Xenial update to 4.4.133 stable release

Bug #1775477 reported by Stefan Bader on 2018-06-06
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Xenial
Medium
Unassigned

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The 4.4.133 upstream stable
       patch set is now available. It should be included in the Ubuntu
       kernel as well.

       git://git.kernel.org/

    TEST CASE: TBD

The following patches from the 4.4.133 stable release shall be applied:
* 8139too: Use disable_irq_nosync() in rtl8139_poll_controller()
* bridge: check iface upper dev when setting master via ioctl
* dccp: fix tasklet usage
* ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg
* llc: better deal with too small mtu
* net: ethernet: sun: niu set correct packet size in skb
* net/mlx4_en: Verify coalescing parameters are in range
* net_sched: fq: take care of throttled flows before reuse
* net: support compat 64-bit time in {s,g}etsockopt
* openvswitch: Don't swap table in nlattr_set() after OVS_ATTR_NESTED is found
* qmi_wwan: do not steal interfaces from class drivers
* r8169: fix powering up RTL8168h
* sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr
* sctp: use the old asoc when making the cookie-ack chunk in dupcook_d
* tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent().
* bonding: do not allow rlb updates to invalid mac
* tcp: ignore Fast Open on repair mode
* sctp: fix the issue that the cookie-ack with auth can't get processed
* sctp: delay the authentication for the duplicated cookie-echo chunk
* ALSA: timer: Call notifier in the same spinlock
* audit: move calcs after alloc and check when logging set loginuid
* arm64: introduce mov_q macro to move a constant into a 64-bit register
* arm64: Add work around for Arm Cortex-A55 Erratum 1024718
* futex: Remove unnecessary warning from get_futex_key
* futex: Remove duplicated code and fix undefined behaviour
* xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM)
* lockd: lost rollback of set_grace_period() in lockd_down_net()
* Revert "ARM: dts: imx6qdl-wandboard: Fix audio channel swap"
* l2tp: revert "l2tp: fix missing print session offset info"
* pipe: cap initial pipe capacity according to pipe-max-size limit
* futex: futex_wake_op, fix sign_extend32 sign bits
* kernel/exit.c: avoid undefined behaviour when calling wait4()
* usbip: usbip_host: refine probe and disconnect debug msgs to be useful
* usbip: usbip_host: delete device from busid_table after rebind
* usbip: usbip_host: run rebind from exit when module is removed
* usbip: usbip_host: fix NULL-ptr deref and use-after-free errors
* usbip: usbip_host: fix bad unlock balance during stub_probe()
* ALSA: usb: mixer: volume quirk for CM102-A+/102S+
* ALSA: hda: Add Lenovo C50 All in one to the power_save blacklist
* ALSA: control: fix a redundant-copy issue
* spi: pxa2xx: Allow 64-bit DMA
* powerpc/powernv: panic() on OPAL < V3
* powerpc/powernv: Remove OPALv2 firmware define and references
* powerpc/powernv: remove FW_FEATURE_OPALv3 and just use FW_FEATURE_OPAL
* cpuidle: coupled: remove unused define cpuidle_coupled_lock
* powerpc: Don't preempt_disable() in show_cpuinfo()
* vmscan: do not force-scan file lru if its absolute size is small
* mm: filemap: remove redundant code in do_read_cache_page
* mm: filemap: avoid unnecessary calls to lock_page when waiting for IO to complete
  during a read
* signals: avoid unnecessary taking of sighand->siglock
* tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all}
* proc read mm's {arg,env}_{start,end} with mmap semaphore taken.
* powerpc/powernv: Fix NVRAM sleep in invalid context when crashing
* mm: don't allow deferred pages with NEED_PER_CPU_KM
* s390/qdio: fix access to uninitialized qdio_q fields
* s390/qdio: don't release memory in qdio_setup_irq()
* s390: remove indirect branch from do_softirq_own_stack
* efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition
  for mixed mode
* ARM: 8771/1: kprobes: Prohibit kprobes on do_undefinstr
* tick/broadcast: Use for_each_cpu() specially on UP kernels
* ARM: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed
* ARM: 8770/1: kprobes: Prohibit probing on optimized_callback
* ARM: 8772/1: kprobes: Prohibit kprobes on get_user functions
* Btrfs: fix xattr loss after power failure
* btrfs: fix crash when trying to resume balance without the resume flag
* btrfs: fix reading stale metadata blocks after degraded raid1 mounts
* net: test tailroom before appending to linear skb
* packet: in packet_snd start writing at link layer allocation
* sock_diag: fix use-after-free read in __sk_free
* tcp: purge write queue in tcp_connect_init()
* ext2: fix a block leak
* s390: add assembler macros for CPU alternatives
* s390: move expoline assembler macros to a header
* s390/lib: use expoline for indirect branches
* s390/kernel: use expoline for indirect branches
* s390: move spectre sysfs attribute code
* s390: extend expoline to BC instructions
* s390: use expoline thunks in the BPF JIT
* scsi: libsas: defer ata device eh commands to libata
* scsi: sg: allocate with __GFP_ZERO in sg_build_indirect()
* scsi: zfcp: fix infinite iteration on ERP ready list
* dmaengine: ensure dmaengine helpers check valid callback
* time: Fix CLOCK_MONOTONIC_RAW sub-nanosecond accounting
* gpio: rcar: Add Runtime PM handling for interrupts
* cfg80211: limit wiphy names to 128 bytes
* hfsplus: stop workqueue when fill_super() failed
* x86/kexec: Avoid double free_page() upon do_kexec_load() failure
* Linux 4.4.133

CVE References

Stefan Bader (smb) on 2018-06-06
tags: added: kernel-stable-tracking-bug
Stefan Bader (smb) wrote :

* arm64: Add work around for Arm Cortex-A55 Erratum 1024718
  -> needed some backport which should be sanity checked
* proc: meminfo: estimate available memory more conservatively
  -> the conversion done was silently added when backporting
  mm/page_alloc.c: calculate 'available' memory in a separate function
* cpufreq: intel_pstate: Enable HWP by default
  -> already applied for bug 1674390
* procfs: fix pthread cross-thread naming if !PR_DUMPABLE
  -> already applied for bug 1690225
* s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero
  -> already applied for bug 1772593

Stefan Bader (smb) on 2018-06-07
description: updated
Changed in linux (Ubuntu Xenial):
importance: Undecided → Medium
status: New → In Progress
Changed in linux (Ubuntu):
status: New → Invalid
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Simon Arlott (sa.me.uk) wrote :

4.4.131 includes "sctp: do not check port in sctp_inet6_cmp_addr" that breaks combined AF_INET and AF_INET6 support in SCTP, it should be fixed in 4.4.133 with "sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr".

Stefan Bader (smb) wrote :

This (including stable up to 4.4.134) should be fixed in the current cycle: kernel version 4.4.0-129.155 or higher.

Launchpad Janitor (janitor) wrote :
Download full text (29.8 KiB)

This bug was fixed in the package linux - 4.4.0-130.156

---------------
linux (4.4.0-130.156) xenial; urgency=medium

  * linux: 4.4.0-130.156 -proposed tracker (LP: #1776822)

  * CVE-2018-3665 (x86)
    - x86/fpu: Fix early FPU command-line parsing
    - x86/fpu: Fix 'no387' regression
    - x86/fpu: Disable MPX when eagerfpu is off
    - x86/fpu: Default eagerfpu=on on all CPUs
    - x86/fpu: Fix FNSAVE usage in eagerfpu mode
    - x86/fpu: Fix math emulation in eager fpu mode
    - x86/fpu: Fix eager-FPU handling on legacy FPU machines

linux (4.4.0-129.155) xenial; urgency=medium

  * linux: 4.4.0-129.155 -proposed tracker (LP: #1776352)

  * Xenial update to 4.4.134 stable release (LP: #1775771)
    - MIPS: ptrace: Expose FIR register through FP regset
    - MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs
    - KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable"
    - affs_lookup(): close a race with affs_remove_link()
    - aio: fix io_destroy(2) vs. lookup_ioctx() race
    - ALSA: timer: Fix pause event notification
    - mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register
    - libata: Blacklist some Sandisk SSDs for NCQ
    - libata: blacklist Micron 500IT SSD with MU01 firmware
    - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent
    - Revert "ipc/shm: Fix shmat mmap nil-page protection"
    - ipc/shm: fix shmat() nil address after round-down when remapping
    - kasan: fix memory hotplug during boot
    - kernel/sys.c: fix potential Spectre v1 issue
    - kernel/signal.c: avoid undefined behaviour in kill_something_info
    - xfs: remove racy hasattr check from attr ops
    - do d_instantiate/unlock_new_inode combinations safely
    - firewire-ohci: work around oversized DMA reads on JMicron controllers
    - NFSv4: always set NFS_LOCK_LOST when a lock is lost.
    - ALSA: hda - Use IS_REACHABLE() for dependency on input
    - ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read()
    - kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl
    - tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into
      account
    - PCI: Add function 1 DMA alias quirk for Marvell 9128
    - tools lib traceevent: Simplify pointer print logic and fix %pF
    - perf callchain: Fix attr.sample_max_stack setting
    - tools lib traceevent: Fix get_field_str() for dynamic strings
    - dm thin: fix documentation relative to low water mark threshold
    - nfs: Do not convert nfs_idmap_cache_timeout to jiffies
    - watchdog: sp5100_tco: Fix watchdog disable bit
    - kconfig: Don't leak main menus during parsing
    - kconfig: Fix automatic menu creation mem leak
    - kconfig: Fix expr_free() E_NOT leak
    - ipmi/powernv: Fix error return code in ipmi_powernv_probe()
    - Btrfs: set plug for fsync
    - btrfs: Fix out of bounds access in btrfs_search_slot
    - Btrfs: fix scrub to repair raid6 corruption
    - scsi: fas216: fix sense buffer initialization
    - HID: roccat: prevent an out of bounds read in kovaplus_profile_activated()
    - jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path
    - powerpc/numa: Use ibm,max-associativity-domains to discover possib...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers