This bug was fixed in the package linux - 4.4.0-145.171 --------------- linux (4.4.0-145.171) xenial; urgency=medium
* linux: 4.4.0-145.171 -proposed tracker (LP: #1821724) * linux-generic should depend on linux-base >=4.1 (LP: #1820419) - [Packaging] Fix linux-base dependency linux (4.4.0-144.170) xenial; urgency=medium * linux: 4.4.0-144.170 -proposed tracker (LP: #1819660) * Packaging resync (LP: #1786013) - [Packaging] resync getabis - [Packaging] update helper scripts - [Packaging] resync retpoline extraction * C++ demangling support missing from perf (LP: #1396654) - [Packaging] fix a mistype * CVE-2019-9213 - mm: enforce min addr even if capable() in expand_downwards() * CVE-2019-3460 - Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt * Xenial update: 4.4.176 upstream stable release (LP: #1818815) - net: fix IPv6 prefix route residue - vsock: cope with memory allocation failure at socket creation time - hwmon: (lm80) Fix missing unlock on error in set_fan_div() - net: Fix for_each_netdev_feature on Big endian - net: Add header for usage of fls64() - tcp: tcp_v4_err() should be more careful - net: Do not allocate page fragments that are not skb aligned - tcp: clear icsk_backoff in tcp_write_queue_purge() - vxlan: test dev->flags & IFF_UP before calling netif_rx() - net: stmmac: Fix a race in EEE enable callback - net: ipv4: use a dedicated counter for icmp_v4 redirect packets - x86: livepatch: Treat R_X86_64_PLT32 as R_X86_64_PC32 - mfd: as3722: Handle interrupts on suspend - mfd: as3722: Mark PM functions as __maybe_unused - net/x25: do not hold the cpu too long in x25_new_lci() - mISDN: fix a race in dev_expire_timer() - ax25: fix possible use-after-free - Linux 4.4.176 * sky2 ethernet card don't work after returning from suspension (LP: #1798921) // Xenial update: 4.4.176 upstream stable release (LP: #1818815) - sky2: Increase D3 delay again * Xenial update: 4.4.175 upstream stable release (LP: #1818813) - drm/bufs: Fix Spectre v1 vulnerability - staging: iio: adc: ad7280a: handle error from __ad7280_read32() - ASoC: Intel: mrfld: fix uninitialized variable access - scsi: lpfc: Correct LCB RJT handling - ARM: 8808/1: kexec:offline panic_smp_self_stop CPU - dlm: Don't swamp the CPU with callbacks queued during recovery - x86/PCI: Fix Broadcom CNB20LE unintended sign extension (redux) - powerpc/pseries: add of_node_put() in dlpar_detach_node() - serial: fsl_lpuart: clear parity enable bit when disable parity - ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl - staging:iio:ad2s90: Make probe handle spi_setup failure - staging: iio: ad7780: update voltage on read - ARM: OMAP2+: hwmod: Fix some section annotations - modpost: validate symbol names also in find_elf_symbol - perf tools: Add Hygon Dhyana support - soc/tegra: Don't leak device tree node reference - f2fs: move dir data flush to write checkpoint process - f2fs: fix wrong return value of f2fs_acl_create - sunvdc: Do not spin in an infinite loop when vio_ldc_send() returns EAGAIN - nfsd4: fix crash on writing v4_end_grace before nfsd startup - arm64: ftrace: don't adjust the LR value - ARM: dts: mmp2: fix TWSI2 - x86/fpu: Add might_fault() to user_insn() - media: DaVinci-VPBE: fix error handling in vpbe_initialize() - smack: fix access permissions for keyring - usb: hub: delay hub autosuspend if USB3 port is still link training - timekeeping: Use proper seqcount initializer - ARM: dts: Fix OMAP4430 SDP Ethernet startup - mips: bpf: fix encoding bug for mm_srlv32_op - iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer - sata_rcar: fix deferred probing - clk: imx6sl: ensure MMDC CH0 handshake is bypassed - cpuidle: big.LITTLE: fix refcount leak - i2c-axxia: check for error conditions first - udf: Fix BUG on corrupted inode - ARM: pxa: avoid section mismatch warning - ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M - memstick: Prevent memstick host from getting runtime suspended during card detection - tty: serial: samsung: Properly set flags in autoCTS mode - arm64: KVM: Skip MMIO insn after emulation - powerpc/uaccess: fix warning/error with access_ok() - mac80211: fix radiotap vendor presence bitmap handling - xfrm6_tunnel: Fix spi check in __xfrm6_tunnel_alloc_spi - Bluetooth: Fix unnecessary error message for HCI request completion - cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan() - drbd: narrow rcu_read_lock in drbd_sync_handshake - drbd: disconnect, if the wrong UUIDs are attached on a connected peer - drbd: skip spurious timeout (ping-timeo) when failing promote - drbd: Avoid Clang warning about pointless switch statment - video: clps711x-fb: release disp device node in probe() - fbdev: fbmem: behave better with small rotated displays and many CPUs - fbdev: fbcon: Fix unregister crash when more than one framebuffer - KVM: x86: svm: report MSR_IA32_MCG_EXT_CTL as unsupported - NFS: nfs_compare_mount_options always compare auth flavors. - hwmon: (lm80) fix a missing check of the status of SMBus read - hwmon: (lm80) fix a missing check of bus read in lm80 probe - seq_buf: Make seq_buf_puts() null-terminate the buffer - crypto: ux500 - Use proper enum in cryp_set_dma_transfer - crypto: ux500 - Use proper enum in hash_set_dma_transfer - cifs: check ntwrk_buf_start for NULL before dereferencing it - um: Avoid marking pages with "changed protection" - niu: fix missing checks of niu_pci_eeprom_read - scripts/decode_stacktrace: only strip base path when a prefix of the path - ocfs2: don't clear bh uptodate for block read - isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in HFCPCI_l1hw() - gdrom: fix a memory leak bug - block/swim3: Fix -EBUSY error when re-opening device after unmount - HID: lenovo: Add checks to fix of_led_classdev_register - kernel/hung_task.c: break RCU locks based on jiffies - fs/epoll: drop ovflist branch prediction - exec: load_script: don't blindly truncate shebang string - thermal: hwmon: inline helpers when CONFIG_THERMAL_HWMON is not set - test_hexdump: use memcpy instead of strncpy - tipc: use destination length for copy string - string: drop __must_check from strscpy() and restore strscpy() usages in cgroup - dccp: fool proof ccid_hc_[rt]x_parse_options() - enic: fix checksum validation for IPv6 - net: dp83640: expire old TX-skb - skge: potential memory corruption in skge_get_regs() - net: systemport: Fix WoL with password after deep sleep - net: dsa: slave: Don't propagate flag changes on down slave interfaces - ALSA: compress: Fix stop handling on compressed capture streams - ALSA: hda - Serialize codec registrations - fuse: call pipe_buf_release() under pipe lock - fuse: decrement NR_WRITEBACK_TEMP on the right page - fuse: handle zero sized retrieve correctly - dmaengine: imx-dma: fix wrong callback invoke - usb: phy: am335x: fix race condition in _probe - usb: gadget: udc: net2272: Fix bitwise and boolean operations - perf/x86/intel/uncore: Add Node ID mask - x86/MCE: Initialize mce.bank in the case of a fatal error in mce_no_way_out() - perf/core: Don't WARN() for impossible ring-buffer sizes - perf tests evsel-tp-sched: Fix bitwise operator - mtd: rawnand: gpmi: fix MX28 bus master lockup problem - signal: Always notice exiting tasks - signal: Better detection of synchronous signals - misc: vexpress: Off by one in vexpress_syscfg_exec() - debugfs: fix debugfs_rename parameter checking - mips: cm: reprime error cause - MIPS: OCTEON: don't set octeon_dma_bar_type if PCI is disabled - MIPS: VDSO: Include $(ccflags-vdso) in o32,n32 .lds builds - ARM: iop32x/n2100: fix PCI IRQ mapping - mac80211: ensure that mgmt tx skbs have tailroom for encryption - drm/modes: Prevent division by zero htotal - drm/vmwgfx: Fix setting of dma masks - drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user - HID: debug: fix the ring buffer implementation - NFC: nxp-nci: Include unaligned.h instead of access_ok.h - Revert "cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs)" - Revert "UBUNTU: [Config] Remove CONFIG_CIFS_POSIX=y" - libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive() - xfrm: refine validation of template and selector families - batman-adv: Avoid WARN on net_device without parent in netns - batman-adv: Force mac header to start of data on xmit - Revert "exec: load_script: don't blindly truncate shebang string" - uapi/if_ether.h: prevent redefinition of struct ethhdr - ARM: dts: da850-evm: Correct the sound card name - ARM: dts: kirkwood: Fix polarity of GPIO fan lines - gpio: pl061: handle failed allocations - cifs: Limit memory used by lock request calls to a page - Documentation/network: reword kernel version reference - Revert "Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G" - Input: elan_i2c - add ACPI ID for touchpad in Lenovo V330-15ISK - perf/core: Fix impossible ring-buffer sizes warning - ALSA: hda - Add quirk for HP EliteBook 840 G5 - ALSA: usb-audio: Fix implicit fb endpoint setup by quirk - Input: bma150 - register input device after setting private data - Input: elantech - enable 3rd button support on Fujitsu CELSIUS H780 - alpha: fix page fault handling for r16-r18 targets - alpha: Fix Eiger NR_IRQS to 128 - tracing/uprobes: Fix output for multiple string arguments - x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls - signal: Restore the stop PTRACE_EVENT_EXIT - x86/a.out: Clear the dump structure initially - dm thin: fix bug where bio that overwrites thin block ignores FUA - smsc95xx: Use skb_cow_head to deal with cloned skbs - ch9200: use skb_cow_head() to deal with cloned skbs - kaweth: use skb_cow_head() to deal with cloned skbs - usb: dwc2: Remove unnecessary kfree - pinctrl: msm: fix gpio-hog related boot issues - uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define - Linux 4.4.175 * Xenial update: 4.4.174 upstream stable release (LP: #1818806) - inet: frags: change inet_frags_init_net() return value - inet: frags: add a pointer to struct netns_frags - inet: frags: refactor ipfrag_init() - inet: frags: refactor ipv6_frag_init() - inet: frags: refactor lowpan_net_frag_init() - rhashtable: add rhashtable_lookup_get_insert_key() - rhashtable: Add rhashtable_lookup() - rhashtable: add schedule points - inet: frags: use rhashtables for reassembly units - net: ieee802154: 6lowpan: fix frag reassembly - ipfrag: really prevent allocation on netns exit - inet: frags: remove some helpers - inet: frags: get rif of inet_frag_evicting() - inet: frags: remove inet_frag_maybe_warn_overflow() - inet: frags: break the 2GB limit for frags storage - inet: frags: do not clone skb in ip_expire() - ipv6: frags: rewrite ip6_expire_frag_queue() - rhashtable: reorganize struct rhashtable layout - inet: frags: reorganize struct netns_frags - inet: frags: get rid of ipfrag_skb_cb/FRAG_CB - inet: frags: fix ip6frag_low_thresh boundary - ip: discard IPv4 datagrams with overlapping segments. - net: modify skb_rbtree_purge to return the truesize of all purged skbs. - ipv6: defrag: drop non-last frags smaller than min mtu - net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends - ip: use rb trees for IP frag queue. - ip: add helpers to process in-order fragments faster. - ip: process in-order fragments efficiently - ip: frags: fix crash in ip_do_fragment() - ipv4: frags: precedence bug in ip_expire() - inet: frags: better deal with smp races - net: fix pskb_trim_rcsum_slow() with odd trim offset - net: ipv4: do not handle duplicate fragments as overlapping - rcu: Force boolean subscript for expedited stall warnings - Linux 4.4.174 * Xenial update: 4.4.173 upstream stable release (LP: #1818803) - net: Fix usage of pskb_trim_rcsum - openvswitch: Avoid OOB read when parsing flow nlattrs - net: ipv4: Fix memory leak in network namespace dismantle - net_sched: refetch skb protocol for each filter - net: bridge: Fix ethernet header pointer before check skb forwardable - USB: serial: simple: add Motorola Tetra TPG2200 device id - USB: serial: pl2303: add new PID to support PL2303TB - ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages - ARC: perf: map generic branches to correct hardware condition - s390/early: improve machine detection - s390/smp: fix CPU hotplug deadlock with CPU rescan - char/mwave: fix potential Spectre v1 vulnerability - staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1 - tty: Handle problem if line discipline does not have receive_buf - tty/n_hdlc: fix __might_sleep warning - CIFS: Fix possible hang during async MTU reads and writes - Input: xpad - add support for SteelSeries Stratus Duo - KVM: x86: Fix single-step debugging - x86/kaslr: Fix incorrect i8254 outb() parameters - can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by removing it - can: bcm: check timer values before ktime conversion - vt: invoke notifier on screen size change - perf unwind: Unwind with libdw doesn't take symfs into account - perf unwind: Take pgoff into account when reporting elf to libdwfl - irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size - arm64: mm: remove page_mapping check in __sync_icache_dcache - f2fs: read page index before freeing - Revert "loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl()" - Revert "loop: Get rid of loop_index_mutex" - Revert "loop: Fold __loop_release into loop_release" - s390/smp: Fix calling smp_call_ipl_cpu() from ipl CPU - fs: add the fsnotify call to vfs_iter_write - ipv6: Consider sk_bound_dev_if when binding a socket to an address - l2tp: copy 4 more bytes to linear part if necessary - net/mlx4_core: Add masking for a few queries on HCA caps - netrom: switch to sock timer API - net/rose: fix NULL ax25_cb kernel panic - ucc_geth: Reset BQL queue when stopping device - l2tp: remove l2specific_len dependency in l2tp_core - l2tp: fix reading optional fields of L2TPv3 - CIFS: Do not count -ENODATA as failure for query directory - fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb() - ARM: cns3xxx: Fix writing to wrong PCI config registers after alignment - arm64: hyp-stub: Forbid kprobing of the hyp-stub - gfs2: Revert "Fix loop in gfs2_rbm_find" - platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK - platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes - mmc: sdhci-iproc: handle mmc_of_parse() errors during probe - kernel/exit.c: release ptraced tasks before zap_pid_ns_processes - mm, oom: fix use-after-free in oom_kill_process - cifs: Always resolve hostname before reconnecting - drivers: core: Remove glue dirs from sysfs earlier - mm: migrate: don't rely on __PageMovable() of newpage after unlocking it - fs: don't scan the inode cache before SB_BORN is set - Linux 4.4.173 * Xenial update: 4.4.172 upstream stable release (LP: #1818797) - tty/ldsem: Wake up readers after timed out down_write() - can: gw: ensure DLC boundaries after CAN frame modification - f2fs: clean up argument of recover_data - f2fs: cover more area with nat_tree_lock - f2fs: move sanity checking of cp into get_valid_checkpoint - f2fs: fix to convert inline directory correctly - f2fs: give -EINVAL for norecovery and rw mount - f2fs: remove an obsolete variable - f2fs: factor out fsync inode entry operations - f2fs: fix inode cache leak - f2fs: fix to avoid reading out encrypted data in page cache - f2fs: not allow to write illegal blkaddr - f2fs: avoid unneeded loop in build_sit_entries - f2fs: use crc and cp version to determine roll-forward recovery - f2fs: introduce get_checkpoint_version for cleanup - f2fs: put directory inodes before checkpoint in roll-forward recovery - f2fs: fix to determine start_cp_addr by sbi->cur_cp_pack - f2fs: detect wrong layout - f2fs: free meta pages if sanity check for ckpt is failed - f2fs: fix race condition in between free nid allocator/initializer - f2fs: return error during fill_super - f2fs: check blkaddr more accuratly before issue a bio - f2fs: sanity check on sit entry - f2fs: enhance sanity_check_raw_super() to avoid potential overflow - f2fs: clean up with is_valid_blkaddr() - f2fs: introduce and spread verify_blkaddr - f2fs: fix to do sanity check with secs_per_zone - f2fs: fix to do sanity check with user_block_count - f2fs: Add sanity_check_inode() function - f2fs: fix to do sanity check with node footer and iblocks - f2fs: fix to do sanity check with reserved blkaddr of inline inode - f2fs: fix to do sanity check with block address in main area - f2fs: fix to do sanity check with block address in main area v2 - f2fs: fix to do sanity check with cp_pack_start_sum - f2fs: fix invalid memory access - f2fs: fix missing up_read - f2fs: fix validation of the block count in sanity_check_raw_super - media: em28xx: Fix misplaced reset of dev->v4l::field_count - arm64/kvm: consistently handle host HCR_EL2 flags - arm64: Don't trap host pointer auth use to EL2 - ipv6: fix kernel-infoleak in ipv6_local_error() - net: bridge: fix a bug on using a neighbour cache entry without checking its state - packet: Do not leak dev refcounts on error exit - ip: on queued skb use skb_header_pointer instead of pskb_may_pull - crypto: authencesn - Avoid twice completion call in decrypt path - crypto: authenc - fix parsing key with misaligned rta_len - btrfs: wait on ordered extents on abort cleanup - Yama: Check for pid death before checking ancestry - scsi: sd: Fix cache_type_store() - mips: fix n32 compat_ipc_parse_version - mfd: tps6586x: Handle interrupts on suspend - Disable MSI also when pcie-octeon.pcie_disable on - omap2fb: Fix stack memory disclosure - media: vivid: fix error handling of kthread_run - media: vivid: set min width/height to a value > 0 - LSM: Check for NULL cred-security on free - media: vb2: vb2_mmap: move lock up - sunrpc: handle ENOMEM in rpcb_getport_async - selinux: fix GPF on invalid policy - sctp: allocate sctp_sockaddr_entry with kzalloc - tipc: fix uninit-value in tipc_nl_compat_link_reset_stats - tipc: fix uninit-value in tipc_nl_compat_bearer_enable - tipc: fix uninit-value in tipc_nl_compat_link_set - tipc: fix uninit-value in tipc_nl_compat_name_table_dump - tipc: fix uninit-value in tipc_nl_compat_doit - block/loop: Use global lock for ioctl() operation. - loop: Fold __loop_release into loop_release - loop: Get rid of loop_index_mutex - loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl() - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock - media: vb2: be sure to unlock mutex on errors - r8169: Add support for new Realtek Ethernet - ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address - ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses - platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey - e1000e: allow non-monotonic SYSTIM readings - writeback: don't decrement wb->refcnt if !wb->bdi - MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur - arm64: perf: set suppress_bind_attrs flag to true - jffs2: Fix use of uninitialized delayed_work, lockdep breakage - pstore/ram: Do not treat empty buffers as valid - powerpc/pseries/cpuidle: Fix preempt warning - media: firewire: Fix app_info parameter type in avc_ca{,_app}_info - net: call sk_dst_reset when set SO_DONTROUTE - scsi: target: use consistent left-aligned ASCII INQUIRY data - clk: imx6q: reset exclusive gates on init - kconfig: fix file name and line number of warn_ignored_character() - kconfig: fix memory leak when EOF is encountered in quotation - mmc: atmel-mci: do not assume idle after atmci_request_end - perf intel-pt: Fix error with config term "pt=0" - perf svghelper: Fix unchecked usage of strncpy() - perf parse-events: Fix unchecked usage of strncpy() - dm kcopyd: Fix bug causing workqueue stalls - dm snapshot: Fix excessive memory usage and workqueue stalls - ALSA: bebob: fix model-id of unit for Apogee Ensemble - sysfs: Disable lockdep for driver bind/unbind files - scsi: megaraid: fix out-of-bound array accesses - ocfs2: fix panic due to unrecovered local alloc - mm/page-writeback.c: don't break integrity writeback on ->writepage() error - mm, proc: be more verbose about unstable VMA flags in /proc/<pid>/smaps - net: speed up skb_rbtree_purge() - ipmi:ssif: Fix handling of multi-part return messages - Linux 4.4.172 * Xenial update: 4.4.171 upstream stable release (LP: #1818237) - ALSA: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 - btrfs: cleanup, stop casting for extent_map->lookup everywhere - btrfs: Enhance chunk validation check - Btrfs: add validadtion checks for chunk loading - Btrfs: check inconsistence between chunk and block group - Btrfs: fix em leak in find_first_block_group - Btrfs: detect corruption when non-root leaf has zero item - Btrfs: check btree node's nritems - Btrfs: fix BUG_ON in btrfs_mark_buffer_dirty - Btrfs: memset to avoid stale content in btree node block - Btrfs: improve check_node to avoid reading corrupted nodes - Btrfs: kill BUG_ON in run_delayed_tree_ref - Btrfs: memset to avoid stale content in btree leaf - Btrfs: fix emptiness check for dirtied extent buffers at check_leaf() - btrfs: struct-funcs, constify readers - btrfs: Refactor check_leaf function for later expansion - btrfs: Check if item pointer overlaps with the item itself - btrfs: Add sanity check for EXTENT_DATA when reading out leaf - btrfs: Add checker for EXTENT_CSUM - btrfs: Move leaf and node validation checker to tree-checker.c - btrfs: tree-checker: Enhance btrfs_check_node output - btrfs: tree-checker: Fix false panic for sanity test - btrfs: tree-checker: Add checker for dir item - btrfs: tree-checker: use %zu format string for size_t - btrfs: tree-check: reduce stack consumption in check_dir_item - btrfs: tree-checker: Verify block_group_item - btrfs: tree-checker: Detect invalid and empty essential trees - btrfs: validate type when reading a chunk - btrfs: Check that each block group has corresponding chunk at mount time - btrfs: Verify that every chunk has corresponding block group at mount time - btrfs: tree-checker: Check level for leaves and nodes - btrfs: tree-checker: Fix misleading group system information - CIFS: Do not hide EINTR after sending network packets - cifs: Fix potential OOB access of lock element array - usb: cdc-acm: send ZLP for Telit 3G Intel based modems - USB: storage: don't insert sane sense for SPC3+ when bad sense specified - USB: storage: add quirk for SMI SM3350 - USB: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB - slab: alien caches must not be initialized if the allocation of the alien cache failed - PCI: altera: Fix altera_pcie_link_is_up() - PCI: altera: Reorder read/write functions - PCI: altera: Check link status before retrain link - PCI: altera: Poll for link up status after retraining the link - PCI: altera: Poll for link training status after retraining the link - PCI: altera: Rework config accessors for use without a struct pci_bus - PCI: altera: Move retrain from fixup to altera_pcie_host_init() - ACPI: power: Skip duplicate power resource references in _PRx - i2c: dev: prevent adapter retries and timeout being set as minus value - crypto: cts - fix crash on short inputs - ext4: fix a potential fiemap/page fault deadlock w/ inline_data - sunrpc: use-after-free in svc_process_common() - Linux 4.4.171 * [Packaging] Allow overlay of config annotations (LP: #1752072) - [Packaging] config-check: Add an include directive * CVE-2018-9517 - l2tp: pass tunnel pointer to ->session_create() * squashfs hardening (LP: #1816756) - squashfs metadata 2: electric boogaloo - Squashfs: Compute expected length from inode size rather than block length * Update ENA driver to version 2.0.3K (LP: #1816806) - net: ena: update driver version from 2.0.2 to 2.0.3 - net: ena: fix race between link up and device initalization - net: ena: fix crash during failed resume from hibernation * bnxt_en_po: TX timed out triggering Netdev Watchdog Timer (LP: #1814095) - SAUCE: bnxt_en_bpo: Fix TX timeout during netpoll * CVE-2019-3459 - Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer * CVE-2019-7222 - KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222) * CVE-2019-7221 - KVM: nVMX: unconditionally cancel preemption timer in free_nested (CVE-2019-7221) * CVE-2019-6974 - kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974) * Regular D-state processes impacting LXD containers (LP: #1817628) - mm: do not stall register_shrinker() * libsas disks can have non-unique by-path names (LP: #1817784) - scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached * Hard lockups due to unrestricted lapic timer delay (LP: #1817918) - KVM: x86: move nsec_to_cycles from x86.c to x86.h - KVM: LAPIC: cap __delay at lapic_timer_advance_ns -- Stefan Bader <stefan.ba...@canonical.com> Tue, 26 Mar 2019 13:27:29 +0100 ** Changed in: linux (Ubuntu Xenial) Status: Fix Committed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-9517 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-3459 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-3460 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-6974 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-7221 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-7222 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-9213 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1818797 Title: Xenial update: 4.4.172 upstream stable release Status in linux package in Ubuntu: Confirmed Status in linux source package in Xenial: Fix Released Bug description: SRU Justification Impact: The upstream process for stable tree updates is quite similar in scope to the Ubuntu SRU process, e.g., each patch has to demonstrably fix a bug, and each patch is vetted by upstream by originating either directly from a mainline/stable Linux tree or a minimally backported form of that patch. The following upstream stable patches should be included in the Ubuntu kernel: 4.4.172 upstream stable release from git://git.kernel.org/ Linux 4.4.172 ipmi:ssif: Fix handling of multi-part return messages net: speed up skb_rbtree_purge() mm, proc: be more verbose about unstable VMA flags in /proc/<pid>/smaps mm/page-writeback.c: don't break integrity writeback on ->writepage() error ocfs2: fix panic due to unrecovered local alloc scsi: megaraid: fix out-of-bound array accesses sysfs: Disable lockdep for driver bind/unbind files ALSA: bebob: fix model-id of unit for Apogee Ensemble dm snapshot: Fix excessive memory usage and workqueue stalls dm kcopyd: Fix bug causing workqueue stalls perf parse-events: Fix unchecked usage of strncpy() perf svghelper: Fix unchecked usage of strncpy() perf intel-pt: Fix error with config term "pt=0" mmc: atmel-mci: do not assume idle after atmci_request_end kconfig: fix memory leak when EOF is encountered in quotation kconfig: fix file name and line number of warn_ignored_character() clk: imx6q: reset exclusive gates on init scsi: target: use consistent left-aligned ASCII INQUIRY data net: call sk_dst_reset when set SO_DONTROUTE media: firewire: Fix app_info parameter type in avc_ca{,_app}_info powerpc/pseries/cpuidle: Fix preempt warning pstore/ram: Do not treat empty buffers as valid jffs2: Fix use of uninitialized delayed_work, lockdep breakage arm64: perf: set suppress_bind_attrs flag to true MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur writeback: don't decrement wb->refcnt if !wb->bdi e1000e: allow non-monotonic SYSTIM readings platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey xfs: don't fail when converting shortform attr to long form during ATTR_REPLACE ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address r8169: Add support for new Realtek Ethernet media: vb2: be sure to unlock mutex on errors drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl() loop: Get rid of loop_index_mutex loop: Fold __loop_release into loop_release block/loop: Use global lock for ioctl() operation. tipc: fix uninit-value in tipc_nl_compat_doit tipc: fix uninit-value in tipc_nl_compat_name_table_dump tipc: fix uninit-value in tipc_nl_compat_link_set tipc: fix uninit-value in tipc_nl_compat_bearer_enable tipc: fix uninit-value in tipc_nl_compat_link_reset_stats sctp: allocate sctp_sockaddr_entry with kzalloc selinux: fix GPF on invalid policy sunrpc: handle ENOMEM in rpcb_getport_async media: vb2: vb2_mmap: move lock up LSM: Check for NULL cred-security on free media: vivid: set min width/height to a value > 0 media: vivid: fix error handling of kthread_run omap2fb: Fix stack memory disclosure Disable MSI also when pcie-octeon.pcie_disable on mfd: tps6586x: Handle interrupts on suspend mips: fix n32 compat_ipc_parse_version scsi: sd: Fix cache_type_store() Yama: Check for pid death before checking ancestry btrfs: wait on ordered extents on abort cleanup crypto: authenc - fix parsing key with misaligned rta_len crypto: authencesn - Avoid twice completion call in decrypt path ip: on queued skb use skb_header_pointer instead of pskb_may_pull packet: Do not leak dev refcounts on error exit net: bridge: fix a bug on using a neighbour cache entry without checking its state ipv6: fix kernel-infoleak in ipv6_local_error() arm64: Don't trap host pointer auth use to EL2 arm64/kvm: consistently handle host HCR_EL2 flags proc: Remove empty line in /proc/self/status media: em28xx: Fix misplaced reset of dev->v4l::field_count f2fs: fix validation of the block count in sanity_check_raw_super f2fs: fix missing up_read f2fs: fix invalid memory access f2fs: fix to do sanity check with cp_pack_start_sum f2fs: fix to do sanity check with block address in main area v2 f2fs: fix to do sanity check with block address in main area f2fs: fix to do sanity check with reserved blkaddr of inline inode f2fs: fix to do sanity check with node footer and iblocks f2fs: Add sanity_check_inode() function f2fs: fix to do sanity check with user_block_count f2fs: fix to do sanity check with secs_per_zone f2fs: introduce and spread verify_blkaddr f2fs: clean up with is_valid_blkaddr() f2fs: enhance sanity_check_raw_super() to avoid potential overflow f2fs: sanity check on sit entry f2fs: check blkaddr more accuratly before issue a bio f2fs: return error during fill_super f2fs: fix race condition in between free nid allocator/initializer f2fs: free meta pages if sanity check for ckpt is failed f2fs: detect wrong layout f2fs: fix to determine start_cp_addr by sbi->cur_cp_pack f2fs: put directory inodes before checkpoint in roll-forward recovery f2fs: introduce get_checkpoint_version for cleanup f2fs: use crc and cp version to determine roll-forward recovery f2fs: avoid unneeded loop in build_sit_entries f2fs: not allow to write illegal blkaddr f2fs: fix to avoid reading out encrypted data in page cache f2fs: fix inode cache leak f2fs: factor out fsync inode entry operations f2fs: remove an obsolete variable f2fs: give -EINVAL for norecovery and rw mount f2fs: fix to convert inline directory correctly f2fs: move sanity checking of cp into get_valid_checkpoint f2fs: cover more area with nat_tree_lock f2fs: clean up argument of recover_data can: gw: ensure DLC boundaries after CAN frame modification tty/ldsem: Wake up readers after timed out down_write() To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1818797/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp