linux package in Ubuntu:
  Confirmed
Status in linux source package in Yakkety:
  Fix Released

Bug description:
  The yakkety master-next tree tagged Ubuntu-4.8.0-31.33 contains git
  commit 13119e8d911cd268a57012717874f8ab0f42c252 (upstream commit
  
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5d41ce29e3b91ef305f88d23f72b3359de329cec,
  linux-stable commit http://git.kernel.org/cgit/linux/kernel/git/stable
  /linux-
  stable.git/commit/?h=linux-4.8.y&id=92fd1c1f2fd27a352b91ad1f874775618aa1865a
  ). This is considered to have introduced CVE-2016-9919 (see
  http://www.openwall.com/lists/oss-security/2016/12/08/16 ), a remote
  denial of service for hosts that use ipv6.

  Upstream commit
  
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=79dc7e3f1cd323be4c81aa1a94faa1b3ed987fb2
  addresses the issue.

  Since the issue only affects the yakkety-proposed kernel, we should
  not release this kernel with this vulnerability intact.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1648662/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to