This bug was fixed in the package linux - 4.4.0-137.163 --------------- linux (4.4.0-137.163) xenial; urgency=medium * CVE-2018-14633 - iscsi target: Use hex2bin instead of a re-implementation * CVE-2018-17182 - mm: get rid of vmacache_flush_all() entirely linux (4.4.0-136.162) xenial; urgency=medium * linux: 4.4.0-136.162 -proposed tracker (LP: #1791745) * CVE-2017-5753 - bpf: properly enforce index mask to prevent out-of-bounds speculation - Revert "UBUNTU: SAUCE: bpf: Use barrier_nospec() instead of osb()" - Revert "bpf: prevent speculative execution in eBPF interpreter" * L1TF mitigation not effective in some CPU and RAM combinations (LP: #1788563) // CVE-2018-3620 // CVE-2018-3646 - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit - x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ * CVE-2018-15594 - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests * Xenial update to 4.4.144 stable release (LP: #1791080) - KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel. - x86/MCE: Remove min interval polling limitation - fat: fix memory allocation failure handling of match_strdup() - ALSA: rawmidi: Change resized buffers atomically - ARC: Fix CONFIG_SWAP - ARC: mm: allow mprotect to make stack mappings executable - mm: memcg: fix use after free in mem_cgroup_iter() - ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns - ipv6: fix useless rol32 call on hash - lib/rhashtable: consider param->min_size when setting initial table size - net/ipv4: Set oif in fib_compute_spec_dst - net: phy: fix flag masking in __set_phy_supported - ptp: fix missing break in switch - tg3: Add higher cpu clock for 5762. - net: Don't copy pfmemalloc flag in __copy_skb_header() - skbuff: Unconditionally copy pfmemalloc in __skb_clone() - xhci: Fix perceived dead host due to runtime suspend race with event handler - x86/paravirt: Make native_save_fl() extern inline - SAUCE: Add missing CPUID_7_EDX defines - SAUCE: x86/speculation: Expose indirect_branch_prediction_barrier() - x86/pti: Mark constant arrays as __initconst - x86/asm/entry/32: Simplify pushes of zeroed pt_regs->REGs - x86/entry/64/compat: Clear registers for compat syscalls, to reduce speculation attack surface - x86/speculation: Clean up various Spectre related details - x86/speculation: Fix up array_index_nospec_mask() asm constraint - x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend - x86/mm: Factor out LDT init from context init - x86/mm: Give each mm TLB flush generation a unique ID - SAUCE: x86/speculation: Use Indirect Branch Prediction Barrier in context switch - x86/speculation: Use IBRS if available before calling into firmware - x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP - selftest/seccomp: Fix the seccomp(2) signature - xen: set cpu capabilities from xen_start_kernel() - x86/amd: don't set X86_BUG_SYSRET_SS_ATTRS when running under Xen - SAUCE: Preserve SPEC_CTRL MSR in new inlines - SAUCE: Add Knights Mill to NO SSB list - x86/process: Correct and optimize TIF_BLOCKSTEP switch - x86/process: Optimize TIF_NOTSC switch - Revert "x86/cpufeatures: Add FEATURE_ZEN" - Revert "x86/cpu/AMD: Fix erratum 1076 (CPB bit)" - x86/cpu/AMD: Fix erratum 1076 (CPB bit) - x86/cpufeatures: Add FEATURE_ZEN - x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths - x86/cpu: Re-apply forced caps every time CPU caps are re-read - block: do not use interruptible wait anywhere - clk: tegra: Fix PLL_U post divider and initial rate on Tegra30 - ubi: Introduce vol_ignored() - ubi: Rework Fastmap attach base code - ubi: Be more paranoid while seaching for the most recent Fastmap - ubi: Fix races around ubi_refill_pools() - ubi: Fix Fastmap's update_vol() - ubi: fastmap: Erase outdated anchor PEBs during attach - Linux 4.4.144 * CVE-2017-5715 (Spectre v2 s390x) - s390: detect etoken facility - s390/lib: use expoline for all bcr instructions - SAUCE: s390: use expoline thunks for all branches generated by the BPF JIT * Xenial update to 4.4.143 stable release (LP: #1790884) - compiler, clang: suppress warning for unused static inline functions - compiler, clang: properly override 'inline' for clang - compiler, clang: always inline when CONFIG_OPTIMIZE_INLINING is disabled - compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations - x86/asm: Add _ASM_ARG* constants for argument registers to - ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent - bcm63xx_enet: correct clock usage - bcm63xx_enet: do not write to random DMA channel on BCM6345 - crypto: crypto4xx - remove bad list_del - crypto: crypto4xx - fix crypto4xx_build_pdr, crypto4xx_build_sdr leak - atm: zatm: Fix potential Spectre v1 - net: dccp: avoid crash in ccid3_hc_rx_send_feedback() - net: dccp: switch rx_tstamp_last_feedback to monotonic clock - net/mlx5: Fix incorrect raw command length parsing - net: sungem: fix rx checksum support - qed: Limit msix vectors in kdump kernel to the minimum required count. - r8152: napi hangup fix after disconnect - tcp: fix Fast Open key endianness - tcp: prevent bogus FRTO undos with non-SACK flows - vhost_net: validate sock before trying to put its fd - net_sched: blackhole: tell upper qdisc about dropped packets - net/mlx5: Fix command interface race in polling mode - net: cxgb3_main: fix potential Spectre v1 - rtlwifi: rtl8821ae: fix firmware is not ready to run - MIPS: Call dump_stack() from show_regs() - MIPS: Use async IPIs for arch_trigger_cpumask_backtrace() - netfilter: ebtables: reject non-bridge targets - KEYS: DNS: fix parsing multiple options - rds: avoid unenecessary cong_update in loop transport - net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL. - Linux 4.4.143 * Xenial update to 4.4.142 stable release (LP: #1790883) - Kbuild: fix # escaping in .cmd files for future Make - perf tools: Move syscall number fallbacks from perf-sys.h to tools/arch/x86/include/asm/ - Linux 4.4.142 * Xenial update to 4.4.141 stable release (LP: #1790620) - MIPS: Fix ioremap() RAM check - ibmasm: don't write out of bounds in read handler - vmw_balloon: fix inflation with batching - ahci: Disable LPM on Lenovo 50 series laptops with a too old BIOS - USB: serial: ch341: fix type promotion bug in ch341_control_in() - USB: serial: cp210x: add another USB ID for Qivicon ZigBee stick - USB: serial: keyspan_pda: fix modem-status error handling - USB: yurex: fix out-of-bounds uaccess in read handler - USB: serial: mos7840: fix status-register error handling - usb: quirks: add delay quirks for Corsair Strafe - xhci: xhci-mem: off by one in xhci_stream_id_to_ring() - HID: usbhid: add quirk for innomedia INNEX GENESIS/ATARI adapter - tools build: fix # escaping in .cmd files for future Make - iw_cxgb4: correctly enforce the max reg_mr depth - x86/cpufeature: Move some of the scattered feature bits to x86_capability - x86/cpu: Provide a config option to disable static_cpu_has - x86/fpu: Add an XSTATE_OP() macro - x86/fpu: Get rid of xstate_fault() - x86/headers: Don't include asm/processor.h in asm/atomic.h - x86/cpufeature: Replace the old static_cpu_has() with safe variant - x86/cpufeature: Get rid of the non-asm goto variant - x86/alternatives: Add an auxilary section - x86/alternatives: Discard dynamic check after init - x86/vdso: Use static_cpu_has() - x86/boot: Simplify kernel load address alignment check - x86/cpufeature: Speed up cpu_feature_enabled() - x86/cpufeature, x86/mm/pkeys: Add protection keys related CPUID definitions - x86/mm/pkeys: Fix mismerge of protection keys CPUID bits - x86/cpu: Add detection of AMD RAS Capabilities - x86/cpufeature, x86/mm/pkeys: Fix broken compile-time disabling of pkeys - x86/cpufeature: Make sure DISABLED/REQUIRED macros are updated - x86/cpufeature: Add helper macro for mask check macros - uprobes/x86: Remove incorrect WARN_ON() in uprobe_init_insn() - netfilter: nf_queue: augment nfqa_cfg_policy - netfilter: x_tables: initialise match/target check parameter struct - loop: add recursion validation to LOOP_CHANGE_FD - PM / hibernate: Fix oops at snapshot_write() - SAUCE: RDMA/ucm: Blacklist UCM module - loop: remember whether sysfs_create_group() was done - Linux 4.4.141 - [Config] Refresh configs for 4.4.141 * regression with EXT4 file systems and meta_bg flag (LP: #1789653) - ext4: fix false negatives *and* false positives in ext4_check_descriptors() * CVE-2018-15572 - x86/speculation: Protect against userspace-userspace spectreRSB * random oopses on s390 systems using NVMe devices (LP: #1790480) - s390/pci: fix out of bounds access during irq setup * CVE-2018-6555 - SAUCE: irda: Only insert new objects into the global database via setsockopt * CVE-2018-6554 - SAUCE: irda: Fix memory leak caused by repeated binds of irda socket * errors when scanning partition table of corrupted AIX disk (LP: #1787281) - partitions/aix: fix usage of uninitialized lv_info and lvname structures - partitions/aix: append null character to print data from disk -- Stefan Bader