Xenial update to 4.4.82 stable release
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Xenial |
Fix Released
|
Medium
|
Stefan Bader |
Bug Description
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The 4.4.82 upstream stable
patch set is now available. It should be included in the Ubuntu
kernel as well.
TEST CASE: TBD
The following patches from the 4.4.82 stable release shall be applied:
* tcp: avoid setting cwnd to invalid ssthresh after cwnd reduction states
* net: fix keepalive code vs TCP_FASTOPEN_
* bpf, s390: fix jit branch offset related to ldimm64
* net: sched: set xt_tgchk_param par.nft_compat as 0 in ipt_init_target
* tcp: fastopen: tcp_connect() must refresh the route
* net: avoid skb_warn_
* sparc64: Prevent perf from running during super critical sections
* KVM: arm/arm64: Handle hva aging while destroying the vm
* mm/mempool: avoid KASAN marking mempool poison checks as use-after-free
* Linux 4.4.82
CVE References
tags: | added: kernel-stable-tracking-bug |
Changed in linux (Ubuntu Xenial): | |
assignee: | nobody → Stefan Bader (smb) |
importance: | Undecided → Medium |
status: | New → In Progress |
Changed in linux (Ubuntu): | |
status: | New → Invalid |
Changed in linux (Ubuntu Xenial): | |
status: | In Progress → Fix Committed |
Patch "packet: fix tp_reserve race in packet_set_ring" was skipped because it is already applied for CVE-2017-1000111.
Skipped a whole bunch of changes, namely:
* revert "net: account for current skb length when
deciding about UFO"
* revert "ipv4: Should use consistent conditional judgement for ip
fragment in __ip_append_data and ip_finish_output"
* udp: consistently apply ufo or fragmentation
* ipv4: Should use consistent conditional judgement for ip fragment
in __ip_append_data and ip_finish_output
* net: account for current skb length when deciding about UFO
I checked the resulting files net/ipv4/udp.c, net/ipv4/ ip_output. c, and net/ipv6/ ip6_output. c from the 4.4.y tree and our Xenial tree. And overall there is only one difference in the ip*_ouput.c files which come from applying "udp: avoid ufo handling on IP payload compression packets" and "ipv6: Don't use ufo handling on later transformed packets" which I picked as additional patches to be part of CVE-2017-1000112. And those still look like fixes to valid issues (though probably not directly related to the CVE). So I would suggest we stay at what we got right now.