Xenial update: 4.4.159 upstream stable release

Bug #1798617 reported by Stefan Bader on 2018-10-18
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Xenial
Medium
Stefan Bader

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       4.4.159 upstream stable release
       from git://git.kernel.org/

The following patches will be applied:
* NFC: Fix possible memory corruption when handling SHDLC I-Frame commands
* NFC: Fix the number of pipes
* ASoC: cs4265: fix MMTLR Data switch control
* ALSA: bebob: use address returned by kmalloc() instead of kernel stack for
  streaming DMA mapping
* ALSA: emu10k1: fix possible info leak to userspace on SNDRV_EMU10K1_IOCTL_INFO
* platform/x86: alienware-wmi: Correct a memory leak
* xen/netfront: don't bug in case of too many frags
* xen/x86/vpmu: Zero struct pt_regs before calling into sample handling code
* ring-buffer: Allow for rescheduling when removing pages
* mm: shmem.c: Correctly annotate new inodes for lockdep
* gso_segment: Reset skb->mac_len after modifying network header
* ipv6: fix possible use-after-free in ip6_xmit()
* net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT
* net: hp100: fix always-true check for link up state
* neighbour: confirm neigh entries when ARP packet is received
* ocfs2: fix ocfs2 read block panic
* drm/nouveau/drm/nouveau: Use pm_runtime_get_noresume() in connector_detect()
* tty: vt_ioctl: fix potential Spectre v1
* ext4: avoid divide by zero fault when deleting corrupted inline directories
* ext4: recalucate superblock checksum after updating free blocks/inodes
* ext4: fix online resize's handling of a too-small final block group
* ext4: fix online resizing for bigalloc file systems with a 1k block size
* ext4: don't mark mmp buffer head dirty
* arm64: Add trace_hardirqs_off annotation in ret_to_user
* HID: sony: Update device ids
* HID: sony: Support DS4 dongle
* iw_cxgb4: only allow 1 flush on user qps
* Linux 4.4.159

CVE References

Stefan Bader (smb) on 2018-10-18
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Xenial):
assignee: nobody → Stefan Bader (smb)
importance: Undecided → Medium
status: New → In Progress
Changed in linux (Ubuntu):
status: New → Invalid
Stefan Bader (smb) wrote :

Minor context adjustment on "mm: shmem.c: Correctly annotate new inodes for lockdep".

Skipped "scsi: target: iscsi: Use hex2bin instead of a re-implementation" because it was already applied (slightly different name) for CVE-2018-14633.

Stefan Bader (smb) on 2018-10-18
description: updated
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (21.0 KiB)

This bug was fixed in the package linux - 4.4.0-139.165

---------------
linux (4.4.0-139.165) xenial; urgency=medium

  * linux: 4.4.0-139.165 -proposed tracker (LP: #1799401)

  * Kernel panic after the ubuntu_nbd_smoke_test on Xenial kernel (LP: #1793464)
    - nbd: Remove signal usage
    - nbd: Timeouts are not user requested disconnects
    - nbd: Cleanup reset of nbd and bdev after a disconnect
    - nbd: don't shutdown sock with irq's disabled
    - nbd: fix race in ioctl

  * fscache: bad refcounting in fscache_op_complete leads to OOPS (LP: #1797314)
    - SAUCE: fscache: Fix race in decrementing refcount of op->npages

  * xenial: virtio-scsi: CPU soft lockup due to loop in
    virtscsi_target_destroy() (LP: #1798110)
    - SAUCE: (no-up) virtio-scsi: Decrement reqs counter before SCSI command
      requeue

  * Error reported when creating ZFS pool with "-t" option, despite successful
    pool creation (LP: #1769937)
    - SAUCE: (noup) Update zfs to 0.6.5.6-0ubuntu26

  * Xenial update: 4.4.160 upstream stable release (LP: #1798770)
    - crypto: skcipher - Fix -Wstringop-truncation warnings
    - tsl2550: fix lux1_input error in low light
    - vmci: type promotion bug in qp_host_get_user_memory()
    - x86/numa_emulation: Fix emulated-to-physical node mapping
    - staging: rts5208: fix missing error check on call to rtsx_write_register
    - uwb: hwa-rc: fix memory leak at probe
    - power: vexpress: fix corruption in notifier registration
    - Bluetooth: Add a new Realtek 8723DE ID 0bda:b009
    - USB: serial: kobil_sct: fix modem-status error handling
    - 6lowpan: iphc: reset mac_header after decompress to fix panic
    - md-cluster: clear another node's suspend_area after the copy is finished
    - media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt()
    - powerpc/kdump: Handle crashkernel memory reservation failure
    - media: fsl-viu: fix error handling in viu_of_probe()
    - x86/tsc: Add missing header to tsc_msr.c
    - x86/entry/64: Add two more instruction suffixes
    - scsi: target/iscsi: Make iscsit_ta_authentication() respect the output
      buffer size
    - scsi: klist: Make it safe to use klists in atomic context
    - scsi: ibmvscsi: Improve strings handling
    - usb: wusbcore: security: cast sizeof to int for comparison
    - powerpc/powernv/ioda2: Reduce upper limit for DMA window size
    - alarmtimer: Prevent overflow for relative nanosleep
    - s390/extmem: fix gcc 8 stringop-overflow warning
    - ALSA: snd-aoa: add of_node_put() in error path
    - media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power
    - media: soc_camera: ov772x: correct setting of banding filter
    - media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data
    - staging: android: ashmem: Fix mmap size validation
    - drivers/tty: add error handling for pcmcia_loop_config
    - media: tm6000: add error handling for dvb_register_adapter
    - ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge
    - ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock
    - rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication()
    - wlcore: Add missing PM call fo...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers