This bug was fixed in the package linux-raspi2 - 4.4.0-1123.132 --------------- linux-raspi2 (4.4.0-1123.132) xenial; urgency=medium
* xenial/linux-raspi2: 4.4.0-1123.132 -proposed tracker (LP: #1844409) [ Ubuntu: 4.4.0-165.193 ] * xenial/linux: 4.4.0-165.193 -proposed tracker (LP: #1844416) * Xenial update: 4.4.187 upstream stable release (LP: #1840081) - MIPS: ath79: fix ar933x uart parity mode - MIPS: fix build on non-linux hosts - dmaengine: imx-sdma: fix use-after-free on probe error path - ath10k: Do not send probe response template for mesh - ath9k: Check for errors when reading SREV register - ath6kl: add some bounds checking - ath: DFS JP domain W56 fixed pulse type 3 RADAR detection - batman-adv: fix for leaked TVLV handler. - media: dvb: usb: fix use after free in dvb_usb_device_exit - crypto: talitos - fix skcipher failure due to wrong output IV - media: marvell-ccic: fix DMA s/g desc number calculation - media: vpss: fix a potential NULL pointer dereference - net: stmmac: dwmac1000: Clear unused address entries - signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig - af_key: fix leaks in key_pol_get_resp and dump_sp. - xfrm: Fix xfrm sel prefix length validation - media: staging: media: davinci_vpfe: - Fix for memory leak if decoder initialization fails. - net: phy: Check against net_device being NULL - tua6100: Avoid build warnings. - locking/lockdep: Fix merging of hlocks with non-zero references - media: wl128x: Fix some error handling in fm_v4l2_init_video_device() - cpupower : frequency-set -r option misses the last cpu in related cpu list - net: fec: Do not use netdev messages too early - net: axienet: Fix race condition causing TX hang - s390/qdio: handle PENDING state for QEBSM devices - perf test 6: Fix missing kvm module load for s390 - gpio: omap: fix lack of irqstatus_raw0 for OMAP4 - gpio: omap: ensure irq is enabled before wakeup - regmap: fix bulk writes on paged registers - bpf: silence warning messages in core - rcu: Force inlining of rcu_read_lock() - xfrm: fix sa selector validation - perf evsel: Make perf_evsel__name() accept a NULL argument - vhost_net: disable zerocopy by default - EDAC/sysfs: Fix memory leak when creating a csrow object - media: i2c: fix warning same module names - ntp: Limit TAI-UTC offset - timer_list: Guard procfs specific code - acpi/arm64: ignore 5.1 FADTs that are reported as 5.0 - media: coda: fix mpeg2 sequence number handling - media: coda: increment sequence offset for the last returned frame - mt7601u: do not schedule rx_tasklet when the device has been disconnected - x86/build: Add 'set -e' to mkcapflags.sh to delete broken capflags.c - mt7601u: fix possible memory leak when the device is disconnected - ath10k: fix PCIE device wake up failed - rslib: Fix decoding of shortened codes - rslib: Fix handling of of caller provided syndrome - ixgbe: Check DDM existence in transceiver before access - EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec - bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush() - Bluetooth: hci_bcsp: Fix memory leak in rx_skb - Bluetooth: 6lowpan: search for destination address in all peers - Bluetooth: Check state in l2cap_disconnect_rsp - Bluetooth: validate BLE connection interval updates - crypto: ghash - fix unaligned memory access in ghash_setkey() - crypto: arm64/sha1-ce - correct digest for empty data in finup - crypto: arm64/sha2-ce - correct digest for empty data in finup - Input: gtco - bounds check collection indent level - regulator: s2mps11: Fix buck7 and buck8 wrong voltages - tracing/snapshot: Resize spare buffer if size changed - NFSv4: Handle the special Linux file open access mode - lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE - ALSA: seq: Break too long mutex context in the write loop - media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom() - media: coda: Remove unbalanced and unneeded mutex unlock - KVM: x86/vPMU: refine kvm_pmu err msg when event creation failed - drm/nouveau/i2c: Enable i2c pads & busses during preinit - padata: use smp_mb in padata_reorder to avoid orphaned padata jobs - 9p/virtio: Add cleanup path in p9_virtio_init - PCI: Do not poll for PME if the device is in D3cold - take floppy compat ioctls to sodding floppy.c - floppy: fix