[Bug 2059014] Re: Jammy update: v5.15.149 upstream stable release

[Launchpad Bug Tracker]

This bug was fixed in the package linux - 5.15.0-105.115

---
linux (5.15.0-105.115) jammy; urgency=medium

  * jammy/linux: 5.15.0-105.115 -proposed tracker (LP: #2061372)

  * Jammy update: v5.15.149 upstream stable release (LP: #2059014) // CIFS
stopped working/is unstable with kernel update to 5.15.0-102.112
(LP: #2060780)
- smb3: Replace smb2pdu 1-element arrays with flex-arrays

linux (5.15.0-103.113) jammy; urgency=medium

  * jammy/linux: 5.15.0-103.113 -proposed tracker (LP: #2059683)

  * Packaging resync (LP: #1786013)
- [Packaging] drop getabis data

  * Remove getabis scripts (LP: #2059143)
- [Packaging] Remove getabis

  * CVE-2023-24023
- Bluetooth: Add more enc key size check

  * CVE-2023-52600
- jfs: fix uaf in jfs_evict_inode

  * Jammy update: v5.15.149 upstream stable release (LP: #2059014) //
CVE-2023-52603
- UBSAN: array-index-out-of-bounds in dtSplitRoot

  * CVE-2024-26581
- netfilter: nft_set_rbtree: skip end interval element from gc

 -- Roxana Nicolescu   Mon, 15 Apr 2024
10:38:15 +0200

** Changed in: linux (Ubuntu Jammy)
   Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-24023

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-52603

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-26581

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2059014

Title:
  Jammy update: v5.15.149 upstream stable release

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2059014/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2059014] Re: Jammy update: v5.15.149 upstream stable release

[Stefan Bader]

Skipped "jfs: fix uaf in jfs_evict_inode" since this was already applied
as CVE-2023-52600.

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-52600

** Changed in: linux (Ubuntu Jammy)
   Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2059014

Title:
  Jammy update: v5.15.149 upstream stable release

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2059014/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2059014] Re: Jammy update: v5.15.149 upstream stable release

[Manuel Diewald]

** Changed in: linux (Ubuntu)
   Status: Confirmed => Invalid

** Changed in: linux (Ubuntu Jammy)
   Importance: Undecided => Medium

** Changed in: linux (Ubuntu Jammy)
   Status: New => In Progress

** Changed in: linux (Ubuntu Jammy)
 Assignee: (unassigned) => Manuel Diewald (diewald)

** Description changed:

  
  SRU Justification
  
  Impact:
 The upstream process for stable tree updates is quite similar
 in scope to the Ubuntu SRU process, e.g., each patch has to
 demonstrably fix a bug, and each patch is vetted by upstream
 by originating either directly from a mainline/stable Linux tree or
 a minimally backported form of that patch. The following upstream
 stable patches should be included in the Ubuntu kernel:
  
 v5.15.149 upstream stable release
 from git://git.kernel.org/
  
- 
+ ksmbd: free ppace array on error in parse_dacl
+ ksmbd: don't allow O_TRUNC open on read-only share
+ ksmbd: validate mech token in session setup
+ ksmbd: fix UAF issue in ksmbd_tcp_new_connection()
+ ksmbd: only v2 leases handle the directory
+ iio: adc: ad7091r: Set alert bit in config register
+ iio: adc: ad7091r: Allow users to configure device events
+ iio: adc: ad7091r: Enable internal vref if external vref is not supplied
+ dmaengine: fix NULL pointer in channel unregistration function
+ scsi: ufs: core: Simplify power management during async scan
+ scsi: ufs: core: Remove the ufshcd_hba_exit() call from ufshcd_async_scan()
+ iio:adc:ad7091r: Move exports into IIO_AD7091R namespace.
+ ext4: allow for the last group to be marked as trimmed
+ btrfs: sysfs: validate scrub_speed_max value
+ crypto: api - Disallow identical driver names
+ PM: hibernate: Enforce ordering during image compression/decompression
+ hwrng: core - Fix page fault dead lock on mmap-ed hwrng
+ crypto: s390/aes - Fix buffer overread in CTR mode
+ media: imx355: Enable runtime PM before registering async sub-device
+ rpmsg: virtio: Free driver_override when rpmsg_remove()
+ media: ov9734: Enable runtime PM before registering async sub-device
+ mips: Fix max_mapnr being uninitialized on early stages
+ bus: mhi: host: Drop chan lock before queuing buffers
+ bus: mhi: host: Add spinlock to protect WP access when queueing TREs
+ parisc/firmware: Fix F-extend for PDC addresses
+ async: Split async_schedule_node_domain()
+ async: Introduce async_schedule_dev_nocall()
+ arm64: dts: qcom: sc7180: fix USB wakeup interrupt types
+ arm64: dts: qcom: sdm845: fix USB wakeup interrupt types
+ arm64: dts: qcom: sm8150: fix USB wakeup interrupt types
+ arm64: dts: qcom: sdm845: fix USB DP/DM HS PHY interrupts
+ lsm: new security_file_ioctl_compat() hook
+ scripts/get_abi: fix source path leak
+ mmc: core: Use mrq.sbc in close-ended ffu
+ mmc: mmc_spi: remove custom DMA mapped buffers
+ rtc: Adjust failure return code for cmos_set_alarm()
+ nouveau/vmm: don't set addr on the fail path to avoid warning
+ ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path
+ rename(): fix the locking of subdirectories
+ ksmbd: set v2 lease version on lease upgrade
+ ksmbd: fix potential circular locking issue in smb2_set_ea()
+ ksmbd: don't increment epoch if current state and request state are same
+ ksmbd: send lease break notification on FILE_RENAME_INFORMATION
+ ksmbd: Add missing set_freezable() for freezable kthread
+ net/smc: fix illegal rmb_desc access in SMC-D connection dump
+ tcp: make sure init the accept_queue's spinlocks once
+ bnxt_en: Wait for FLR to complete during probe
+ vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING
+ llc: make llc_ui_sendmsg() more robust against bonding changes
+ llc: Drop support for ETH_P_TR_802_2.
+ net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv
+ tracing: Ensure visibility when inserting an element into tracing_map
+ afs: Hide silly-rename files from userspace
+ tcp: Add memory barrier to tcp_push()
+ netlink: fix potential sleeping issue in mqueue_flush_file
+ ipv6: init the accept_queue's spinlocks in inet6_create
+ net/mlx5: DR, Use the right GVMI number for drop action
+ net/mlx5: DR, Align mlx5dv_dr API vport action with FW behavior
+ net/mlx5: DR, Can't go to uplink vport on RX rule
+ net/mlx5e: fix a double-free in arfs_create_groups
+ net/mlx5e: fix a potential double-free in fs_any_create_groups
+ overflow: Allow mixed type arguments
+ netfilter: nft_limit: reject configurations that cause integer overflow
+ netfilter: nf_tables: restrict anonymous set and map names to 16 bytes
+ netfilter: nf_tables: validate NFPROTO_* family
+ net: stmmac: Wait a bit for the reset to take effect
+ net: mvpp2: clear BM pool before initialization
+ selftests: netdevsim: fix the udp_tunnel_nic test
+ fjes: fix memleaks in fjes_hw_setup
+ net: fec: fix the unhandled context fault from smmu
+ btrfs: fix infinite directory reads
+ btrfs: set last dir index to the current last index when opening dir
+ btrfs: refresh