-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 13 Aug 2019 19:44:18 +0100 Binary: linux-doc-3.16 linux-manual-3.16 linux-source-3.16 linux-support-3.16.0-10 Source: linux Architecture: all source Version: 3.16.72-1 Distribution: jessie-security Urgency: high Maintainer: Debian Kernel Team <debian-ker...@lists.debian.org> Changed-By: Ben Hutchings <b...@decadent.org.uk> Description: linux-doc-3.16 - Linux kernel specific documentation for version 3.16 linux-manual-3.16 - Linux kernel API manual pages for version 3.16 linux-source-3.16 - Linux kernel source for version 3.16 with Debian patches linux-support-3.16.0-10 - Support files for Linux 3.16 Changes: linux (3.16.72-1) jessie-security; urgency=high . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.71 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.72 - ipv6: check sk sk_type and protocol early in ip_mroute_set/getsockopt (CVE-2017-18509) - xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink - Staging: iio: meter: fixed typo - iio: Use kmalloc_array() in iio_scan_mask_set() - iio: Fix scan mask selection - perf/core: Restore mmap record type correctly - ext4: fix data corruption caused by unaligned direct AIO - ext4: add missing brelse() in add_new_gdb_meta_bg() - xfrm6_tunnel: Fix potential panic when unloading xfrm6_tunnel module - IB/mlx4: Fix race condition between catas error reset and aliasguid flows - staging: speakup_soft: Fix alternate speech with other synths - netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING - udf: Fix crash on IO error during truncate - sctp: get sctphdr by offset in sctp_compute_cksum - NFS: fix mount/umount race in nlmclnt. - [armhf] imx6q: cpuidle: fix bug that CPU might not wake up at expected time - USB: serial: ftdi_sio: add additional NovaTech products - device_cgroup: fix RCU imbalance in error case - net-sysfs: call dev_hold if kobject_init_and_add success - tcp: do not use ipv6 header for ipv4 flow - dccp: do not use ipv6 header for ipv4 flow - [i386] 3c515: fix integer overflow warning - [armhf] dts: pfla02: increase phy reset duration - USB: serial: mos7720: fix mos_parport refcount imbalance on error path - staging: rtl8712: uninitialized memory in read_bbreg_hdl() - ALSA: rawmidi: Fix potential Spectre v1 vulnerability (CVE-2017-5753) - ALSA: seq: oss: Fix Spectre v1 vulnerability (CVE-2017-5753) - [x86] iommu/vt-d: Check capability before disabling protected memory - futex: Ensure that futex address is aligned in handle_futex_death() - ALSA: pcm: Fix possible OOB access in PCM oss plugins - xhci: Don't let USB3 ports stuck in polling state prevent suspend - batman-adv: Reduce claim hash refcnt only for removed entry - batman-adv: Reduce tt_local hash refcnt only for removed entry - batman-adv: Reduce tt_global hash refcnt only for removed entry - ALSA: pcm: Don't suspend stream in unrecoverable PCM state - net: phy: don't clear BMCR in genphy_soft_reset - USB: serial: cp210x: add new device id - afs: Fix StoreData op marshalling - KVM: Reject device ioctls from processes other than the VM's creator - [x86] kvm: IA32_ARCH_CAPABILITIES is always supported - [x86] KVM: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts - fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links - iio: core: fix a possible circular locking dependency - dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors - dccp: Fix memleak in __feat_register_sp - xfrm4: Fix header checks in _decode_session4. - xfrm4: Reload skb header pointers after calling pskb_may_pull. - xfrm4: Fix uninitialized memory read in _decode_session4 - sched/fair: Do not re-read ->h_load_next during hierarchical load calculation - btrfs: prop: fix vanished compression property after failed set - btrfs: correctly validate compression type - dm: disable DISCARD if the underlying storage no longer supports it - mtd: cfi: fix deadloop in cfi_cmdset_0002.c do_write_buffer - xen: Prevent buffer overflow in privcmd ioctl - ALSA: seq: Fix OOB-reads from strlcpy - PCI: Add function 1 DMA alias quirk for Marvell 9170 SATA controller - sunrpc: don't mark uninitialised items as VALID. - lib/string.c: implement a basic bcmp - ACPICA: Namespace: remove address node from global list after method termination - block: do not leak memory in bio_copy_user_iov() - net: bridge: multicast: use rcu to access port list from br_multicast_start_querier - [x86] iommu/amd: Set exclusion range correctly - rt2x00: do not increment sequence number while re-transmitting - vxge: fix return of a free'd memblock on a failed dma mapping - [x86] speculation: Prevent deadlock on ssb_state::lock - USB: core: Fix unterminated string returned by usb_string() - [x86] staging: comedi: vmk80xx: Fix use of uninitialized semaphore - [x86] staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf - kvm: mmu: Fix overflow on kvm mmu page limit calculation - cifs: fix handle leak in smb2_query_symlink() - CIFS: keep FileInfo handle live during oplock break - sched/fair: Limit sched_cfs_period_timer() loop to avoid hard lockup - ALSA: core: Fix card races between register and disconnect - tipc: set sysctl_tipc_rmem and named_timeout right range - [x86] kprobes: Verify stack frame on kretprobe - kprobes: Mark ftrace mcount handler functions nokprobe - [x86] kprobes: Avoid kretprobe recursion bug - USB: core: Fix bug caused by duplicate interface PM usage counter - team: fix possible recursive locking when add slaves - netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON - mac80211: don't attempt to rename ERR_PTR() debugfs dirs - ceph: ensure d_name stability in ceph_dentry_hash() - cifs: do not attempt cifs operation on smb2+ rename error - net/rose: fix unbound loop in rose_loopback_timer() - USB: yurex: Fix protection fault after device removal - USB: w1 ds2490: Fix bug caused by improper use of altsetting array - usb: usbip: fix isoc packet num validation in get_pipe - sched/numa: Fix a possible divide-by-zero - l2tp: use rcu_dereference_sk_user_data() in l2tp_udp_encap_recv() - trace: Fix preempt_enable_no_resched() abuse - fs/proc/proc_sysctl.c: Fix a NULL pointer dereference - slip: make slhc_free() silently accept an error pointer - ipv6: invert flowlabel sharing check in process and user mode - ipv6/flowlabel: wait rcu grace period before put_pid() - l2ip: fix possible use-after-free - packet: in recvmsg msg_name return at least sizeof sockaddr_ll - packet: validate msg_namelen in send directly - ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour - [amd64] Add mitigation for Spectre v1 swapgs (CVE-2019-1125): + cpufeatures: Renumber feature word 7 + asm/entry: Disentangle error_entry/exit gsbase/ebx/usermode code + entry: Really create an error-entry-from-usermode code path + entry: Fix context tracking state warning when load_gs_index fails + speculation: Prepare entry code for Spectre v1 swapgs mitigations + speculation: Enable Spectre v1 swapgs mitigations + entry: Use JMP instead of JMPQ + speculation/swapgs: Exclude ATOMs from speculation through SWAPGS - vhost-net: set packet weight of tx polling to 2 * vq size - vhost_net: use packet weight for rx handler, too - vhost_net: introduce vhost_exceeds_weight() - vhost: introduce vhost_exceeds_weight() - vhost_net: fix possible infinite loop (CVE-2019-3900) - vhost: scsi: add weight support (CVE-2019-3900) - Bluetooth: hci_uart: check for missing tty operations (CVE-2019-10207) - Input: gtco - bounds check collection indent level (CVE-2019-13631) - floppy: fix div-by-zero in setup_format_params (CVE-2019-14284) - floppy: fix out-of-bounds read in next_valid_format - floppy: fix invalid pointer dereference in drive_name - floppy: fix out-of-bounds read in copy_buffer (CVE-2019-14283) - proc: meminfo: estimate available memory more conservatively - mm/page_alloc.c: calculate 'available' memory in a separate function - xen: let alloc_xenballooned_pages() fail if not enough memory free - Revert "inet: update the IP ID generation algorithm to higher standards." - ipv6: Select fragment id during UFO segmentation if not set. - Revert "drivers/net, ipv6: Select IPv6 fragment idents for virtio UFO packets" - ipv6: Fix fragment id assignment on LE arches. - ipv6: Make __ipv6_select_ident static - ipv6: call ipv6_proxy_select_ident instead of ipv6_select_ident in udp6_ufo_fragment - ipv4: hash net ptr into fragmentation bucket selection - ipv4: ip_tunnel: use net namespace from rtable not socket - ipv6: hash net ptr into fragmentation bucket selection - siphash: add cryptographically secure PRF - inet: switch IP ID generator to siphash (CVE-2019-10638) - netfilter: ctnetlink: don't use conntrack/expect object addresses as id - scsi: libsas: fix a race condition when smp task timeout (CVE-2018-20836) . [ Ben Hutchings ] * [amd64] Revert "cpufeatures: Renumber feature word 7" to avoid an ABI change * inet: Avoid ABI change for IP ID hash change * vhost: Ignore ABI changes * Partially revert "USB: core: Fix bug caused by duplicate interface …" to avoid an ABI change * tcp: Clear sk_send_head after purging the write queue * kretprobe: Ignore ABI changes * macvtap, tun: Avoid ABI change in 3.16.72 * siphash: implement HalfSipHash1-3 for hash tables (avoids build regression for WireGuard) Checksums-Sha1: 8342fee28dc821625e6102fba53752423db6edf3 143027 linux_3.16.72-1.dsc e13b5789e904e6c306326744cb7ccce5ad4cc861 82064636 linux_3.16.72.orig.tar.xz ea266af6812e628e01046efc3a4194a00d1b90ad 1850732 linux_3.16.72-1.debian.tar.xz a271e33ad2efb9ca8a6ff3b422dc12359f7e4ee6 459446 linux-support-3.16.0-10_3.16.72-1_all.deb af8bc9f3322a6ad9044dd21935714fc0cfee8f2b 8409288 linux-doc-3.16_3.16.72-1_all.deb 0968d6ab250c18df416b9b3401906e03b40a9c67 3818154 linux-manual-3.16_3.16.72-1_all.deb 7fd2a290281fab6c832f85589722c4102bb0f5ab 83912208 linux-source-3.16_3.16.72-1_all.deb Checksums-Sha256: 06cf487bf6056bbd0dd74e8facd055821f2a42e6e636df559bf2baa5bb99b6eb 143027 linux_3.16.72-1.dsc 367ea4f50be1d6463d4da5a48b1eba395a8c26451f067e2bf15bed74cb539553 82064636 linux_3.16.72.orig.tar.xz 08ec4734dfff44994df50da306c6028dc02f768288a4a81408117a878935f373 1850732 linux_3.16.72-1.debian.tar.xz 31272af33c6805aab0409b347d24277e5fadbadf05535195ca157540d1938ab9 459446 linux-support-3.16.0-10_3.16.72-1_all.deb 38a20931e2b56bc1a3e8dd341404e26d8591d3ce6a5deb93a88cd6edf2e02624 8409288 linux-doc-3.16_3.16.72-1_all.deb a7eebccf5e889dd54649afbe753c1a22b8f49e8b3a5244b3bf6d171b6b04db79 3818154 linux-manual-3.16_3.16.72-1_all.deb cef604941f065b988eada478094784cff0b54e3a96bc4c600a495872cdaa404e 83912208 linux-source-3.16_3.16.72-1_all.deb Files: 137244fb72435b99dba1a4393076bd92 143027 kernel optional linux_3.16.72-1.dsc 95891b771239e1aa658d9d47b3150380 82064636 kernel optional linux_3.16.72.orig.tar.xz 451ce71dc4c35437f39c94f0f01b04d9 1850732 kernel optional linux_3.16.72-1.debian.tar.xz b021d5982fd23e668a2187e4c1cd8e14 459446 devel optional linux-support-3.16.0-10_3.16.72-1_all.deb a2c5fc4b44cbed72d9f70ffef8a2e9c6 8409288 doc optional linux-doc-3.16_3.16.72-1_all.deb 92d21a8ba370f37bf8ea4f404f4f73ba 3818154 doc optional linux-manual-3.16_3.16.72-1_all.deb 81ab1724ccab26bd9a921bc734f38651 83912208 kernel optional linux-source-3.16_3.16.72-1_all.deb
-----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAl1TE9EACgkQ57/I7JWG EQmdgw/7B7EEwUXB1fDCatQX6QoG8ZIHiNfFjX4QLev1+ZhB5niPc+ha8htSFUJ5 4GOX4KaYkPmw7VDeOt5+gOkVOPAN8GRhyCINnhp6iEeGy0yd9m2pn/T5OxuQyVOo 41ToZlBlhLgeenHEmR75mE+67FQS3pg3XMyFu1//wwEVBZR7Im1LyrA+4kLfn6/r MAv7vuZrUZcKyBHjfGQuOOIhQsZ7kGZ+gx5aqaaRJDoJdsHGng1bzgrpX1NkpMHW Cbou9ndRGv7LC+uEfuxLVByDtyvEZsUqSiGkS1rSZJp0oKPF3Rtr9T7e6kJy2IIM szSrHu8vtD57b+rTpi7duO/3WdIrBkMq8nz9v9TLBbNQJThcr+7GhIvDl3JvDlGd VzzvWXpkPW6mwQp3vLjFZ7R3iTMsZdj/o+b9CTtD/yQvbNMf+HIzk5/l3nUT5MNF p+GnD6dusSHGB3uQCWkza/0UTt/X6IFwKpNHfPCZS2dOWkJ1d52JP0yMqFPctx4O M43qLOoUnMyOhv3hU50x/cIgBWqsl64tvG44kr23a1Ea8re6QC0qWrGV9fjTH7Yp BQDSmCDtRn07tDuQYd0LJFrMf8iOntw8G8k8NO5icUadwyoyxeKYxOd1O5Fv9a+V gQKuR56CYBGM7HWoLuhEx66dQcGER/FNveirtf0YU6HTL/aJXGo= =S/TB -----END PGP SIGNATURE-----