This bug was fixed in the package linux - 4.10.0-8.10 --------------- linux (4.10.0-8.10) zesty; urgency=low
[ Tim Gardner ] * Release Tracking Bug - LP: #1664217 * [Hyper-V] Bug fixes for storvsc (tagged queuing, error conditions) (LP: #1663687) - scsi: storvsc: Enable tracking of queue depth - scsi: storvsc: Remove the restriction on max segment size - scsi: storvsc: Enable multi-queue support - scsi: storvsc: use tagged SRB requests if supported by the device - scsi: storvsc: properly handle SRB_ERROR when sense message is present - scsi: storvsc: properly set residual data length on errors * Ubuntu16.10-KVM:Big configuration with multiple guests running SRIOV VFs caused KVM host hung and all KVM guests down. (LP: #1651248) - KVM: PPC: Book 3S: XICS cleanup: remove XICS_RM_REJECT - KVM: PPC: Book 3S: XICS: correct the real mode ICP rejecting counter - KVM: PPC: Book 3S: XICS: Fix potential issue with duplicate IRQ resends - KVM: PPC: Book 3S: XICS: Implement ICS P/Q states - KVM: PPC: Book 3S: XICS: Don't lock twice when checking for resend * overlay: mkdir fails if directory exists in lowerdir in a user namespace (LP: #1531747) - SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs * CVE-2016-1575 (LP: #1534961) - SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs * CVE-2016-1576 (LP: #1535150) - SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs * Miscellaneous Ubuntu changes - SAUCE: md/raid6 algorithms: scale test duration for speedier boots - SAUCE: Import aufs driver - d-i: Build message-modules udeb for arm64 - rebase to v4.10-rc8 * Miscellaneous upstream changes - Revert "UBUNTU: SAUCE: aufs -- remove .readlink assignment" - Revert "UBUNTU: SAUCE: (no-up) aufs: for v4.9-rc1, support setattr_prepare()" - Revert "UBUNTU: SAUCE: aufs -- Add flags argument to aufs_rename()" - Revert "UBUNTU: SAUCE: aufs -- Convert to use xattr handlers" - Revert "UBUNTU: SAUCE: Import aufs driver" [ Upstream Kernel Changes ] * rebase to v4.10-rc8 -- Tim Gardner <tim.gard...@canonical.com> Mon, 06 Feb 2017 08:34:24 -0700 ** Changed in: linux (Ubuntu Zesty) Status: In Progress => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-1575 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-1576 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1660832 Title: unix domain socket cross permission check failing with nested namespaces Status in apparmor package in Ubuntu: New Status in linux package in Ubuntu: Fix Released Status in apparmor source package in Xenial: New Status in linux source package in Xenial: Fix Committed Status in apparmor source package in Yakkety: New Status in linux source package in Yakkety: Fix Committed Status in apparmor source package in Zesty: New Status in linux source package in Zesty: Fix Released Bug description: When using nested namespaces policy within the nested namespace is trying to cross validate with policy outside of the namespace that is not visible to it. This results the access being denied and with no way to add a rule to policy that would allow it. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1660832/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp