This bug was fixed in the package linux - 4.4.0-159.187 --------------- linux (4.4.0-159.187) xenial; urgency=medium
* CVE-2019-1125 - x86/cpufeatures: Carve out CQM features retrieval - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word - x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations - x86/speculation: Enable Spectre v1 swapgs mitigations - x86/entry/64: Use JMP instead of JMPQ - x86/speculation/swapgs: Exclude ATOMs from speculation through SWAPGS linux (4.4.0-158.186) xenial; urgency=medium * xenial/linux: 4.4.0-158.186 -proposed tracker (LP: #1837609) * Packaging resync (LP: #1786013) - [Packaging] resync git-ubuntu-log - [Packaging] update helper scripts * ixgbe{vf} - Physical Function gets IRQ when VF checks link state (LP: #1836760) - ixgbevf: Use cached link state instead of re-reading the value for ethtool * CVE-2018-5383 - crypto: kpp - Key-agreement Protocol Primitives API (KPP) - crypto: dh - Add DH software implementation - crypto: ecdh - Add ECDH software support - crypto: ecdh - make ecdh_shared_secret unique - crypto: doc - add KPP documentation - crypto: kpp, (ec)dh - fix typos - crypto: ecc - remove unused function arguments - crypto: ecc - remove unnecessary casts - crypto: ecc - rename ecdh_make_pub_key() - crypto: ecdh - add privkey generation support - crypto: ecc - Fix NULL pointer deref. on no default_rng - [Config] CRYPTO_ECDH=m - Bluetooth: convert smp and selftest to crypto kpp API - crypto: ecdh - add public key verification test * Xenial update: 4.4.185 upstream stable release (LP: #1836668) - fs/binfmt_flat.c: make load_flat_shared_library() work - scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() - tracing: Silence GCC 9 array bounds warning - gcc-9: silence 'address-of-packed-member' warning - usb: chipidea: udc: workaround for endpoint conflict issue - Input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD - apparmor: enforce nullbyte at end of tag string - parport: Fix mem leak in parport_register_dev_model - parisc: Fix compiler warnings in float emulation code - IB/hfi1: Insure freeze_work work_struct is canceled on shutdown - MIPS: uprobes: remove set but not used variable 'epc' - net: hns: Fix loopback test failed at copper ports - sparc: perf: fix updated event period in response to PERF_EVENT_IOC_PERIOD - scripts/checkstack.pl: Fix arm64 wrong or unknown architecture - scsi: ufs: Check that space was properly alloced in copy_query_response - s390/qeth: fix VLAN attribute in bridge_hostnotify udev event - hwmon: (pmbus/core) Treat parameters as paged if on multiple pages - Btrfs: fix race between readahead and device replace/removal - btrfs: start readahead also in seed devices - can: flexcan: fix timeout when set small bitrate - can: purge socket error queue on sock destruct - ARM: imx: cpuidle-imx6sx: Restrict the SW2ISO increase to i.MX6SX - Bluetooth: Align minimum encryption key size for LE and BR/EDR connections - Bluetooth: Fix regression with minimum encryption key size alignment - SMB3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write - cfg80211: fix memory leak of wiphy device name - mac80211: drop robust management frames from unknown TA - perf ui helpline: Use strlcpy() as a shorter form of strncpy() + explicit set nul - perf help: Remove needless use of strncpy() - 9p/rdma: do not disconnect on down_interruptible EAGAIN - 9p: acl: fix uninitialized iattr access - 9p/rdma: remove useless check in cm_event_handler - 9p: p9dirent_read: check network-provided name length - net/9p: include trans_common.h to fix missing prototype warning. - ovl: modify ovl_permission() to do checks on two inodes - x86/speculation: Allow guests to use SSBD even if host does not - cpu/speculation: Warn on unsupported mitigations= parameter - sctp: change to hold sk after auth shkey is created successfully - tipc: change to use register_pernet_device - tipc: check msg->req data len in tipc_nl_compat_bearer_disable - team: Always enable vlan tx offload - ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while loop - bonding: Always enable vlan tx offload - net: check before dereferencing netdev_ops during busy poll - Bluetooth: Fix faulty expression for minimum encryption key size check - um: Compile with modern headers - ASoC : cs4265 : readable register too low - spi: bitbang: Fix NULL pointer dereference in spi_unregister_master - ASoC: max98090: remove 24-bit format support if RJ is 0 - usb: gadget: fusb300_udc: Fix memory leak of fusb300->ep[i] - usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC - scsi: hpsa: correct ioaccel2 chaining - ARC: Assume multiplier is always present - ARC: fix build warning in elf.h - MIPS: math-emu: do not use bools for arithmetic - mfd: omap-usb-tll: Fix register offsets - swiotlb: Make linux/swiotlb.h standalone includible - bug.h: work around GCC PR82365 in BUG() - MIPS: Workaround GCC __builtin_unreachable reordering bug - ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME - crypto: user - prevent operating on larval algorithms - ALSA: seq: fix incorrect order of dest_client/dest_ports arguments - ALSA: firewire-lib/fireworks: fix miss detection of received MIDI messages - ALSA: usb-audio: fix sign unintended sign extension on left shifts - lib/mpi: Fix karactx leak in mpi_powm - btrfs: Ensure replaced device doesn't have pending chunk allocation - tty: rocket: fix incorrect forward declaration of 'rp_init()' - ARC: handle gcc generated __builtin_trap for older compiler - arm64, vdso: Define vdso_{start,end} as array - KVM: x86: degrade WARN to pr_warn_ratelimited - dmaengine: imx-sdma: remove BD_INTR for channel0 - Linux 4.4.185 * Xenial update: 4.4.184 upstream stable release (LP: #1836667) - Linux 4.4.184 * Xenial update: 4.4.183 upstream stable release (LP: #1836666) - fs/fat/file.c: issue flush after the writeback of FAT - sysctl: return -EINVAL if val violates minmax - ipc: prevent lockup on alloc_msg and free_msg - hugetlbfs: on restore reserve error path retain subpool reservation - mm/cma.c: fix crash on CMA allocation if bitmap allocation fails - mm/cma_debug.c: fix the break condition in cma_maxchunk_get() - kernel/sys.c: prctl: fix false positive in validate_prctl_map() - mfd: intel-lpss: Set the device in reset state when init - mfd: twl6040: Fix device init errors for ACCCTL register - perf/x86/intel: Allow PEBS multi-entry in watermark mode - drm/bridge: adv7511: Fix low refresh rate selection - ntp: Allow TAI-UTC offset to be set to zero - f2fs: fix to avoid panic in do_recover_data() - f2fs: fix to do sanity check on valid block count of segment - iommu/vt-d: Set intel_iommu_gfx_mapped correctly - ALSA: hda - Register irq handler after the chip initialization - nvmem: core: fix read buffer in place - fuse: retrieve: cap requested size to negotiated max_write - nfsd: allow fh_want_write to be called twice - x86/PCI: Fix PCI IRQ routing table memory leak - platform/chrome: cros_ec_proto: check for NULL transfer function - soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher - clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288 - ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ahb" clock to SDMA - ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ipg" clock to SDMA - ARM: dts: imx6qdl: Specify IMX6QDL_CLK_IPG as "ipg" clock to SDMA - PCI: rpadlpar: Fix leaked device_node references in add/remove paths - PCI: rcar: Fix a potential NULL pointer dereference - video: hgafb: fix potential NULL pointer dereference - video: imsttfb: fix potential NULL pointer dereferences - PCI: xilinx: Check for __get_free_pages() failure - gpio: gpio-omap: add check for off wake capable gpios - dmaengine: idma64: Use actual device for DMA transfers - pwm: tiehrpwm: Update shadow register for disabling PWMs - ARM: dts: exynos: Always enable necessary APIO_1V8 and ABB_1V8 regulators on Arndale Octa - pwm: Fix deadlock warning when removing PWM device - ARM: exynos: Fix undefined instruction during Exynos5422 resume - futex: Fix futex lock the wrong page - ALSA: seq: Cover unsubscribe_port() in list_mutex - libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk - mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node - fs/ocfs2: fix race in ocfs2_dentry_attach_lock() - signal/ptrace: Don't leak unitialized kernel memory with PTRACE_PEEK_SIGINFO - ptrace: restore smp_rmb() in __ptrace_may_access() - i2c: acorn: fix i2c warning - bcache: fix stack corruption by PRECEDING_KEY() - cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css() - ASoC: cs42xx8: Add regcache mask dirty - Drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var - scsi: lpfc: add check for loss of ndlp when sending RRQ - scsi: bnx2fc: fix incorrect cast to u64 on shift operation - usbnet: ipheth: fix racing condition - KVM: x86/pmu: do not mask the value that is written to fixed PMUs - KVM: s390: fix memory slot handling for KVM_SET_USER_MEMORY_REGION - drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to an invalid read - drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define() - USB: Fix chipmunk-like voice when using Logitech C270 for recording audio. - USB: usb-storage: Add new ID to ums-realtek - USB: serial: pl2303: add Allied Telesis VT-Kit3 - USB: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode - USB: serial: option: add Telit 0x1260 and 0x1261 compositions - ax25: fix inconsistent lock state in ax25_destroy_timer - be2net: Fix number of Rx queues used for flow hashing - ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero - lapb: fixed leak of control-blocks. - neigh: fix use-after-free read in pneigh_get_next - sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg - mISDN: make sure device name is NUL terminated - x86/CPU/AMD: Don't force the CPB cap when running under a hypervisor - perf/ring_buffer: Fix exposing a temporarily decreased data_head - perf/ring_buffer: Add ordering to rb->nest increment - gpio: fix gpio-adp5588 build errors - net: tulip: de4x5: Drop redundant MODULE_DEVICE_TABLE() - i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr - configfs: Fix use-after-free when accessing sd->s_dentry - ia64: fix build errors by exporting paddr_to_nid() - KVM: PPC: Book3S: Use new mutex to synchronize access to rtas token list - net: sh_eth: fix mdio access in sh_eth_close() for R-Car Gen2 and RZ/A1 SoCs - scsi: libcxgbi: add a check for NULL pointer in cxgbi_check_route() - scsi: libsas: delete sas port if expander discover failed - Revert "crypto: crypto4xx - properly set IV after de- and encrypt" - coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping - Abort file_remove_privs() for non-reg. files - Linux 4.4.183 * CVE-2019-12614 - powerpc/pseries/dlpar: Fix a missing check in dlpar_parse_cc_property() * bnx2x driver causes 100% CPU load (LP: #1832082) - bnx2x: Prevent ptp_task to be rescheduled indefinitely * Xenial update: 4.4.182 upstream stable release (LP: #1836665) - Linux 4.4.182 * Xenial kernel 4.4.0-155.182 fails to build perf with libnuma (LP: #1836585) - Revert "UBUNTU: SAUCE: perf/bench: Drop definition of BIT in numa.c" * CVE-2019-10126 - mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() * CVE-2019-3846 - mwifiex: Fix possible buffer overflows at parsing bss descriptor -- Kleber Sacilotto de Souza <kleber.so...@canonical.com> Thu, 01 Aug 2019 17:22:24 +0200 ** Changed in: linux (Ubuntu Xenial) Status: Fix Committed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-5383 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-10126 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-1125 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-12614 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-3846 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1836667 Title: Xenial update: 4.4.184 upstream stable release To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1836667/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs