This bug was fixed in the package linux-lts-xenial - 4.4.0-83.106~14.04.1 --------------- linux-lts-xenial (4.4.0-83.106~14.04.1) trusty; urgency=low
* linux-lts-xenial: 4.4.0-83.106~14.04.1 -proposed tracker (LP: #1700542) * linux: 4.4.0-83.106 -proposed tracker (LP: #1700541) * CVE-2017-1000364 - Revert "UBUNTU: SAUCE: mm: Only expand stack if guard area is hit" - Revert "mm: do not collapse stack gap into THP" - Revert "mm: enlarge stack guard gap" - mm: vma_adjust: remove superfluous confusing update in remove_next == 1 case - mm: larger stack guard gap, between vmas - mm: fix new crash in unmapped_area_topdown() - Allow stack to grow up to address space limit linux (4.4.0-82.105) xenial; urgency=low * linux: 4.4.0-82.105 -proposed tracker (LP: #1699064) * CVE-2017-1000364 - SAUCE: mm: Only expand stack if guard area is hit * linux-aws/linux-gke incorrectly producing and using linux-*-tools- common/linux-*-cloud-tools-common (LP: #1688579) - [Config] make linux-tools-common and linux-cloud-tools-common protection consistent * CVE-2017-9242 - ipv6: fix out of bound writes in __ip6_append_data() * CVE-2017-9075 - sctp: do not inherit ipv6_{mc|ac|fl}_list from parent * CVE-2017-9074 - ipv6: Prevent overrun when parsing v6 header options * CVE-2017-9076 - ipv6/dccp: do not inherit ipv6_mc_list from parent * CVE-2017-9077 - ipv6/dccp: do not inherit ipv6_mc_list from parent * CVE-2017-8890 - dccp/tcp: do not inherit mc_list from parent * Module signing exclusion for staging drivers does not work properly (LP: #1690908) - SAUCE: Fix module signing exclusion in package builds * extend-diff-ignore should use exact matches (LP: #1693504) - [Packaging] exact extend-diff-ignore matches * Dell XPS 9360 wifi 5G performance is poor (LP: #1692836) - SAUCE: ath10k: fix the wifi speed issue for kill 1535 * Upgrade Redpine WLAN/BT driver to ver. 1.2.RC12 (LP: #1694607) - SAUCE: Redpine: Upgrade to ver. 1.2.RC12 * [DP MST] No audio output through HDMI/DP/mDP ports in Dell WD15 and TB15 docking stations (LP: #1694665) - drm/i915: Store port enum in intel_encoder - drm/i915: Eliminate redundant local variable definition - drm/i915: Switch to using port stored in intel_encoder - drm/i915: Move audio_connector to intel_encoder - drm/i915/dp: DP audio API changes for MST - drm/i915: abstract ddi being audio enabled - drm/i915/audio: extend get_saved_enc() to support more scenarios - drm/i915: enable dp mst audio * Xenial update to 4.4.70 stable release (LP: #1694621) - usb: misc: legousbtower: Fix buffers on stack - usb: misc: legousbtower: Fix memory leak - USB: ene_usb6250: fix DMA to the stack - watchdog: pcwd_usb: fix NULL-deref at probe - char: lp: fix possible integer overflow in lp_setup() - USB: core: replace %p with %pK - ARM: tegra: paz00: Mark panel regulator as enabled on boot - tpm_crb: check for bad response size - infiniband: call ipv6 route lookup via the stub interface - dm btree: fix for dm_btree_find_lowest_key() - dm raid: select the Kconfig option CONFIG_MD_RAID0 - dm bufio: avoid a possible ABBA deadlock - dm bufio: check new buffer allocation watermark every 30 seconds - dm cache metadata: fail operations if fail_io mode has been established - dm bufio: make the parameter "retain_bytes" unsigned long - dm thin metadata: call precommit before saving the roots - dm space map disk: fix some book keeping in the disk space map - md: update slab_cache before releasing new stripes when stripes resizing - rtlwifi: rtl8821ae: setup 8812ae RFE according to device type - mwifiex: pcie: fix cmd_buf use-after-free in remove/reset - ima: accept previously set IMA_NEW_FILE - KVM: x86: Fix load damaged SSEx MXCSR register - KVM: X86: Fix read out-of-bounds vulnerability in kvm pio emulation - regulator: tps65023: Fix inverted core enable logic. - s390/kdump: Add final note - s390/cputime: fix incorrect system time - ath9k_htc: Add support of AirTies 1eda:2315 AR9271 device - ath9k_htc: fix NULL-deref at probe - drm/amdgpu: Avoid overflows/divide-by-zero in latency_watermark calculations. - drm/amdgpu: Make display watermark calculations more accurate - drm/nouveau/therm: remove ineffective workarounds for alarm bugs - drm/nouveau/tmr: ack interrupt before processing alarms - drm/nouveau/tmr: fix corruption of the pending list when rescheduling an alarm - drm/nouveau/tmr: avoid processing completed alarms when adding a new one - drm/nouveau/tmr: handle races with hw when updating the next alarm time - cdc-acm: fix possible invalid access when processing notification - proc: Fix unbalanced hard link numbers - of: fix sparse warning in of_pci_range_parser_one - iio: dac: ad7303: fix channel description - pid_ns: Sleep in TASK_INTERRUPTIBLE in zap_pid_ns_processes - pid_ns: Fix race between setns'ed fork() and zap_pid_ns_processes() - USB: serial: ftdi_sio: fix setting latency for unprivileged users - USB: serial: ftdi_sio: add Olimex ARM-USB-TINY(H) PIDs - ext4 crypto: don't let data integrity writebacks fail with ENOMEM - ext4 crypto: fix some error handling - net: qmi_wwan: Add SIMCom 7230E - fscrypt: fix context consistency check when key(s) unavailable - f2fs: check entire encrypted bigname when finding a dentry - fscrypt: avoid collisions when presenting long encrypted filenames - usb: host: xhci-plat: propagate return value of platform_get_irq() - xhci: apply PME_STUCK_QUIRK and MISSING_CAS quirk for Denverton - usb: host: xhci-mem: allocate zeroed Scratchpad Buffer - net: irda: irda-usb: fix firmware name on big-endian hosts - usbvision: fix NULL-deref at probe - mceusb: fix NULL-deref at probe - ttusb2: limit messages to buffer size - usb: musb: tusb6010_omap: Do not reset the other direction's packet size - USB: iowarrior: fix info ioctl on big-endian hosts - usb: serial: option: add Telit ME910 support - USB: serial: qcserial: add more Lenovo EM74xx device IDs - USB: serial: mct_u232: fix big-endian baud-rate handling - USB: serial: io_ti: fix div-by-zero in set_termios - USB: hub: fix SS hub-descriptor handling - USB: hub: fix non-SS hub-descriptor handling - ipx: call ipxitf_put() in ioctl error path - iio: proximity: as3935: fix as3935_write - ceph: fix recursion between ceph_set_acl() and __ceph_setattr() - gspca: konica: add missing endpoint sanity check - s5p-mfc: Fix unbalanced call to clock management - dib0700: fix NULL-deref at probe - zr364xx: enforce minimum size when reading header - dvb-frontends/cxd2841er: define symbol_rate_min/max in T/C fe-ops - cx231xx-audio: fix init error path - cx231xx-audio: fix NULL-deref at probe - cx231xx-cards: fix NULL-deref at probe - powerpc/book3s/mce: Move add_taint() later in virtual mode - powerpc/pseries: Fix of_node_put() underflow during DLPAR remove - powerpc/64e: Fix hang when debugging programs with relocated kernel - ARM: dts: at91: sama5d3_xplained: fix ADC vref - ARM: dts: at91: sama5d3_xplained: not all ADC channels are available - arm64: xchg: hazard against entire exchange variable - arm64: uaccess: ensure extension of access_ok() addr - arm64: documentation: document tagged pointer stack constraints - xc2028: Fix use-after-free bug properly - Revert "UBUNTU: SAUCE: mm: Respect FOLL_FORCE/FOLL_COW for thp" - mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp - staging: rtl8192e: fix 2 byte alignment of register BSSIDR. - staging: rtl8192e: rtl92e_get_eeprom_size Fix read size of EPROM_CMD. - iommu/vt-d: Flush the IOTLB to get rid of the initial kdump mappings - metag/uaccess: Fix access_ok() - metag/uaccess: Check access_ok in strncpy_from_user - uwb: fix device quirk on big-endian hosts - genirq: Fix chained interrupt data ordering - osf_wait4(): fix infoleak - tracing/kprobes: Enforce kprobes teardown after testing - PCI: Fix pci_mmap_fits() for HAVE_PCI_RESOURCE_TO_USER platforms - PCI: Freeze PME scan before suspending devices - drm/edid: Add 10 bpc quirk for LGD 764 panel in HP zBook 17 G2 - nfsd: encoders mustn't use unitialized values in error cases - drivers: char: mem: Check for address space wraparound with mmap() - Linux 4.4.70 * Xenial update to 4.4.69 stable release (LP: #1692900) - xen: adjust early dom0 p2m handling to xen hypervisor behavior - target: Fix compare_and_write_callback handling for non GOOD status - target/fileio: Fix zero-length READ and WRITE handling - target: Convert ACL change queue_depth se_session reference usage - iscsi-target: Set session_fall_back_to_erl0 when forcing reinstatement - usb: host: xhci: print correct command ring address - USB: serial: ftdi_sio: add device ID for Microsemi/Arrow SF2PLUS Dev Kit - USB: Proper handling of Race Condition when two USB class drivers try to call init_usb_class simultaneously - staging: vt6656: use off stack for in buffer USB transfers. - staging: vt6656: use off stack for out buffer USB transfers. - staging: gdm724x: gdm_mux: fix use-after-free on module unload - staging: comedi: jr3_pci: fix possible null pointer dereference - staging: comedi: jr3_pci: cope with jiffies wraparound - usb: misc: add missing continue in switch - usb: Make sure usb/phy/of gets built-in - usb: hub: Fix error loop seen after hub communication errors - usb: hub: Do not attempt to autosuspend disconnected devices - x86/boot: Fix BSS corruption/overwrite bug in early x86 kernel startup - selftests/x86/ldt_gdt_32: Work around a glibc sigaction() bug - x86, pmem: Fix cache flushing for iovec write < 8 bytes - um: Fix PTRACE_POKEUSER on x86_64 - KVM: x86: fix user triggerable warning in kvm_apic_accept_events() - KVM: arm/arm64: fix races in kvm_psci_vcpu_on - block: fix blk_integrity_register to use template's interval_exp if not 0 - crypto: algif_aead - Require setkey before accept(2) - dm era: save spacemap metadata root after the pre-commit - vfio/type1: Remove locked page accounting workqueue - IB/core: Fix sysfs registration error flow - IB/IPoIB: ibX: failed to create mcg debug file - IB/mlx4: Fix ib device initialization error flow - IB/mlx4: Reduce SRIOV multicast cleanup warning message to debug level - ext4: evict inline data when writing to memory map - fs/xattr.c: zero out memory copied to userspace in getxattr - ceph: fix memory leak in __ceph_setxattr() - fs/block_dev: always invalidate cleancache in invalidate_bdev() - Set unicode flag on cifs echo request to avoid Mac error - SMB3: Work around mount failure when using SMB3 dialect to Macs - CIFS: fix mapping of SFM_SPACE and SFM_PERIOD - cifs: fix CIFS_IOC_GET_MNT_INFO oops - CIFS: add misssing SFM mapping for doublequote - padata: free correct variable - arm64: KVM: Fix decoding of Rt/Rt2 when trapping AArch32 CP accesses - serial: samsung: Use right device for DMA-mapping calls - serial: omap: fix runtime-pm handling on unbind - serial: omap: suspend device on probe errors - tty: pty: Fix ldisc flush after userspace become aware of the data already - Bluetooth: Fix user channel for 32bit userspace on 64bit kernel - Bluetooth: hci_bcm: add missing tty-device sanity check - Bluetooth: hci_intel: add missing tty-device sanity check - mac80211: pass RX aggregation window size to driver - mac80211: pass block ack session timeout to to driver - mac80211: RX BA support for sta max_rx_aggregation_subframes - wlcore: Pass win_size taken from ieee80211_sta to FW - wlcore: Add RX_BA_WIN_SIZE_CHANGE_EVENT event - ipmi: Fix kernel panic at ipmi_ssif_thread() - Linux 4.4.69 * Support IPMI system interface on Cavium ThunderX (LP: #1688132) - i2c: octeon: Cleanup kerneldoc comments - i2c: octeon: Cleanup i2c-octeon driver - i2c: octeon: Cleanup resource allocation code - i2c: octeon: Support I2C_M_RECV_LEN - i2c: octeon: Increase retry default and use fixed timeout value - i2c: octeon: Move set-clock and init-lowlevel upward - i2c: octeon: Rename [read|write]_sw to reg_[read|write] - i2c: octeon: Introduce helper functions for register access - i2c: octeon: Remove superfluous check in octeon_i2c_test_iflg - i2c: octeon: Improve error status checking - i2c: octeon: Use i2c recovery framework - i2c: octeon: Add flush writeq helper function - i2c: octeon: Enable High-Level Controller - i2c: octeon: Add support for cn78xx chips - i2c: octeon: Remove zero-length message support - i2c: octeon: Improve performance if interrupt is early - i2c: octeon: Add workaround for broken irqs on CN3860 - i2c: octeon: Missing AAK flag in case of I2C_M_RECV_LEN - i2c: octeon: Avoid printk after too long SMBUS message - i2c: octeon: Rename driver to prepare for split - i2c: octeon: Split the driver into two parts - [Config] CONFIG_I2C_THUNDERX=m - i2c: thunderx: Add i2c driver for ThunderX SOC - i2c: thunderx: Add SMBUS alert support - i2c: octeon,thunderx: Move register offsets to struct - i2c: octeon: Sort include files alphabetically - i2c: octeon: Use booleon values for booleon variables - i2c: octeon: thunderx: Add MAINTAINERS entry - i2c: octeon: Fix set SCL recovery function - i2c: octeon: Avoid sending STOP during recovery - i2c: octeon: Fix high-level controller status check - i2c: octeon: thunderx: TWSI software reset in recovery - i2c: octeon: thunderx: Remove double-check after interrupt - i2c: octeon: thunderx: Limit register access retries - i2c: thunderx: Enable HWMON class probing * Xenial update to 4.4.68 stable release (LP: #1691418) - 9p: fix a potential acl leak - ARM: 8452/3: PJ4: make coprocessor access sequences buildable in Thumb2 mode - cpupower: Fix turbo frequency reporting for pre-Sandy Bridge cores - powerpc/powernv: Fix opal_exit tracepoint opcode - power: supply: bq24190_charger: Fix irq trigger to IRQF_TRIGGER_FALLING - power: supply: bq24190_charger: Call set_mode_host() on pm_resume() - power: supply: bq24190_charger: Install irq_handler_thread() at end of probe() - power: supply: bq24190_charger: Call power_supply_changed() for relevant component - power: supply: bq24190_charger: Don't read fault register outside irq_handle_thread() - power: supply: bq24190_charger: Handle fault before status on interrupt - leds: ktd2692: avoid harmless maybe-uninitialized warning - ARM: OMAP5 / DRA7: Fix HYP mode boot for thumb2 build - mwifiex: debugfs: Fix (sometimes) off-by-1 SSID print - mwifiex: remove redundant dma padding in AMSDU - mwifiex: Avoid skipping WEP key deletion for AP - x86/ioapic: Restore IO-APIC irq_chip retrigger callback - x86/pci-calgary: Fix iommu_free() comparison of unsigned expression >= 0 - clk: Make x86/ conditional on CONFIG_COMMON_CLK - kprobes/x86: Fix kernel panic when certain exception-handling addresses are probed - x86/platform/intel-mid: Correct MSI IRQ line for watchdog device - Revert "KVM: nested VMX: disable perf cpuid reporting" - KVM: nVMX: initialize PML fields in vmcs02 - KVM: nVMX: do not leak PML full vmexit to L1 - usb: host: ehci-exynos: Decrese node refcount on exynos_ehci_get_phy() error paths - usb: host: ohci-exynos: Decrese node refcount on exynos_ehci_get_phy() error paths - usb: chipidea: Only read/write OTGSC from one place - usb: chipidea: Handle extcon events properly - USB: serial: keyspan_pda: fix receive sanity checks - USB: serial: digi_acceleport: fix incomplete rx sanity check - USB: serial: ssu100: fix control-message error handling - USB: serial: io_edgeport: fix epic-descriptor handling - USB: serial: ti_usb_3410_5052: fix control-message error handling - USB: serial: ark3116: fix open error handling - USB: serial: ftdi_sio: fix latency-timer error handling - USB: serial: quatech2: fix control-message error handling - USB: serial: mct_u232: fix modem-status error handling - USB: serial: io_edgeport: fix descriptor error handling - phy: qcom-usb-hs: Add depends on EXTCON - serial: 8250_omap: Fix probe and remove for PM runtime - scsi: mac_scsi: Fix MAC_SCSI=m option when SCSI=m - MIPS: R2-on-R6 MULTU/MADDU/MSUBU emulation bugfix - brcmfmac: Ensure pointer correctly set if skb data location changes - brcmfmac: Make skb header writable before use - staging: wlan-ng: add missing byte order conversion - staging: emxx_udc: remove incorrect __init annotations - ALSA: hda - Fix deadlock of controller device lock at unbinding - tcp: do not underestimate skb->truesize in tcp_trim_head() - bpf, arm64: fix jit branch offset related to ldimm64 - tcp: fix wraparound issue in tcp_lp - tcp: do not inherit fastopen_req from parent - ipv4, ipv6: ensure raw socket message is big enough to hold an IP header - rtnetlink: NUL-terminate IFLA_PHYS_PORT_NAME string - ipv6: initialize route null entry in addrconf_init() - ipv6: reorder ip6_route_dev_notifier after ipv6_dev_notf - bnxt_en: allocate enough space for ->ntp_fltr_bmap - f2fs: sanity check segment count - drm/ttm: fix use-after-free races in vm fault handling - block: get rid of blk_integrity_revalidate() - Linux 4.4.68 * Keyboard backlight control does not work on some dell laptops. (LP: #1693126) - platform/x86: dell-laptop: Add Latitude 7480 and others to the DMI whitelist - platform/x86: dell-laptop: Add keyboard backlight timeout AC settings * Upgrade Redpine WLAN/BT driver to ver. 1.2.RC9 (LP: #1690498) - SAUCE: Redpine: Upgrade to ver. 1.2.RC9 * exec'ing a setuid binary from a threaded program sometimes fails to setuid (LP: #1672819) - SAUCE: exec: ensure file system accounting in check_unsafe_exec is correct * attempts to rename vlans / vlans have addr_assign_type of 0 on kernel 4.4 (LP: #1682871) - vlan: Propagate MAC address to VLANs * Exar usb-serial doesn't restore baud rate after resume from S3/S4 (LP: #1690362) - SAUCE: xr-usb-serial: re-initialise baudrate after resume from S3/S4 * st_pressure, st_accel IIO drivers fail to detect sensors after reloading kernel modules (LP: #1690310) - SAUCE: (no-up) iio: st_pressure: st_accel: Initialise sensor platform data properly * nvidia-docker on ppc64le-ubuntu16.04 issue due to cross-thread naming if !PR_DUMPABLE (LP: #1690225) - procfs: fix pthread cross-thread naming if !PR_DUMPABLE * linux xenial derivatives fail to build (LP: #1691814) - [Packaging] Set do_tools_common in common vars -- Thadeu Lima de Souza Cascardo <casca...@canonical.com> Mon, 26 Jun 2017 12:27:55 -0300 ** Changed in: linux-lts-xenial (Ubuntu Trusty) Status: Confirmed => Fix Released ** CVE added: https://cve.mitre.org/cgi- bin/cvename.cgi?name=2017-1000364 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-8890 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9074 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9075 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9076 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9077 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9242 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1700542 Title: linux-lts-xenial: 4.4.0-83.106~14.04.1 -proposed tracker To manage notifications about this bug go to: https://bugs.launchpad.net/kernel-sru-workflow/+bug/1700542/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs