* mantic/linux-starfive: 6.5.0-1016.17 -proposed tracker (LP: #2068182)
* mantic/linux: 6.5.0-42.42 -proposed tracker (LP: #2068188)
* CVE-2024-26925
- netfilter: nf_tables: release batch on table validation from abort path
- netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path
* CVE-2024-26924
- netfilter: nft_set_pipapo: do not free live element
* CVE-2024-26809
- netfilter: nft_set_pipapo: release elements in clone only from destroy path
* Mantic update: upstream stable patchset 2024-04-02 (LP: #2059991) //
CVE-2024-26809
- netfilter: nft_set_pipapo: store index in scratch maps
- netfilter: nft_set_pipapo: add helper to release pcpu scratch area
- netfilter: nft_set_pipapo: remove scratch_aligned pointer
* CVE-2024-26643
- netfilter: nf_tables: mark set as dead when unbinding anonymous set with
timeout
* mantic/linux: 6.5.0-41.41 -proposed tracker (LP: #2065893)
* CVE-2024-21823
- VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist
- dmaengine: idxd: add a new security check to deal with a hardware erratum
- dmaengine: idxd: add a write() method for applications to submit work
This bug was fixed in the package linux-starfive-6.5 - 6.5.0-1016. 17~22.04. 1
--------------- 1016.17~ 22.04.1) jammy; urgency=medium
linux-starfive-6.5 (6.5.0-
* jammy/linux- starfive- 6.5: 6.5.0-1016. 17~22.04. 1 -proposed tracker
(LP: #2068181)
[ Ubuntu: 6.5.0-1016.17 ]
* mantic/ linux-starfive: 6.5.0-1016.17 -proposed tracker (LP: #2068182)
* mantic/linux: 6.5.0-42.42 -proposed tracker (LP: #2068188)
* CVE-2024-26925
- netfilter: nf_tables: release batch on table validation from abort path
- netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path
* CVE-2024-26924
- netfilter: nft_set_pipapo: do not free live element
* CVE-2024-26809
- netfilter: nft_set_pipapo: release elements in clone only from destroy path
* Mantic update: upstream stable patchset 2024-04-02 (LP: #2059991) //
CVE-2024-26809
- netfilter: nft_set_pipapo: store index in scratch maps
- netfilter: nft_set_pipapo: add helper to release pcpu scratch area
- netfilter: nft_set_pipapo: remove scratch_aligned pointer
* CVE-2024-26643
- netfilter: nf_tables: mark set as dead when unbinding anonymous set with
timeout
* mantic/linux: 6.5.0-41.41 -proposed tracker (LP: #2065893)
* CVE-2024-21823
- VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist
- dmaengine: idxd: add a new security check to deal with a hardware erratum
- dmaengine: idxd: add a write() method for applications to submit work
-- Hannah Peuckmann <email address hidden> Thu, 20 Jun 2024 10:07:40 +0200