Xenial update to 4.4.132 stable release

Bug #1774173 reported by Juerg Haefliger on 2018-05-30
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Xenial
Medium
Unassigned

Bug Description

SRU Justification

Impact:
   The upstream process for stable tree updates is quite similar
   in scope to the Ubuntu SRU process, e.g., each patch has to
   demonstrably fix a bug, and each patch is vetted by upstream
   by originating either directly from a mainline/stable Linux tree
   or a minimally backported form of that patch. The 4.4.132 upstream
   stable stable patch set is now available. It should be included
   in the Ubuntu kernel as well.

   git://git.kernel.org/

TEST CASE: TBD

   The following patches from the 4.4.132 stable release shall be
   applied:

   * Linux 4.4.132
   * perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map()
   * perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[]
   * perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver
   * perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr
   * perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_*
   * tracing/uprobe_event: Fix strncpy corner case
   * Revert "Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174"
   * atm: zatm: Fix potential Spectre v1
   * net: atm: Fix potential Spectre v1
   * can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg()
   * tracing: Fix regex_match_front() to not over compare the test string
   * libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs
   * rfkill: gpio: fix memory leak in probe error path
   * xfrm_user: fix return value from xfrm_user_rcv_msg
   * f2fs: fix a dead loop in f2fs_fiemap()
   * bdi: Fix oops in wb_workfn()
   * tcp: fix TCP_REPAIR_QUEUE bound checking
   * perf: Remove superfluous allocation error check
   * soreuseport: initialise timewait reuseport field
   * dccp: initialize ireq->ir_mark
   * net: fix uninit-value in __hw_addr_add_ex()
   * net: initialize skb->peeked when cloning
   * net: fix rtnh_ok()
   * netlink: fix uninit-value in netlink_sendmsg
   * crypto: af_alg - fix possible uninit-value in alg_bind()
   * ipvs: fix rtnl_lock lockups caused by start_sync_thread
   * usb: musb: host: fix potential NULL pointer dereference
   * USB: serial: option: adding support for ublox R410M
   * USB: serial: option: reimplement interface masking
   * USB: Accept bulk endpoints with 1024-byte maxpacket
   * USB: serial: visor: handle potential invalid device configuration
   * test_firmware: fix setting old custom fw path back on exit, second try
   * drm/vmwgfx: Fix a buffer object leak
   * IB/mlx5: Use unlimited rate when static rate is not supported
   * NET: usb: qmi_wwan: add support for ublox R410M PID 0x90b2
   * RDMA/mlx5: Protect from shift operand overflow
   * RDMA/ucma: Allow resolving address w/o specifying source address
   * xfs: prevent creating negative-sized file via INSERT_RANGE
   * Input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook Pro
   * Input: leds - fix out of bound access
   * tracepoint: Do not warn on ENOMEM
   * ALSA: aloop: Add missing cable lock to ctl API callbacks
   * ALSA: aloop: Mark paused device as inactive
   * ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger()
   * ALSA: pcm: Check PCM state at xfern compat ioctl
   * USB: serial: option: Add support for Quectel EP06
   * gpmi-nand: Handle ECC Errors in erased pages
   * ath10k: rebuild crypto header in rx data frames
   * ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode
   * mac80211: Add RX flag to indicate ICV stripped
   * mac80211: allow same PN for AMSDU sub-frames
   * mac80211: allow not sending MIC up from driver for HW crypto
   * percpu: include linux/sched.h for cond_resched()
   * KVM: s390: Enable all facility bits that are known good for passthrough
   * bpf: map_get_next_key to return first key on NULL
   * perf/core: Fix the perf_cpu_time_max_percent check

CVE References

Juerg Haefliger (juergh) on 2018-05-30
Changed in linux (Ubuntu):
status: New → Invalid
description: updated
Juerg Haefliger (juergh) wrote :

Skipped the following patches (already applied):
   * KVM: s390: Enable all facility bits that are known good for passthrough

Stefan Bader (smb) on 2018-06-07
Changed in linux (Ubuntu Xenial):
importance: Undecided → Medium
status: New → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (29.8 KiB)

This bug was fixed in the package linux - 4.4.0-130.156

---------------
linux (4.4.0-130.156) xenial; urgency=medium

  * linux: 4.4.0-130.156 -proposed tracker (LP: #1776822)

  * CVE-2018-3665 (x86)
    - x86/fpu: Fix early FPU command-line parsing
    - x86/fpu: Fix 'no387' regression
    - x86/fpu: Disable MPX when eagerfpu is off
    - x86/fpu: Default eagerfpu=on on all CPUs
    - x86/fpu: Fix FNSAVE usage in eagerfpu mode
    - x86/fpu: Fix math emulation in eager fpu mode
    - x86/fpu: Fix eager-FPU handling on legacy FPU machines

linux (4.4.0-129.155) xenial; urgency=medium

  * linux: 4.4.0-129.155 -proposed tracker (LP: #1776352)

  * Xenial update to 4.4.134 stable release (LP: #1775771)
    - MIPS: ptrace: Expose FIR register through FP regset
    - MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs
    - KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable"
    - affs_lookup(): close a race with affs_remove_link()
    - aio: fix io_destroy(2) vs. lookup_ioctx() race
    - ALSA: timer: Fix pause event notification
    - mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register
    - libata: Blacklist some Sandisk SSDs for NCQ
    - libata: blacklist Micron 500IT SSD with MU01 firmware
    - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent
    - Revert "ipc/shm: Fix shmat mmap nil-page protection"
    - ipc/shm: fix shmat() nil address after round-down when remapping
    - kasan: fix memory hotplug during boot
    - kernel/sys.c: fix potential Spectre v1 issue
    - kernel/signal.c: avoid undefined behaviour in kill_something_info
    - xfs: remove racy hasattr check from attr ops
    - do d_instantiate/unlock_new_inode combinations safely
    - firewire-ohci: work around oversized DMA reads on JMicron controllers
    - NFSv4: always set NFS_LOCK_LOST when a lock is lost.
    - ALSA: hda - Use IS_REACHABLE() for dependency on input
    - ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read()
    - kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl
    - tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into
      account
    - PCI: Add function 1 DMA alias quirk for Marvell 9128
    - tools lib traceevent: Simplify pointer print logic and fix %pF
    - perf callchain: Fix attr.sample_max_stack setting
    - tools lib traceevent: Fix get_field_str() for dynamic strings
    - dm thin: fix documentation relative to low water mark threshold
    - nfs: Do not convert nfs_idmap_cache_timeout to jiffies
    - watchdog: sp5100_tco: Fix watchdog disable bit
    - kconfig: Don't leak main menus during parsing
    - kconfig: Fix automatic menu creation mem leak
    - kconfig: Fix expr_free() E_NOT leak
    - ipmi/powernv: Fix error return code in ipmi_powernv_probe()
    - Btrfs: set plug for fsync
    - btrfs: Fix out of bounds access in btrfs_search_slot
    - Btrfs: fix scrub to repair raid6 corruption
    - scsi: fas216: fix sense buffer initialization
    - HID: roccat: prevent an out of bounds read in kovaplus_profile_activated()
    - jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path
    - powerpc/numa: Use ibm,max-associativity-domains to discover possib...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers