Comment 4 for bug 1555353

Revision history for this message
Launchpad Janitor (janitor) wrote : Re: integer overflow in xt_alloc_table_info

This bug was fixed in the package linux - 4.4.0-13.29

---------------
linux (4.4.0-13.29) xenial; urgency=low

  [ Tim Gardner ]

  * Release Tracking Bug
    - LP: #1556247

  * s390/mm: four page table levels vs. fork (LP: #1556141)
    - s390/mm: four page table levels vs. fork

  * [Hyper-V] network performance patches for Xenial 16.04 (LP: #1556037)
    - hv_netvsc: use skb_get_hash() instead of a homegrown implementation
    - hv_netvsc: cleanup netdev feature flags for netvsc

  * fails to boot on megaraid (LP: #1552903)
    - SAUCE: (noup) megaraid_sas: Don't issue kill adapter for MFI controllers in
      case of PD list DCMD failure

  * ALSA: hda - add codec support for Kabylake display audio codec (LP: #1556002)
    - ALSA: hda - add codec support for Kabylake display audio codec

  * Backport upstream bugfixes to ubuntu-16.04 (LP: #1555765)
    - cpufreq: powernv: Free 'chips' on module exit
    - cpufreq: powernv: Hot-plug safe the kworker thread
    - cpufreq: powernv: Remove cpu_to_chip_id() from hot-path
    - cpufreq: powernv/tracing: Add powernv_throttle tracepoint
    - cpufreq: powernv: Replace pr_info with trace print for throttle event
    - SAUCE: (noup) cpufreq: powernv: Fix bugs in powernv_cpufreq_{init/exit}

  * Linux netfilter IPT_SO_SET_REPLACE memory corruption (LP: #1555338)
    - SAUCE: [nf,v2] netfilter: x_tables: don't rely on well-behaving userspace

  * integer overflow in xt_alloc_table_info (LP: #1555353)
    - SAUCE: (noup) netfilter: x_tables: check for size overflow

  * linux: auto-generate the reconstruct information from the git tag (LP: #1555543)
    - [Packaging] reconstruct -- automatically reconstruct against base tag
    - [Config] reconstruct -- update to autoreconstruct output
    - [Packaging] reconstruct -- update when inserting final changes

  * Xenial update to v4.4.5 stable release (LP: #1555640)
    - use ->d_seq to get coherency between ->d_inode and ->d_flags
    - drivers: sh: Restore legacy clock domain on SuperH platforms
    - Btrfs: fix deadlock running delayed iputs at transaction commit time
    - btrfs: Fix no_space in write and rm loop
    - btrfs: async-thread: Fix a use-after-free error for trace
    - block: Initialize max_dev_sectors to 0
    - PCI: keystone: Fix MSI code that retrieves struct pcie_port pointer
    - parisc: Fix ptrace syscall number and return value modification
    - mips/kvm: fix ioctl error handling
    - kvm: x86: Update tsc multiplier on change.
    - fbcon: set a default value to blink interval
    - cifs: fix out-of-bounds access in lease parsing
    - CIFS: Fix SMB2+ interim response processing for read requests
    - Fix cifs_uniqueid_to_ino_t() function for s390x
    - vfio: fix ioctl error handling
    - KVM: x86: fix root cause for missed hardware breakpoints
    - arm/arm64: KVM: Fix ioctl error handling
    - iommu/amd: Apply workaround for ATS write permission check
    - iommu/amd: Fix boot warning when device 00:00.0 is not iommu covered
    - iommu/vt-d: Use BUS_NOTIFY_REMOVED_DEVICE in hotplug path
    - target: Fix WRITE_SAME/DISCARD conversion to linux 512b sectors
    - drm/ast: Fix incorrect register check for DRAM width
    - drm/radeon/pm: update current crtc info after setting the powerstate
    - drm/amdgpu/pm: update current crtc info after setting the powerstate
    - drm/amdgpu: apply gfx_v8 fixes to gfx_v7 as well
    - drm/amdgpu/gfx8: specify which engine to wait before vm flush
    - drm/amdgpu: return from atombios_dp_get_dpcd only when error
    - libata: fix HDIO_GET_32BIT ioctl
    - libata: Align ata_device's id on a cacheline
    - block: bio: introduce helpers to get the 1st and last bvec
    - writeback: flush inode cgroup wb switches instead of pinning super_block
    - Adding Intel Lewisburg device IDs for SATA
    - arm64: vmemmap: use virtual projection of linear region
    - PM / sleep / x86: Fix crash on graph trace through x86 suspend
    - ata: ahci: don't mark HotPlugCapable Ports as external/removable
    - tracing: Do not have 'comm' filter override event 'comm' field
    - pata-rb532-cf: get rid of the irq_to_gpio() call
    - Btrfs: fix loading of orphan roots leading to BUG_ON
    - Revert "jffs2: Fix lock acquisition order bug in jffs2_write_begin"
    - jffs2: Fix page lock / f->sem deadlock
    - Fix directory hardlinks from deleted directories
    - dmaengine: pxa_dma: fix cyclic transfers
    - adv7604: fix tx 5v detect regression
    - ALSA: usb-audio: Add a quirk for Plantronics DA45
    - ALSA: ctl: Fix ioctls for X32 ABI
    - ALSA: hda - Fix mic issues on Acer Aspire E1-472
    - ALSA: rawmidi: Fix ioctls X32 ABI
    - ALSA: timer: Fix ioctls for X32 ABI
    - ALSA: pcm: Fix ioctls for X32 ABI
    - ALSA: seq: oss: Don't drain at closing a client
    - ALSA: hdspm: Fix wrong boolean ctl value accesses
    - ALSA: hdsp: Fix wrong boolean ctl value accesses
    - ALSA: hdspm: Fix zero-division
    - ALSA: timer: Fix broken compat timer user status ioctl
    - usb: chipidea: otg: change workqueue ci_otg as freezable
    - USB: cp210x: Add ID for Parrot NMEA GPS Flight Recorder
    - USB: qcserial: add Dell Wireless 5809e Gobi 4G HSPA+ (rev3)
    - USB: qcserial: add Sierra Wireless EM74xx device ID
    - USB: serial: option: add support for Telit LE922 PID 0x1045
    - USB: serial: option: add support for Quectel UC20
    - MIPS: scache: Fix scache init with invalid line size.
    - MIPS: traps: Fix SIGFPE information leak from `do_ov' and `do_trap_or_bp'
    - ubi: Fix out of bounds write in volume update code
    - i2c: brcmstb: allocate correct amount of memory for regmap
    - thermal: cpu_cooling: fix out of bounds access in time_in_idle
    - block: check virt boundary in bio_will_gap()
    - block: get the 1st and last bvec via helpers
    - drm/i915: more virtual south bridge detection
    - drm/i915: refine qemu south bridge detection
    - modules: fix longstanding /proc/kallsyms vs module insertion race.
    - drm/amdgpu: fix topaz/tonga gmc assignment in 4.4 stable
    - Linux 4.4.5

  * QEMU: causes vCPU steal time overflow on live migration (LP: #1494350)
    - x86/mm: Fix slow_virt_to_phys() for X86_PAE again

  * TPM2.0 trusted keys fixes (LP: #1398274)
    - tpm_tis: further simplify calculation of ordinal duration
    - tpm_tis: Use devm_free_irq not free_irq
    - tpm_tis: Ensure interrupts are disabled when the driver starts
    - tpm: rework tpm_get_timeouts()
    - tpm_tis: Get rid of the duplicate IRQ probing code
    - tpm_tis: Refactor the interrupt setup
    - tpm_tis: Tighten IRQ auto-probing
    - tpm_ibmvtpm: properly handle interrupted packet receptions

  * linux: review all versioned depends/conflicts/replaces/breaks for validility (LP: #1555033)
    - [Config] control.stub.in -- review versioned Build-Depends:
    - [Config] control.stub.in -- review versioned
      Depends/Breaks/Conflicts/Replaces
    - [Config] flavour-control.stub -- review versioned Breaks/Conflicts/Replaces
    - [Config] x86 vars.* -- review versioned Breaks/Conflicts/Replaces

 -- Tim Gardner <email address hidden> Wed, 09 Mar 2016 05:11:51 -0700