Xenial update to 4.4.72 stable release

Bug #1698799 reported by Stefan Bader
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Invalid
Undecided
Unassigned
Xenial
Fix Released
Medium
Stefan Bader

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The 4.4.72 upstream stable
       patch set is now available. It should be included in the Ubuntu
       kernel as well.

       git://git.kernel.org/

    TEST CASE: TBD

The following patches from the 4.4.72 stable release shall be applied:
* bnx2x: Fix Multi-Cos
* ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt()
* cxgb4: avoid enabling napi twice to the same queue
* tcp: disallow cwnd undo when switching congestion control
* vxlan: fix use-after-free on deletion
* ipv6: Fix leak in ipv6_gso_segment().
* net: ping: do not abuse udp_poll()
* net: ethoc: enable NAPI before poll may be scheduled
* net: bridge: start hello timer only if device is up
* sparc64: mm: fix copy_tsb to correctly copy huge page TSBs
* sparc: Machine description indices can vary
* sparc64: reset mm cpumask after wrap
* sparc64: combine activate_mm and switch_mm
* sparc64: redefine first version
* sparc64: add per-cpu mm of secondary contexts
* sparc64: new context wrap
* sparc64: delete old wrap code
* arch/sparc: support NR_CPUS = 4096
* serial: ifx6x60: fix use-after-free on module unload
* ptrace: Properly initialize ptracer_cred on fork
* KEYS: fix dereferencing NULL payload with nonzero length
* KEYS: fix freeing uninitialized memory in key_update()
* crypto: gcm - wait for crypto op not signal safe
* drm/amdgpu/ci: disable mclk switching for high refresh rates (v2)
* nfsd4: fix null dereference on replay
* nfsd: Fix up the "supattr_exclcreat" attributes
* kvm: async_pf: fix rcu_irq_enter() with irqs enabled
* KVM: cpuid: Fix read/write out-of-bounds vulnerability in cpuid emulation
* arm: KVM: Allow unaligned accesses at HYP
* KVM: async_pf: avoid async pf injection when in guest mode
* dmaengine: usb-dmac: Fix DMAOR AE bit definition
* dmaengine: ep93xx: Always start from BASE0
* xen/privcmd: Support correctly 64KB page granularity when mapping memory
* xen-netfront: do not cast grant table reference to signed short
* xen-netfront: cast grant table reference first to type int
* ext4: fix SEEK_HOLE
* ext4: keep existing extra fields when inode expands
* ext4: fix fdatasync(2) after extent manipulation operations
* usb: gadget: f_mass_storage: Serialize wake and sleep execution
* usb: chipidea: udc: fix NULL pointer dereference if udc_start failed
* usb: chipidea: debug: check before accessing ci_role
* staging/lustre/lov: remove set_fs() call from lov_getstripe()
* iio: light: ltr501 Fix interchanged als/ps register field
* iio: proximity: as3935: fix AS3935_INT mask
* drivers: char: random: add get_random_long()
* random: properly align get_random_int_hash
* stackprotector: Increase the per-task stack canary's random range from 32
  bits to 64 bits on 64-bit platforms
* cpufreq: cpufreq_register_driver() should return -ENODEV if init fails
* target: Re-add check to reject control WRITEs with overflow data
* drm/msm: Expose our reservation object when exporting a dmabuf.
* Input: elantech - add Fujitsu Lifebook E546/E557 to force crc_enabled
* cpuset: consider dying css as offline
* fs: add i_blocksize()
* ufs: restore proper tail allocation
* fix ufs_isblockset()
* ufs: restore maintaining ->i_blocks
* ufs: set correct ->s_maxsize
* ufs_extend_tail(): fix the braino in calling conventions of
  ufs_new_fragments()
* ufs_getfrag_block(): we only grab ->truncate_mutex on block creation path
* cxl: Fix error path on bad ioctl
* btrfs: use correct types for page indices in btrfs_page_exists_in_range
* btrfs: fix memory leak in update_space_info failure path
* KVM: arm/arm64: Handle possible NULL stage2 pud when ageing pages
* scsi: qla2xxx: don't disable a not previously enabled PCI device
* powerpc/eeh: Avoid use after free in eeh_handle_special_event()
* powerpc/numa: Fix percpu allocations to be NUMA aware
* powerpc/hotplug-mem: Fix missing endian conversion of aa_index
* perf/core: Drop kernel samples even though :u is specified
* drm/vmwgfx: Handle vmalloc() failure in vmw_local_fifo_reserve()
* drm/vmwgfx: limit the number of mip levels in vmw_gb_surface_define_ioctl()
* drm/vmwgfx: Make sure backup_handle is always valid
* drm/nouveau/tmr: fully separate alarm execution/pending lists
* ALSA: timer: Fix race between read and ioctl
* ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT
* ASoC: Fix use-after-free at card unregistration
* drivers: char: mem: Fix wraparound check to allow mappings up to the end
* tty: Drop krefs for interrupted tty lock
* serial: sh-sci: Fix panic when serial console and DMA are enabled
* mm: consider memblock reservations for deferred memory initialization
  sizing
* NFS: Ensure we revalidate attributes before using execute_ok()
* NFSv4: Don't perform cached access checks before we've OPENed the file
* Make __xfs_xattr_put_listen preperly report errors.
* arm64: hw_breakpoint: fix watchpoint matching for tagged pointers
* arm64: entry: improve data abort handling of tagged pointers
* RDMA/qib,hfi1: Fix MR reference count leak on write with immediate
* usercopy: Adjust tests to deal with SMAP/PAN
* arm64: armv8_deprecated: ensure extension of addr
* arm64: ensure extension of smp_store_release value
* Linux 4.4.72

CVE References

Stefan Bader (smb)
tags: added: kernel-stable-tracking-bug
Revision history for this message
Stefan Bader (smb) wrote :

Skipped "net: better skb->sender_cpu and skb->napi_id cohabitation" as it was already applied for bug #1673303 "[Xenial] net: better skb->sender_cpu and skb->napi_id cohabitation".

description: updated
Changed in linux (Ubuntu Xenial):
assignee: nobody → Stefan Bader (smb)
importance: Undecided → Medium
status: New → In Progress
Changed in linux (Ubuntu):
status: New → Invalid
Stefan Bader (smb)
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 4.4.0-87.110

---------------
linux (4.4.0-87.110) xenial; urgency=low

  * linux: 4.4.0-87.110 -proposed tracker (LP: #1704982)

  * CVE-2017-1000364
    - mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack
    - mm/mmap.c: expand_downwards: don't require the gap if !vm_prev

  * CIFS causes oops (LP: #1704857)
    - CIFS: Fix null pointer deref during read resp processing
    - CIFS: Fix some return values in case of error in 'crypt_message'

 -- Kleber Sacilotto de Souza <email address hidden> Tue, 18 Jul 2017 13:58:43 +0200

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.