Xenial update: 4.4.159 upstream stable release

Bug #1798617 reported by Stefan Bader on 2018-10-18
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Stefan Bader

Bug Description

SRU Justification

       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       4.4.159 upstream stable release
       from git://git.kernel.org/

The following patches will be applied:
* NFC: Fix possible memory corruption when handling SHDLC I-Frame commands
* NFC: Fix the number of pipes
* ASoC: cs4265: fix MMTLR Data switch control
* ALSA: bebob: use address returned by kmalloc() instead of kernel stack for
  streaming DMA mapping
* ALSA: emu10k1: fix possible info leak to userspace on SNDRV_EMU10K1_IOCTL_INFO
* platform/x86: alienware-wmi: Correct a memory leak
* xen/netfront: don't bug in case of too many frags
* xen/x86/vpmu: Zero struct pt_regs before calling into sample handling code
* ring-buffer: Allow for rescheduling when removing pages
* mm: shmem.c: Correctly annotate new inodes for lockdep
* gso_segment: Reset skb->mac_len after modifying network header
* ipv6: fix possible use-after-free in ip6_xmit()
* net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT
* net: hp100: fix always-true check for link up state
* neighbour: confirm neigh entries when ARP packet is received
* ocfs2: fix ocfs2 read block panic
* drm/nouveau/drm/nouveau: Use pm_runtime_get_noresume() in connector_detect()
* tty: vt_ioctl: fix potential Spectre v1
* ext4: avoid divide by zero fault when deleting corrupted inline directories
* ext4: recalucate superblock checksum after updating free blocks/inodes
* ext4: fix online resize's handling of a too-small final block group
* ext4: fix online resizing for bigalloc file systems with a 1k block size
* ext4: don't mark mmp buffer head dirty
* arm64: Add trace_hardirqs_off annotation in ret_to_user
* HID: sony: Update device ids
* HID: sony: Support DS4 dongle
* iw_cxgb4: only allow 1 flush on user qps
* Linux 4.4.159

CVE References

Stefan Bader (smb) on 2018-10-18
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Xenial):
assignee: nobody → Stefan Bader (smb)
importance: Undecided → Medium
status: New → In Progress
Changed in linux (Ubuntu):
status: New → Invalid
Stefan Bader (smb) wrote :

Minor context adjustment on "mm: shmem.c: Correctly annotate new inodes for lockdep".

Skipped "scsi: target: iscsi: Use hex2bin instead of a re-implementation" because it was already applied (slightly different name) for CVE-2018-14633.

Stefan Bader (smb) on 2018-10-18
description: updated
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (21.0 KiB)

This bug was fixed in the package linux - 4.4.0-139.165

linux (4.4.0-139.165) xenial; urgency=medium

  * linux: 4.4.0-139.165 -proposed tracker (LP: #1799401)

  * Kernel panic after the ubuntu_nbd_smoke_test on Xenial kernel (LP: #1793464)
    - nbd: Remove signal usage
    - nbd: Timeouts are not user requested disconnects
    - nbd: Cleanup reset of nbd and bdev after a disconnect
    - nbd: don't shutdown sock with irq's disabled
    - nbd: fix race in ioctl

  * fscache: bad refcounting in fscache_op_complete leads to OOPS (LP: #1797314)
    - SAUCE: fscache: Fix race in decrementing refcount of op->npages

  * xenial: virtio-scsi: CPU soft lockup due to loop in
    virtscsi_target_destroy() (LP: #1798110)
    - SAUCE: (no-up) virtio-scsi: Decrement reqs counter before SCSI command

  * Error reported when creating ZFS pool with "-t" option, despite successful
    pool creation (LP: #1769937)
    - SAUCE: (noup) Update zfs to

  * Xenial update: 4.4.160 upstream stable release (LP: #1798770)
    - crypto: skcipher - Fix -Wstringop-truncation warnings
    - tsl2550: fix lux1_input error in low light
    - vmci: type promotion bug in qp_host_get_user_memory()
    - x86/numa_emulation: Fix emulated-to-physical node mapping
    - staging: rts5208: fix missing error check on call to rtsx_write_register
    - uwb: hwa-rc: fix memory leak at probe
    - power: vexpress: fix corruption in notifier registration
    - Bluetooth: Add a new Realtek 8723DE ID 0bda:b009
    - USB: serial: kobil_sct: fix modem-status error handling
    - 6lowpan: iphc: reset mac_header after decompress to fix panic
    - md-cluster: clear another node's suspend_area after the copy is finished
    - media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt()
    - powerpc/kdump: Handle crashkernel memory reservation failure
    - media: fsl-viu: fix error handling in viu_of_probe()
    - x86/tsc: Add missing header to tsc_msr.c
    - x86/entry/64: Add two more instruction suffixes
    - scsi: target/iscsi: Make iscsit_ta_authentication() respect the output
      buffer size
    - scsi: klist: Make it safe to use klists in atomic context
    - scsi: ibmvscsi: Improve strings handling
    - usb: wusbcore: security: cast sizeof to int for comparison
    - powerpc/powernv/ioda2: Reduce upper limit for DMA window size
    - alarmtimer: Prevent overflow for relative nanosleep
    - s390/extmem: fix gcc 8 stringop-overflow warning
    - ALSA: snd-aoa: add of_node_put() in error path
    - media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power
    - media: soc_camera: ov772x: correct setting of banding filter
    - media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data
    - staging: android: ashmem: Fix mmap size validation
    - drivers/tty: add error handling for pcmcia_loop_config
    - media: tm6000: add error handling for dvb_register_adapter
    - ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge
    - ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock
    - rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication()
    - wlcore: Add missing PM call fo...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers