Xenial update to 4.4.132 stable release

Bug #1774173 reported by Juerg Haefliger on 2018-05-30
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)

Bug Description

SRU Justification

   The upstream process for stable tree updates is quite similar
   in scope to the Ubuntu SRU process, e.g., each patch has to
   demonstrably fix a bug, and each patch is vetted by upstream
   by originating either directly from a mainline/stable Linux tree
   or a minimally backported form of that patch. The 4.4.132 upstream
   stable stable patch set is now available. It should be included
   in the Ubuntu kernel as well.



   The following patches from the 4.4.132 stable release shall be

   * Linux 4.4.132
   * perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map()
   * perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[]
   * perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver
   * perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr
   * perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_*
   * tracing/uprobe_event: Fix strncpy corner case
   * Revert "Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174"
   * atm: zatm: Fix potential Spectre v1
   * net: atm: Fix potential Spectre v1
   * can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg()
   * tracing: Fix regex_match_front() to not over compare the test string
   * libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs
   * rfkill: gpio: fix memory leak in probe error path
   * xfrm_user: fix return value from xfrm_user_rcv_msg
   * f2fs: fix a dead loop in f2fs_fiemap()
   * bdi: Fix oops in wb_workfn()
   * tcp: fix TCP_REPAIR_QUEUE bound checking
   * perf: Remove superfluous allocation error check
   * soreuseport: initialise timewait reuseport field
   * dccp: initialize ireq->ir_mark
   * net: fix uninit-value in __hw_addr_add_ex()
   * net: initialize skb->peeked when cloning
   * net: fix rtnh_ok()
   * netlink: fix uninit-value in netlink_sendmsg
   * crypto: af_alg - fix possible uninit-value in alg_bind()
   * ipvs: fix rtnl_lock lockups caused by start_sync_thread
   * usb: musb: host: fix potential NULL pointer dereference
   * USB: serial: option: adding support for ublox R410M
   * USB: serial: option: reimplement interface masking
   * USB: Accept bulk endpoints with 1024-byte maxpacket
   * USB: serial: visor: handle potential invalid device configuration
   * test_firmware: fix setting old custom fw path back on exit, second try
   * drm/vmwgfx: Fix a buffer object leak
   * IB/mlx5: Use unlimited rate when static rate is not supported
   * NET: usb: qmi_wwan: add support for ublox R410M PID 0x90b2
   * RDMA/mlx5: Protect from shift operand overflow
   * RDMA/ucma: Allow resolving address w/o specifying source address
   * xfs: prevent creating negative-sized file via INSERT_RANGE
   * Input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook Pro
   * Input: leds - fix out of bound access
   * tracepoint: Do not warn on ENOMEM
   * ALSA: aloop: Add missing cable lock to ctl API callbacks
   * ALSA: aloop: Mark paused device as inactive
   * ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger()
   * ALSA: pcm: Check PCM state at xfern compat ioctl
   * USB: serial: option: Add support for Quectel EP06
   * gpmi-nand: Handle ECC Errors in erased pages
   * ath10k: rebuild crypto header in rx data frames
   * ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode
   * mac80211: Add RX flag to indicate ICV stripped
   * mac80211: allow same PN for AMSDU sub-frames
   * mac80211: allow not sending MIC up from driver for HW crypto
   * percpu: include linux/sched.h for cond_resched()
   * KVM: s390: Enable all facility bits that are known good for passthrough
   * bpf: map_get_next_key to return first key on NULL
   * perf/core: Fix the perf_cpu_time_max_percent check

CVE References

Juerg Haefliger (juergh) on 2018-05-30
Changed in linux (Ubuntu):
status: New → Invalid
description: updated
Juerg Haefliger (juergh) wrote :

Skipped the following patches (already applied):
   * KVM: s390: Enable all facility bits that are known good for passthrough

Stefan Bader (smb) on 2018-06-07
Changed in linux (Ubuntu Xenial):
importance: Undecided → Medium
status: New → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (29.8 KiB)

This bug was fixed in the package linux - 4.4.0-130.156

linux (4.4.0-130.156) xenial; urgency=medium

  * linux: 4.4.0-130.156 -proposed tracker (LP: #1776822)

  * CVE-2018-3665 (x86)
    - x86/fpu: Fix early FPU command-line parsing
    - x86/fpu: Fix 'no387' regression
    - x86/fpu: Disable MPX when eagerfpu is off
    - x86/fpu: Default eagerfpu=on on all CPUs
    - x86/fpu: Fix FNSAVE usage in eagerfpu mode
    - x86/fpu: Fix math emulation in eager fpu mode
    - x86/fpu: Fix eager-FPU handling on legacy FPU machines

linux (4.4.0-129.155) xenial; urgency=medium

  * linux: 4.4.0-129.155 -proposed tracker (LP: #1776352)

  * Xenial update to 4.4.134 stable release (LP: #1775771)
    - MIPS: ptrace: Expose FIR register through FP regset
    - MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs
    - KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable"
    - affs_lookup(): close a race with affs_remove_link()
    - aio: fix io_destroy(2) vs. lookup_ioctx() race
    - ALSA: timer: Fix pause event notification
    - mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register
    - libata: Blacklist some Sandisk SSDs for NCQ
    - libata: blacklist Micron 500IT SSD with MU01 firmware
    - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent
    - Revert "ipc/shm: Fix shmat mmap nil-page protection"
    - ipc/shm: fix shmat() nil address after round-down when remapping
    - kasan: fix memory hotplug during boot
    - kernel/sys.c: fix potential Spectre v1 issue
    - kernel/signal.c: avoid undefined behaviour in kill_something_info
    - xfs: remove racy hasattr check from attr ops
    - do d_instantiate/unlock_new_inode combinations safely
    - firewire-ohci: work around oversized DMA reads on JMicron controllers
    - NFSv4: always set NFS_LOCK_LOST when a lock is lost.
    - ALSA: hda - Use IS_REACHABLE() for dependency on input
    - ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read()
    - kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl
    - tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into
    - PCI: Add function 1 DMA alias quirk for Marvell 9128
    - tools lib traceevent: Simplify pointer print logic and fix %pF
    - perf callchain: Fix attr.sample_max_stack setting
    - tools lib traceevent: Fix get_field_str() for dynamic strings
    - dm thin: fix documentation relative to low water mark threshold
    - nfs: Do not convert nfs_idmap_cache_timeout to jiffies
    - watchdog: sp5100_tco: Fix watchdog disable bit
    - kconfig: Don't leak main menus during parsing
    - kconfig: Fix automatic menu creation mem leak
    - kconfig: Fix expr_free() E_NOT leak
    - ipmi/powernv: Fix error return code in ipmi_powernv_probe()
    - Btrfs: set plug for fsync
    - btrfs: Fix out of bounds access in btrfs_search_slot
    - Btrfs: fix scrub to repair raid6 corruption
    - scsi: fas216: fix sense buffer initialization
    - HID: roccat: prevent an out of bounds read in kovaplus_profile_activated()
    - jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path
    - powerpc/numa: Use ibm,max-associativity-domains to discover possib...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers