Xenial update: 4.4.167 upstream stable release

Bug #1811077 reported by Juerg Haefliger on 2019-01-09
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Xenial
Undecided
Unassigned

Bug Description

    SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       4.4.167 upstream stable release
       from git://git.kernel.org/

Linux 4.4.167
mac80211: ignore NullFunc frames in the duplicate detection
mac80211: fix reordering of buffered broadcast packets
mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext
mac80211: Clear beacon_int in ieee80211_do_stop
mac80211_hwsim: Timer should be initialized before device registered
kgdboc: fix KASAN global-out-of-bounds bug in param_set_kgdboc_var()
tty: serial: 8250_mtk: always resume the device in probe.
cifs: Fix separator when building path from dentry
Staging: lustre: remove two build warnings
xhci: Prevent U1/U2 link pm states if exit latency is too long
SUNRPC: Fix leak of krb5p encode pages
virtio/s390: fix race in ccw_io_helper()
virtio/s390: avoid race on vcdev->config
ALSA: pcm: Fix interval evaluation with openmin/max
ALSA: pcm: Call snd_pcm_unlink() conditionally at closing
ALSA: pcm: Fix starvation on down_write_nonblock()
ALSA: hda: Add support for AMD Stoney Ridge
ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c
USB: check usb_get_extra_descriptor for proper size
usb: appledisplay: Add 27" Apple Cinema Display
usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device
net: amd: add missing of_node_put()
iommu/vt-d: Use memunmap to free memremap
net: faraday: ftmac100: remove netif_running(netdev) check before disabling interrupts
net/mlx4: Fix UBSAN warning of signed integer overflow
net/mlx4_core: Fix uninitialized variable compilation warning
net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command
qed: Fix reading wrong value in loop condition
qed: Fix PTT leak in qed_drain()
bnx2x: Assign unique DMAE channel number for FW DMAE transactions.
batman-adv: Expand merged fragment buffer for full packet
can: rcar_can: Fix erroneous registration
iommu/ipmmu-vmsa: Fix crash on early domain free
iommu/vt-d: Fix NULL pointer dereference in prq_event_thread()
usb: gadget: dummy: fix nonsensical comparisons
mm: mlock: avoid increase mm->locked_vm on mlock() when already mlock2(,MLOCK_ONFAULT)
mm: cleancache: fix corruption on missed inode invalidation
arc: [devboards] Add support of NFSv3 ACL
ARC: change defconfig defaults to ARCv2
Btrfs: fix use-after-free when dumping free space
btrfs: Always try all copies when reading extent buffers
Input: elan_i2c - add support for ELAN0621 touchpad
Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR
Input: elan_i2c - add ELAN0620 to the ACPI table
Input: matrix_keypad - check for errors from of_get_named_gpio()
Input: xpad - quirk all PDP Xbox One gamepads
leds: leds-gpio: Fix return value check in create_gpio_led()
leds: turn off the LED and wait for completion on unregistering LED class device
leds: call led_pwm_set() in leds-pwm to enforce default LED_OFF
kgdboc: Fix warning with module build
kgdboc: Fix restrict error
scsi: csiostor: Avoid content leaks and casts
ALSA: trident: Suppress gcc string warning
scsi: scsi_devinfo: cleanly zero-pad devinfo strings
drm/ast: Fix incorrect free on ioregs
mips: fix mips_get_syscall_arg o32 check
MIPS: ralink: Fix mt7620 nd_sd pinmux
uprobes: Fix handle_swbp() vs. unregister() + register() race once more
iser: set sector for ambiguous mr status errors
kdb: use memmove instead of overlapping memcpy
staging: rts5208: fix gcc-8 logic error warning
scsi: bfa: convert to strlcpy/strlcat
drm: gma500: fix logic error
ip_tunnel: Fix name string concatenate in __ip_tunnel_create()
kernfs: Replace strncpy with memcpy
unifdef: use memcpy instead of strncpy
kobject: Replace strncpy with memcpy
disable stringop truncation warnings for now
exec: avoid gcc-8 warning for get_task_comm
Kbuild: suppress packed-not-aligned warning for default setting only
misc: mic/scif: fix copy-paste error in scif_create_remote_lookup
usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series
USB: usb-storage: Add new IDs to ums-realtek
btrfs: release metadata before running delayed refs
dmaengine: at_hdmac: fix module unloading
dmaengine: at_hdmac: fix memory leak in at_dma_xlate()
ext2: fix potential use after free
ALSA: sparc: Fix invalid snd_free_pages() at error path
ALSA: control: Fix race between adding and removing a user element
ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write
ALSA: wss: Fix invalid snd_free_pages() at error path
Btrfs: ensure path name is null terminated at btrfs_control_ioctl
xtensa: fix coprocessor context offset definitions
xtensa: enable coprocessors that are being flushed
kvm: mmu: Fix race in emulated page table writes
usbnet: ipheth: fix potential recvmsg bug and recvmsg bug 2
s390/qeth: fix length check in SNMP processing
rapidio/rionet: do not free skb before reading its length
Revert "wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout()"
media: em28xx: Fix use-after-free when disconnecting

Juerg Haefliger (juergh) on 2019-01-09
Changed in linux (Ubuntu):
status: New → Invalid
tags: added: kernel-stable-tracking-bug
Juerg Haefliger (juergh) wrote :

Already applied patches:
  * mm: mlock: avoid increase mm->locked_vm on mlock() when already mlock2(,MLOCK_ONFAULT)

Changed in linux (Ubuntu Xenial):
status: New → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (33.2 KiB)

This bug was fixed in the package linux - 4.4.0-142.168

---------------
linux (4.4.0-142.168) xenial; urgency=medium

  * linux: 4.4.0-142.168 -proposed tracker (LP: #1811846)

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

  * iptables connlimit allows more connections than the limit when using
    multiple CPUs (LP: #1811094)
    - netfilter: xt_connlimit: don't store address in the conn nodes
    - SAUCE: netfilter: xt_connlimit: remove the 'addr' parameter in add_hlist()
    - netfilter: nf_conncount: expose connection list interface
    - netfilter: nf_conncount: Fix garbage collection with zones
    - netfilter: nf_conncount: fix garbage collection confirm race
    - netfilter: nf_conncount: don't skip eviction when age is negative

  * CVE-2017-5715
    - SAUCE: x86/speculation: Cleanup IBPB runtime control handling
    - SAUCE: x86/speculation: Cleanup IBRS runtime control handling
    - SAUCE: x86/speculation: Use x86_spec_ctrl_base in entry/exit code
    - SAUCE: x86/speculation: Move RSB_CTXSW hunk

  * Xenial update: 4.4.167 upstream stable release (LP: #1811077)
    - media: em28xx: Fix use-after-free when disconnecting
    - Revert "wlcore: Add missing PM call for
      wlcore_cmd_wait_for_event_or_timeout()"
    - rapidio/rionet: do not free skb before reading its length
    - s390/qeth: fix length check in SNMP processing
    - usbnet: ipheth: fix potential recvmsg bug and recvmsg bug 2
    - kvm: mmu: Fix race in emulated page table writes
    - xtensa: enable coprocessors that are being flushed
    - xtensa: fix coprocessor context offset definitions
    - Btrfs: ensure path name is null terminated at btrfs_control_ioctl
    - ALSA: wss: Fix invalid snd_free_pages() at error path
    - ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write
    - ALSA: control: Fix race between adding and removing a user element
    - ALSA: sparc: Fix invalid snd_free_pages() at error path
    - ext2: fix potential use after free
    - dmaengine: at_hdmac: fix memory leak in at_dma_xlate()
    - dmaengine: at_hdmac: fix module unloading
    - btrfs: release metadata before running delayed refs
    - USB: usb-storage: Add new IDs to ums-realtek
    - usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series
    - misc: mic/scif: fix copy-paste error in scif_create_remote_lookup
    - Kbuild: suppress packed-not-aligned warning for default setting only
    - exec: avoid gcc-8 warning for get_task_comm
    - disable stringop truncation warnings for now
    - kobject: Replace strncpy with memcpy
    - unifdef: use memcpy instead of strncpy
    - kernfs: Replace strncpy with memcpy
    - ip_tunnel: Fix name string concatenate in __ip_tunnel_create()
    - drm: gma500: fix logic error
    - scsi: bfa: convert to strlcpy/strlcat
    - staging: rts5208: fix gcc-8 logic error warning
    - kdb: use memmove instead of overlapping memcpy
    - iser: set sector for ambiguous mr status errors
    - uprobes: Fix handle_swbp() vs. unregister() + register() race once more
    - MIPS: ralink: Fix mt7620 nd_sd pinmux
    - mips: fix mips_get_syscall_arg o32 check
    - drm/ast: Fix incorrect free on ioregs
 ...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers