Xenial update to v4.4.56 stable release
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Xenial |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The v4.4.56 upstream stable
patch set is now available. It should be included in the Ubuntu
kernel as well.
TEST CASE: TBD
The following patches from the v4.4.56 stable release shall be applied:
netlink: remove mmapped netlink support
UBUNTU: [Config] CONFIG_NETLINK_MMAP disappeared
vxlan: correctly validate VXLAN ID against VXLAN_N_VID
vti6: return GRE_KEY for vti6
ipv4: mask tos for input route
l2tp: avoid use-after-free caused by l2tp_ip_
net: don't call strlen() on the user buffer in packet_bind_spkt()
net: net_enable_
dccp: Unlock sock before calling sk_free()
tcp: fix various issues for sockets morphing to listen state
net: fix socket refcounting in skb_complete_
net: fix socket refcounting in skb_complete_
dccp: fix use-after-free in dccp_feat_
vrf: Fix use-after-free in vrf_xmit
uapi: fix linux/packet_diag.h userspace compilation error
act_connmark: avoid crashing on malformed nlattrs with null parms
mpls: Send route delete notifications when router module is unloaded
ipv6: make ECMP route replacement less greedy
ipv6: avoid write to a possibly cloned skb
bridge: drop netfilter fake rtable unconditionally
dccp/tcp: fix routing redirect race
dccp: fix memory leak during tear-down of unsuccessful connection request
net sched actions: decrement module reference count after table flush.
fscrypt: fix renaming and linking special files
fscrypto: lock inode while setting encryption policy
x86/kasan: Fix boot with KASAN=y and PROFILE_
x86/perf: Fix CR4.PCE propagation to use active_mm instead of mm
futex: Fix potential use-after-free in FUTEX_REQUEUE_PI
futex: Add missing error handling to FUTEX_REQUEUE_PI
Linux 4.4.56
CVE References
tags: | added: kernel-stable-tracking-bug |
description: | updated |
Changed in linux (Ubuntu Xenial): | |
status: | New → Fix Committed |
Changed in linux (Ubuntu): | |
status: | New → Invalid |
This bug was fixed in the package linux - 4.4.0-75.96
---------------
linux (4.4.0-75.96) xenial; urgency=low
* linux: 4.4.0-75.96 -proposed tracker (LP: #1684441)
* [Hyper-V] hv: util: move waiting for release to hv_utils_transport itself
(LP: #1682561)
- Drivers: hv: util: move waiting for release to hv_utils_transport itself
linux (4.4.0-74.95) xenial; urgency=low
* linux: 4.4.0-74.95 -proposed tracker (LP: #1682041)
* [Hyper-V] hv: vmbus: Raise retry/wait limits in vmbus_post_msg()
(LP: #1681893)
- Drivers: hv: vmbus: Raise retry/wait limits in vmbus_post_msg()
linux (4.4.0-73.94) xenial; urgency=low
* linux: 4.4.0-73.94 -proposed tracker (LP: #1680416)
* CVE-2017-6353
- sctp: deny peeloff operation on asocs with threads sleeping on it
* vfat: missing iso8859-1 charset (LP: #1677230)
- [Config] NLS_ISO8859_1=y
* Regression: KVM modules should be on main kernel package (LP: #1678099)
- [Config] powerpc: Add kvm-hv and kvm-pr to the generic inclusion list
* linux-lts-xenial 4.4.0-63.84~14.04.2 ADT test failure with linux-lts-xenial 0-63.84~ 14.04.2 (LP: #1664912)
4.4.
- SAUCE: apparmor: fix link auditing failure due to, uninitialized var
* regession tests failing after stackprofile test is run (LP: #1661030)
- SAUCE: fix regression with domain change in complain mode
* Permission denied and inconsistent behavior in complain mode with 'ip netns
list' command (LP: #1648903)
- SAUCE: fix regression with domain change in complain mode
* unexpected errno=13 and disconnected path when trying to open /proc/1/ns/mnt
from a unshared mount namespace (LP: #1656121)
- SAUCE: apparmor: null profiles should inherit parent control flags
* apparmor refcount leak of profile namespace when removing profiles
(LP: #1660849)
- SAUCE: apparmor: fix ns ref count link when removing profiles from policy
* tor in lxd: apparmor="DENIED" operation= "change_ onexec" "root// CONTAINERNAME_ <var-lib- lxd>" profile= "unconfined" "system_ tor" (LP: #1648143)
namespace=
name=
- SAUCE: apparmor: Fix no_new_privs blocking change_onexec when using stacked
namespaces
* apparmor oops in bind_mnt when dev_path lookup fails (LP: #1660840)
- SAUCE: apparmor: fix oops in bind_mnt when dev_path lookup fails
* apparmor auditing denied access of special apparmor .null fi\ le
(LP: #1660836)
- SAUCE: apparmor: Don't audit denied access of special apparmor .null file
* apparmor label leak when new label is unused (LP: #1660834)
- SAUCE: apparmor: fix label leak when new label is unused
* apparmor reference count bug in label_merge_ insert( ) (LP: #1660833) insert( )
- SAUCE: apparmor: fix reference count bug in label_merge_
* apparmor's raw_data file in securityfs is sometimes truncated (LP: #1638996)
- SAUCE: apparmor: fix replacement race in reading rawdata
* unix domain socket cross permission check failing with nested namespaces
(LP: #1660832)
- SAUCE: apparmor: fix cross ns perm of unix domain sockets
* Xenial update to v4.4.59 stable release (LP: #1678960)
- xfrm: policy: init locks early
- virtio_balloon: init ...