out-of-bounds read in next_valid_format - floppy: fix invalid pointer dereference in drive_name - coda: pass the host file in vma->vm_file on mmap - gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM - parisc: Fix kernel panic due invalid values in IAOQ0 or IAOQ1 - powerpc/32s: fix suspend/resume when IBATs 4-7 are used - powerpc/watchpoint: Restore NV GPRs while returning from exception - eCryptfs: fix a couple type promotion bugs - intel_th: msu: Fix single mode with disabled IOMMU - Bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug - usb: Handle USB3 remote wakeup for LPM enabled devices correctly - dm bufio: fix deadlock with loop device - bnx2x: Prevent load reordering in tx completion processing - caif-hsi: fix possible deadlock in cfhsi_exit_module() - ipv4: don't set IPv6 only flags to IPv4 addresses - net: bcmgenet: use promisc for unsupported filters - net: neigh: fix multiple neigh timer scheduling - nfc: fix potential illegal memory access - sky2: Disable MSI on ASUS P6T - netrom: fix a memory leak in nr_rx_frame() - netrom: hold sock when setting skb->destructor - tcp: Reset bytes_acked and bytes_received when disconnecting - bonding: validate ip header before check IPPROTO_IGMP - net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling - net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query - net: bridge: stp: don't cache eth dest pointer before skb pull - elevator: fix truncation of icq_cache_name - NFSv4: Fix open create exclusive when the server reboots - nfsd: increase DRC cache limit - nfsd: give out fewer session slots as limit approaches - nfsd: fix performance-limiting session calculation - nfsd: Fix overflow causing non-working mounts on 1 TB machines - drm/panel: simple: Fix panel_simple_dsi_probe - usb: core: hub: Disable hub-initiated U1/U2 - tty: max310x: Fix invalid baudrate divisors calculator - pinctrl: rockchip: fix leaked of_node references - tty: serial: cpm_uart - fix init when SMC is relocated - memstick: Fix error cleanup path of memstick_init - tty/serial: digicolor: Fix digicolor-usart already registered warning - tty: serial: msm_serial: avoid system lockup condition - drm/virtio: Add memory barriers for capset cache. - phy: renesas: rcar-gen2: Fix memory leak at error paths - usb: gadget: Zero ffs_io_data - powerpc/pci/of: Fix OF flags parsing for 64bit BARs - PCI: sysfs: Ignore lockdep for remove attribute - iio: iio-utils: Fix possible incorrect mask calculation - recordmcount: Fix spurious mcount entries on powerpc - mfd: core: Set fwnode for created devices - mfd: arizona: Fix undefined behavior - um: Silence lockdep complaint about mmap_sem - powerpc/4xx/uic: clear pending interrupt after irq type/pol change - serial: sh-sci: Fix TX DMA buffer flushing and workqueue races - kallsyms: exclude kasan local symbols on s390 - perf test mmap-thread-lookup: Initialize variable to suppress memory sanitizer warning - f2fs: avoid out-of-range memory access - mailbox: handle failed named mailbox channel request - powerpc/eeh: Handle hugepages in ioremap space - sh: prevent warnings when using iounmap - mm/kmemleak.c: fix check for softirq context - 9p: pass the correct prototype to read_cache_page - mm/mmu_notifier: use hlist_add_head_rcu() - locking/lockdep: Fix lock used or unused stats error - locking/lockdep: Hide unused 'class' variable - usb: wusbcore: fix unbalanced get/put cluster_id - usb: pci-quirks: Correct AMD PLL quirk detection - x86/sysfb_efi: Add quirks for some devices with swapped width and height - x86/speculation/mds: Apply more accurate check on hypervisor platform - hpet: Fix division by zero in hpet_time_div() - ALSA: hda - Add a conexant codec entry to let mute led work - access: avoid the RCU grace period for the temporary subjective credentials - vmstat: Remove BUG_ON from vmstat_update - mm, vmstat: make quiet_vmstat lighter - ipv6: check sk sk_type and protocol early in ip_mroute_set/getsockopt - tcp: reset sk_send_head in tcp_write_queue_purge - ISDN: hfcsusb: checking idx of ep configuration - media: cpia2_usb: first wake up, then free in disconnect - media: radio-raremono: change devm_k*alloc to k*alloc - Bluetooth: hci_uart: check for missing tty operations - sched/fair: Don't free p->numa_faults with concurrent readers - drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl - ceph: hold i_ceph_lock when removing caps for freeing inode - Linux 4.4.187 - perf tests: Add valid callback for parse-events test - SAUCE: Fix perf test 6: Fix missing kvm module load for s390 * CVE-2018-20976 - xfs: clear sb->s_fs_info on mount failure * Xenial update: 4.4.189 upstream stable release (LP: #1840335) - arm64: cpufeature: Fix CTR_EL0 field definitions - arm64: cpufeature: Fix feature comparison for CTR_EL0.{CWG,ERG} - netfilter: nfnetlink_acct: validate NFACCT_QUOTA parameter - HID: Add quirk for HP X1200 PIXART OEM mouse - tcp: be more careful in tcp_fragment() - atm: iphase: Fix Spectre v1 vulnerability - net: bridge: delete local fdb on device init failure - net: fix ifindex collision during namespace removal - tipc: compat: allow tipc commands without arguments - net: sched: Fix a possible null-pointer dereference in dequeue_func() - net/mlx5: Use reversed order when unregister devices - bnx2x: Disable multi-cos feature. - compat_ioctl: pppoe: fix PPPOEIOCSFWD handling - spi: bcm2835: Fix 3-wire mode if DMA is enabled - x86: cpufeatures: Sort feature word 7 - x86/entry/64: Fix context tracking state warning when load_gs_index fails - Linux 4.4.189 * CVE-2019-0136 - mac80211: handle deauthentication/disassociation from TDLS peer * skb_warn_bad_offload kernel splat due to CHECKSUM target not compatible with GSO skbs (LP: #1840619) - netfilter: xt_checksum: ignore gso skbs * CVE-2018-20961 - usb: gadget: f_midi: fail if set_alt fails to allocate requests - USB: gadget: f_midi: fixing a possible double-free in f_midi * CVE-2019-11487 - pipe: add pipe_buf_get() helper - mm: add 'try_get_page()' helper function - fs: prevent page refcount overflow in pipe_buf_get - mm: make page ref count overflow check tighter and more explicit - mm, gup: ensure real head page is ref-counted when using hugepages - mm: prevent get_user_pages() from overflowing page refcount * Xenial update: 4.4.188 upstream stable release (LP: #1840289) - ARM: riscpc: fix DMA - ARM: dts: rockchip: Mark that the rk3288 timer might stop in suspend - kernel/module.c: Only return -EEXIST for modules that have finished loading - MIPS: lantiq: Fix bitfield masking - dmaengine: rcar-dmac: Reject zero-length slave DMA requests - fs/adfs: super: fix use-after-free bug - btrfs: fix minimum number of chunk errors for DUP - ceph: fix improper use of smp_mb__before_atomic() - scsi: zfcp: fix GCC compiler warning emitted with -Wmaybe-uninitialized - ACPI: fix false-positive -Wuninitialized warning - be2net: Signal that the device cannot transmit during reconfiguration - x86/apic: Silence -Wtype-limits compiler warnings - x86: math-emu: Hide clang warnings for 16-bit overflow - mm/cma.c: fail if fixed declaration can't be honored - coda: add error handling for fget - coda: fix build using bare-metal toolchain - uapi linux/coda_psdev.h: move upc_req definition from uapi to kernel side headers - ipc/mqueue.c: only perform resource calculation if user valid - x86/kvm: Don't call kvm_spurious_fault() from .fixup - selinux: fix memory leak in policydb_init() - s390/dasd: fix endless loop after read unit address configuration - xen/swiotlb: fix condition for calling xen_destroy_contiguous_region() - Linux 4.4.188 * Line 6 POD HD500 driver fault (LP: #1790595) // Xenial update: 4.4.187 upstream stable release (LP: #1840081) - ALSA: line6: Fix wrong altsetting for LINE6_PODHD500_1 * CVE-2016-10905 - GFS2: don't set rgrp gl_object until it's inserted into rgrp tree -- Khalid Elmously <khalid.elmou...@canonical.com> Wed, 18 Sep 2019 04:43:23 -0400 ** Changed in: linux-raspi2 (Ubuntu Xenial) Status: Confirmed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-10905 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-20961 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-20976 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-0136 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-11487 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1844409 Title: xenial/linux-raspi2: 4.4.0-1123.132 -proposed tracker To manage notifications about this bug go to: https://bugs.launchpad.net/kernel-sru-workflow/+bug/1844409/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs