Bug #1634496 “proc_keys_show crash when reading /proc/keys” : Xenial (16.04) : Bugs : linux package : Ubuntu

Revision history for this message

In Red Hat Bugzilla #1373966, Adam (adam-redhat-bugs) wrote on 2016-09-07:

#9

It was found that when gcc stack protector is turned on, proc_keys_show() can cause a panic due to stack corruption. This happens because xbuf[] is not big enough to hold a 64-bit timeout rendered as weeks.

Product bug:

https://bugzilla.redhat.com/show_bug.cgi?id=1373499

Revision history for this message

In Red Hat Bugzilla #1373966, Adam (adam-redhat-bugs) wrote on 2016-09-07:

#10

Acknowledgments:

Name: Ondrej Kozina (Red Hat)

Revision history for this message

In Red Hat Bugzilla #1373966, Vladis (vladis-redhat-bugs) wrote on 2016-09-12:

#11

Statement:

This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.

This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG-2. Future Linux kernel updates for the respective releases might address this issue.

Revision history for this message

In Red Hat Bugzilla #1373966, Vladis (vladis-redhat-bugs) wrote on 2016-09-12:

#12

Created attachment 1200212
Fix for buffer overflow in proc_keys_show

Revision history for this message

In Red Hat Bugzilla #1373966, Vladis (vladis-redhat-bugs) wrote on 2016-10-13:

#13

cve-id CVE-2016-7042 was assigned to this flaw internally by the Red Hat. please, use it in the public communications regarding this flaw.

Colin Ian King (colin-king) on 2016-10-18

Changed in linux (Ubuntu):
importance:	Undecided → High
status:	New → In Progress

Colin Ian King (colin-king) on 2016-10-18

information type:	Private Security → Public Security
Changed in linux (Ubuntu):
assignee:	nobody → Colin Ian King (colin-king)

Seth Forshee (sforshee) on 2016-10-20

Changed in linux (Ubuntu Precise):
importance:	Undecided → High
status:	New → In Progress
Changed in linux (Ubuntu Trusty):
importance:	Undecided → High
status:	New → In Progress
Changed in linux (Ubuntu Vivid):
assignee:	nobody → Colin Ian King (colin-king)
importance:	Undecided → High
status:	New → In Progress
Changed in linux (Ubuntu Precise):
assignee:	nobody → Colin Ian King (colin-king)
Changed in linux (Ubuntu Trusty):
assignee:	nobody → Colin Ian King (colin-king)
Changed in linux (Ubuntu Xenial):
assignee:	nobody → Colin Ian King (colin-king)
importance:	Undecided → High
status:	New → In Progress
Changed in linux (Ubuntu Yakkety):
assignee:	nobody → Colin Ian King (colin-king)
importance:	Undecided → High
status:	New → In Progress

Seth Forshee (sforshee) on 2016-10-20

Changed in linux (Ubuntu Yakkety):
status:	In Progress → Fix Committed
Changed in linux (Ubuntu Xenial):
status:	In Progress → Fix Committed

Seth Forshee (sforshee) on 2016-10-20

Changed in linux (Ubuntu Vivid):
status:	In Progress → Fix Committed

Seth Forshee (sforshee) on 2016-10-20

Changed in linux (Ubuntu Trusty):
status:	In Progress → Fix Committed

Seth Forshee (sforshee) on 2016-10-20

Changed in linux (Ubuntu Precise):
status:	In Progress → Fix Committed

Revision history for this message

Seth Forshee (sforshee) wrote on 2016-11-07:

#1

Verified that this is fixed in all -proposed kernels. In precise /proc/keys is not present as a result of CONFIG_KEYS_DEBUG_PROC_KEYS=n, however it's a trivial fix and there's no harm in carrying the patch.

tags:

added: verification-done-precise verification-done-trusty verification-done-vivid verification-done-xenial verification-done-yakkety

Revision history for this message

Launchpad Janitor (janitor) wrote on 2016-11-09:

#2

This bug was fixed in the package linux - 3.2.0-115.157

---------------
linux (3.2.0-115.157) precise; urgency=low

[ Seth Forshee ]

* Release Tracking Bug
- LP: #1636537

  * CVE-2016-5195
    - Revert "UBUNTU:SAUCE: mm: remove gup_flags FOLL_WRITE games from
      __get_user_pages()"
    - mm, gup: close FOLL MAP_PRIVATE race

linux (3.2.0-114.156) precise; urgency=low

[ Seth Forshee ]

* Release Tracking Bug
- LP: #1635436

  * proc_keys_show crash when reading /proc/keys (LP: #1634496)
    - SAUCE: KEYS: ensure xbuf is large enough to fix buffer overflow in
      proc_keys_show (LP: #1634496)

* CVE-2016-7117
- net: Fix use after free in the recvmmsg exit path

* CVE-2015-7833
- usbvision: revert commit 588afcc1

-- Seth Forshee <email address hidden> Tue, 25 Oct 2016 09:58:32 -0500

Changed in linux (Ubuntu Precise):
status:	Fix Committed → Fix Released
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2016-11-09:

#4

Download full text (12.7 KiB)

This bug was fixed in the package linux - 3.13.0-101.148

---------------
linux (3.13.0-101.148) trusty; urgency=low

[ Seth Forshee ]

* Release Tracking Bug
- LP: #1635430

  * [arm64] nova instances can't boot with 3.13.0-92 (LP: #1608854)
    - Revert "efi: Disable interrupts around EFI calls, not in the epilog/prolog
      calls"
    - Revert "x86/efi: Use all 64 bit of efi_memmap in setup_e820()"
    - Revert "x86/efi: Store upper bits of command line buffer address in
      ext_cmd_line_ptr"
    - Revert "efivarfs: Ensure VariableName is NUL-terminated"
    - Revert "efi/libstub: Fix boundary checking in efi_high_alloc()"
    - Revert "arm64: efi: only attempt efi map setup if booting via EFI"
    - Revert "UBUNTU: arm64: Implement efi_enabled()"
    - Revert "efi/arm64: ignore dtb= when UEFI SecureBoot is enabled"
    - Revert "doc: arm64: add description of EFI stub support"
    - Revert "UBUNTU: Move get_dram_base to arm private file"
    - Revert "arm64: efi: add EFI stub"
    - Revert "arm64: add EFI runtime services"
    - Revert "efi: Add shared FDT related functions for ARM/ARM64"
    - Revert "efi: add helper function to get UEFI params from FDT"
    - Revert "doc: efi-stub.txt updates for ARM"
    - Revert "efi: Add get_dram_base() helper function"
    - Revert "efi: create memory map iteration helper"
    - Revert "x86, ia64: Move EFI_FB vga_default_device() initialization to
      pci_vga_fixup()"
    - Revert "firmware: Do not use WARN_ON(!spin_is_locked())"
    - Revert "efi-pstore: Fix an overflow on 32-bit builds"
    - Revert "x86/efi: Fix 32-bit fallout"
    - Revert "x86/efi: Check krealloc return value"
    - Revert "x86/efi: Runtime services virtual mapping"
    - Revert "x86/efi: Fix off-by-one bug in EFI Boot Services reservation"
    - x86/efi: Simplify EFI_DEBUG
    - x86/efi: Runtime services virtual mapping
    - x86/efi: Check krealloc return value
    - SAUCE: Merge tag 'efi-next' of
      git://git.kernel.org/pub/scm/linux/kernel/git/mfleming/efi into x86/efi
    - doc: Fix trivial spelling mistake in efi-stub.txt
    - x86/efi: Remove unused variables in __map_region()
    - x86/efi: Add a wrapper function efi_map_region_fixed()
    - x86/efi: Fix off-by-one bug in EFI Boot Services reservation
    - x86/efi: Cleanup efi_enter_virtual_mode() function
    - efi: Export more EFI table variables to sysfs
    - [Config] CONFIG_EFI_RUNTIME_MAP=y
    - efi: Export EFI runtime memory mapping to sysfs
    - x86/efi: Pass necessary EFI data for kexec via setup_data
    - x86/efi: Delete superfluous global variables
    - x86/efi: parse_efi_setup() build fix
    - SAUCE: Merge tag 'v3.13-rc7' into x86/efi-kexec to resolve conflicts
    - x86/efi: Allow mapping BGRT on x86-32
    - x86/efi: Fix 32-bit fallout
    - x86/efi: Check status field to validate BGRT header
    - x86/efi: Quirk out SGI UV
    - v3.14 - Bacported EFI up to v3.14
    - efi: Move facility flags to struct efi
    - efi: Set feature flags inside feature init functions
    - efivarfs: 'efivarfs_file_write' function reorganization
    - x86/efi: Delete out-of-date comments of efi_query_variable_store
    - x86/efi: Style neatening
    - x8...

This bug was fixed in the package linux - 3.13.0-101.148

---------------
linux (3.13.0-101.148) trusty; urgency=low

[ Seth Forshee ]

* Release Tracking Bug
    - LP: #1635430

* [arm64] nova instances can't boot with 3.13.0-92 (LP: #1608854)
    - Revert "efi: Disable interrupts around EFI calls, not in the epilog/prolog
      calls"
    - Revert "x86/efi: Use all 64 bit of efi_memmap in setup_e820()"
    - Revert "x86/efi: Store upper bits of command line buffer address in
      ext_cmd_line_ptr"
    - Revert "efivarfs: Ensure VariableName is NUL-terminated"
    - Revert "efi/libstub: Fix boundary checking in efi_high_alloc()"
    - Revert "arm64: efi: only attempt efi map setup if booting via EFI"
    - Revert "UBUNTU: arm64: Implement efi_enabled()"
    - Revert "efi/arm64: ignore dtb= when UEFI SecureBoot is enabled"
    - Revert "doc: arm64: add description of EFI stub support"
    - Revert "UBUNTU: Move get_dram_base to arm private file"
    - Revert "arm64: efi: add EFI stub"
    - Revert "arm64: add EFI runtime services"
    - Revert "efi: Add shared FDT related functions for ARM/ARM64"
    - Revert "efi: add helper function to get UEFI params from FDT"
    - Revert "doc: efi-stub.txt updates for ARM"
    - Revert "efi: Add get_dram_base() helper function"
    - Revert "efi: create memory map iteration helper"
    - Revert "x86, ia64: Move EFI_FB vga_default_device() initialization to
      pci_vga_fixup()"
    - Revert "firmware: Do not use WARN_ON(!spin_is_locked())"
    - Revert "efi-pstore: Fix an overflow on 32-bit builds"
    - Revert "x86/efi: Fix 32-bit fallout"
    - Revert "x86/efi: Check krealloc return value"
    - Revert "x86/efi: Runtime services virtual mapping"
    - Revert "x86/efi: Fix off-by-one bug in EFI Boot Services reservation"
    - x86/efi: Simplify EFI_DEBUG
    - x86/efi: Runtime services virtual mapping
    - x86/efi: Check krealloc return value
    - SAUCE: Merge tag 'efi-next' of
      git://git.kernel.org/pub/scm/linux/kernel/git/mfleming/efi into x86/efi
    - doc: Fix trivial spelling mistake in efi-stub.txt
    - x86/efi: Remove unused variables in __map_region()
    - x86/efi: Add a wrapper function efi_map_region_fixed()
    - x86/efi: Fix off-by-one bug in EFI Boot Services reservation
    - x86/efi: Cleanup efi_enter_virtual_mode() function
    - efi: Export more EFI table variables to sysfs
    - [Config] CONFIG_EFI_RUNTIME_MAP=y
    - efi: Export EFI runtime memory mapping to sysfs
    - x86/efi: Pass necessary EFI data for kexec via setup_data
    - x86/efi: Delete superfluous global variables
    - x86/efi: parse_efi_setup() build fix
    - SAUCE: Merge tag 'v3.13-rc7' into x86/efi-kexec to resolve conflicts
    - x86/efi: Allow mapping BGRT on x86-32
    - x86/efi: Fix 32-bit fallout
    - x86/efi: Check status field to validate BGRT header
    - x86/efi: Quirk out SGI UV
    - v3.14 - Bacported EFI up to v3.14
    - efi: Move facility flags to struct efi
    - efi: Set feature flags inside feature init functions
    - efivarfs: 'efivarfs_file_write' function reorganization
    - x86/efi: Delete out-of-date comments of efi_query_variable_store
    - x86/efi: Style neatening
    - x86/efi: Dump the EFI page table
    - x86, pageattr: Export page unmapping interface
    - x86/efi: Make efi virtual runtime map passing more robust
    - x86/efi: Split efi_enter_virtual_mode
    - ia64/efi: Implement efi_enabled()
    - efi: Use NULL instead of 0 for pointer
    - x86, tools: Consolidate #ifdef code
    - x86/efi: Delete dead code when checking for non-native
    - efi: Add separate 32-bit/64-bit definitions
    - x86/efi: Build our own EFI services pointer table
    - x86/efi: Add early thunk code to go from 64-bit to 32-bit
    - x86/efi: Firmware agnostic handover entry points
    - [Config] CONFIG_EFI_MIXED=y
    - x86/efi: Wire up CONFIG_EFI_MIXED
    - x86/efi: Re-disable interrupts after calling firmware services
    - SAUCE: Merge remote-tracking branch 'tip/x86/efi-mixed' into efi-for-mingo
    - x86, tools: Fix up compiler warnings
    - x86/efi: Preserve segment registers in mixed mode
    - x86/efi: Rip out phys_efi_get_time()
    - x86/efi: Restore 'attr' argument to query_variable_info()
    - SAUCE: merge with v3.15
    - fs/efivarfs/super.c: use static const for dentry_operations
    - SAUCE: merge with v3.16
    - efi: efi-stub-helper cleanup
    - efi: create memory map iteration helper
    - efi: Add shared printk wrapper for consistent prefixing
    - efi: Add get_dram_base() helper function
    - efi: x86: Handle arbitrary Unicode characters
    - x86/efi: Delete most of the efi_call* macros
    - x86/efi: Implement a __efi_call_virt macro
    - x86/efi: Save and restore FPU context around efi_calls (x86_64)
    - x86/efi: Save and restore FPU context around efi_calls (i386)
    - efivars: Use local variables instead of a pointer dereference
    - efivars: Check size of user object
    - efivars: Stop passing a struct argument to efivar_validate()
    - efivars: Refactor sanity checking code into separate function
    - efivars: Add compatibility code for compat tasks
    - doc: efi-stub.txt updates for ARM
    - efi: add helper function to get UEFI params from FDT
    - efi: Add shared FDT related functions for ARM/ARM64
    - [Config] CONFIG_LIBFDT=y
    - arm64: add EFI runtime services
    - arm64: efi: add EFI stub
    - doc: arm64: add description of EFI stub support
    - efi/arm64: ignore dtb= when UEFI SecureBoot is enabled
    - arm64: efi: only attempt efi map setup if booting via EFI
    - efi-pstore: Fix an overflow on 32-bit builds
    - firmware: Do not use WARN_ON(!spin_is_locked())
    - x86, ia64: Move EFI_FB vga_default_device() initialization to
      pci_vga_fixup()
    - efivarfs: Ensure VariableName is NUL-terminated
    - x86/efi: Store upper bits of command line buffer address in ext_cmd_line_ptr
    - x86/efi: Use all 64 bit of efi_memmap in setup_e820()
    - efi: Disable interrupts around EFI calls, not in the epilog/prolog calls
    - x86/efi: Fix boot failure with EFI stub
    - x86/efi: Fix boot crash by mapping EFI memmap entries bottom-up at runtime,
      instead of top-down
    - efi/libstub: Fix boundary checking in efi_high_alloc()
    - efi: Fix compiler warnings (unused, const, type)
    - efi: fdt: Do not report an error during boot if UEFI is not available
    - efi: Make our variable validation list include the guid
    - lib/ucs2_string: Add ucs2 -> utf8 helper functions
    - efi: Use ucs2_as_utf8 in efivarfs instead of open coding a bad version
    - efi/reboot: Add generic wrapper around EfiResetSystem()
    - efi/arm64: efistub: remove local copy of linux_banner
    - x86/reboot: Add EFI reboot quirk for ACPI Hardware Reduced flag
    - efi/reboot: Allow powering off machines using EFI
    - efi: Fix error handling in add_sysfs_runtime_map_entry()
    - efi: Small leak on error in runtime map code
    - arm64/efi: map the entire UEFI vendor string before reading it
    - arm64/efi: add missing call to early_ioremap_reset()
    - efi/arm64: Store Runtime Services revision
    - SAUCE: UEFI: Add secure_modules() call
    - SAUCE: UEFI: PCI: Lock down BAR access when module security is enabled
    - SAUCE: UEFI: x86: Lock down IO port access when module security is enabled
    - SAUCE: UEFI: ACPI: Limit access to custom_method
    - SAUCE: UEFI: asus-wmi: Restrict debugfs interface when module loading is
      restricted
    - SAUCE: UEFI: Restrict /dev/mem and /dev/kmem when module loading is
      restricted
    - SAUCE: UEFI: acpi: Ignore acpi_rsdp kernel parameter when module loading is
      restricted
    - SAUCE: UEFI: kexec: Disable at runtime if the kernel enforces module loading
      restrictions
    - SAUCE: UEFI: x86: Restrict MSR access when module loading is restricted
    - [Config] CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE=y
    - SAUCE: UEFI: Add option to automatically enforce module signatures when in
      Secure Boot mode
    - SAUCE: UEFI: efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI
    - SAUCE: UEFI MODSIGN: Import certificates from UEFI Secure Boot
    - SAUCE: UEFI: efi: Disable secure boot if shim is in insecure mode
    - SAUCE: UEFI: Display MOKSBState when disabled
    - SAUCE: UEFI: Add secure boot and MOK SB State disabled sysctl
    - SAUCE: UEFI: Set EFI_SECURE_BOOT bit in x86_efi_facility
    - Revert "x86/efi: Save and restore FPU context around efi_calls (x86_64)"
    - [Config] CONFIG_RTC_DRV_EFI=y

* proc_keys_show crash when reading /proc/keys (LP: #1634496)
    - KEYS: ensure xbuf is large enough to fix buffer overflow in proc_keys_show
      (LP: #1634496)

* [Trusty->Yakkety] powerpc/64: Fix incorrect return value from
    __copy_tofrom_user (LP: #1632462)
    - SAUCE: (no-up) powerpc/64: Fix incorrect return value from
      __copy_tofrom_user

* Ubuntu 16.10: Oops panic in move_page_tables/page_remove_rmap after running
    memory_stress_ng. (LP: #1628976)
    - SAUCE: (no-up) powerpc/pseries: Fix stack corruption in htpe code

* sha1-powerpc returning wrong results (LP: #1629977)
    - crypto: sha1-powerpc - little-endian support

* linux: Implement secure boot state variables (LP: #1593075)
    - SAUCE: UEFI: Add secure boot and MOK SB State disabled sysctl
    - SAUCE: UEFI: Set EFI_SECURE_BOOT bit in x86_efi_facility

* linux: MokSBState is ignored (LP: #1571691)
    - SAUCE: UEFI MODSIGN: Import certificates from UEFI Secure Boot
    - SAUCE: UEFI: efi: Disable secure boot if shim is in insecure mode
    - SAUCE: UEFI: Display MOKSBState when disabled

* linux: Enforce signed module loading when UEFI secure boot (LP: #1566221)
    - SAUCE: UEFI: Add secure_modules() call
    - SAUCE: UEFI: PCI: Lock down BAR access when module security is enabled
    - SAUCE: UEFI: x86: Lock down IO port access when module security is enabled
    - SAUCE: UEFI: ACPI: Limit access to custom_method
    - SAUCE: UEFI: asus-wmi: Restrict debugfs interface when module loading is
      restricted
    - SAUCE: UEFI: Restrict /dev/mem and /dev/kmem when module loading is
      restricted
    - SAUCE: UEFI: acpi: Ignore acpi_rsdp kernel parameter when module loading is
      restricted
    - SAUCE: UEFI: kexec: Disable at runtime if the kernel enforces module loading
      restrictions
    - SAUCE: UEFI: x86: Restrict MSR access when module loading is restricted
    - SAUCE: UEFI: Add option to automatically enforce module signatures when in
      Secure Boot mode
    - SAUCE: UEFI: efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI
    - SAUCE: UEFI MODSIGN: Import certificates from UEFI Secure Boot
    - SAUCE: UEFI: efi: Disable secure boot if shim is in insecure mode
    - SAUCE: UEFI: Display MOKSBState when disabled

* Utopic update to 3.16.7-ckt5 stable release (LP: #1419125)
    - arm64/efi: add missing call to early_ioremap_reset()

* Trusty update to 3.16.7-ckt17 stable release (LP: #1500484)
    - arm64/efi: map the entire UEFI vendor string before reading it

* Utopic update to 3.16.7-ckt8 stable release (LP: #1434595)
    - efi: Small leak on error in runtime map code

* Utopic update to 3.16.7-ckt12 stable release (LP: #1465613)
    - efi/reboot: Add generic wrapper around EfiResetSystem()
    - x86/reboot: Add EFI reboot quirk for ACPI Hardware Reduced flag
    - efi/reboot: Allow powering off machines using EFI
    - efi: Fix error handling in add_sysfs_runtime_map_entry()

* Trusty update to 3.16.7-ckt26 stable release (LP: #1563345)
    - efi: Make our variable validation list include the guid
    - lib/ucs2_string: Add ucs2 -> utf8 helper functions
    - efi: Use ucs2_as_utf8 in efivarfs instead of open coding a bad version

* Utopic update to 3.16.7-ckt9 stable release (LP: #1441317)
    - efi/libstub: Fix boundary checking in efi_high_alloc()

* Trusty update to 3.16.7-ckt19 stable release (LP: #1514911)
    - x86/efi: Fix boot crash by mapping EFI memmap entries bottom-up at runtime,
      instead of top-down

* Boot failure with EFI stub (LP: #1603476)
    - x86/efi: Fix boot failure with EFI stub

* Trusty update to v3.13.11-ckt33 stable release (LP: #1538756)
    - efi: Disable interrupts around EFI calls, not in the epilog/prolog calls

* Trusty update to 3.13.11-ckt26 stable release (LP: #1493305)
    - x86/efi: Use all 64 bit of efi_memmap in setup_e820()

* Trusty update to v3.13.11.9 stable release (LP: #1381234)
    - x86, ia64: Move EFI_FB vga_default_device() initialization to
      pci_vga_fixup()

* CVE-2015-7833
    - usbvision: revert commit 588afcc1

* CVE-2014-9904
    - ALSA: compress: fix an integer overflow check

* CVE-2015-3288
    - mm: avoid setting up anonymous pages into file mapping

* CVE-2016-3961 (LP: #1571020)
    - mm: hugetlb: allow hugepages_supported to be architecture specific
    - s390/hugetlb: add hugepages_supported define
    - x86/mm/xen: Suppress hugetlbfs in PV guests

-- Seth Forshee <seth.forshee@canonical.com>  Thu, 20 Oct 2016 16:50:48 -0500

Changed in linux (Ubuntu Trusty):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2016-11-09:

#5

This bug was fixed in the package linux - 3.19.0-74.82

---------------
linux (3.19.0-74.82) vivid; urgency=low

[ Seth Forshee ]

* Release Tracking Bug
- LP: #1635424

  * proc_keys_show crash when reading /proc/keys (LP: #1634496)
    - SAUCE: KEYS: ensure xbuf is large enough to fix buffer overflow in
      proc_keys_show (LP: #1634496)

* CVE-2015-7833
- usbvision: revert commit 588afcc1

  * CVE-2015-7837
    - SAUCE: (no-up) kexec/uefi: copy secure_boot flag in boot params across kexec
      reboot

-- Seth Forshee <email address hidden> Thu, 20 Oct 2016 16:26:38 -0500

Changed in linux (Ubuntu Vivid):
status:	Fix Committed → Fix Released
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2016-11-09:

#7

This bug was fixed in the package linux - 4.4.0-47.68

---------------
linux (4.4.0-47.68) xenial; urgency=low

[ Kamal Mostafa ]

* Release Tracking Bug
- LP: #1636941

  * Add a driver for Amazon Elastic Network Adapters (ENA) (LP: #1635721)
    - lib/bitmap.c: conversion routines to/from u32 array
    - net: ethtool: add new ETHTOOL_xLINKSETTINGS API
    - net: ena: Add a driver for Amazon Elastic Network Adapters (ENA)
    - [config] enable CONFIG_ENA_ETHERNET=m (Amazon ENA driver)

* unexpectedly large memory usage of mounted snaps (LP: #1636847)
- [Config] switch squashfs to single threaded decode

-- Kamal Mostafa <email address hidden> Wed, 26 Oct 2016 10:47:55 -0700

Changed in linux (Ubuntu Xenial):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2016-11-09:

#8

Download full text (3.4 KiB)

This bug was fixed in the package linux - 4.8.0-27.29

---------------
linux (4.8.0-27.29) yakkety; urgency=low

[ Seth Forshee ]

* Release Tracking Bug
- LP: #1635377

  * proc_keys_show crash when reading /proc/keys (LP: #1634496)
    - SAUCE: KEYS: ensure xbuf is large enough to fix buffer overflow in
      proc_keys_show (LP: #1634496)

  * Revert "If zone is so small that watermarks are the same, stop zone balance"
    in yakkety (LP: #1632894)
    - Revert "UBUNTU: SAUCE: (no-up) If zone is so small that watermarks are the
      same, stop zone balance."

* lts-yakkety 4.8 cannot mount lvm raid1 (LP: #1631298)
- SAUCE: (no-up) dm raid: fix compat_features validation

  * kswapd0 100% CPU usage (LP: #1518457)
    - SAUCE: (no-up) If zone is so small that watermarks are the same, stop zone
      balance.

  * [Trusty->Yakkety] powerpc/64: Fix incorrect return value from
    __copy_tofrom_user (LP: #1632462)
    - SAUCE: (no-up) powerpc/64: Fix incorrect return value from
      __copy_tofrom_user

  * Ubuntu 16.10: Oops panic in move_page_tables/page_remove_rmap after running
    memory_stress_ng. (LP: #1628976)
    - SAUCE: (no-up) powerpc/pseries: Fix stack corruption in htpe code

  * Paths not failed properly when unmapping virtual FC ports in VIOS (using
    ibmvfc) (LP: #1632116)
    - scsi: ibmvfc: Fix I/O hang when port is not mapped

  * [Ubuntu16.10]KV4.8: kernel livepatch config options are not set
    (LP: #1626983)
    - [Config] Enable live patching on powerpc/ppc64el

* CONFIG_AUFS_XATTR is not set (LP: #1557776)
- [Config] CONFIG_AUFS_XATTR=y

  * Yakkety update to 4.8.1 stable release (LP: #1632445)
    - arm64: debug: avoid resetting stepping state machine when TIF_SINGLESTEP
    - Using BUG_ON() as an assert() is _never_ acceptable
    - usb: misc: legousbtower: Fix NULL pointer deference
    - Staging: fbtft: Fix bug in fbtft-core
    - usb: usbip: vudc: fix left shift overflow
    - USB: serial: cp210x: Add ID for a Juniper console
    - Revert "usbtmc: convert to devm_kzalloc"
    - ALSA: hda - Adding one more ALC255 pin definition for headset problem
    - ALSA: hda - Fix headset mic detection problem for several Dell laptops
    - ALSA: hda - Add the top speaker pin config for HP Spectre x360
    - Linux 4.8.1

  * PSL data cache should be flushed before resetting CAPI adapter
    (LP: #1632049)
    - cxl: Flush PSL cache before resetting the adapter

* thunder nic: avoid link delays due to RX_PACKET_DIS (LP: #1630038)
- net: thunderx: Don't set RX_PACKET_DIS while initializing

  * crypto/vmx/p8_ghash memory corruption (LP: #1630970)
    - crypto: ghash-generic - move common definitions to a new header file
    - crypto: vmx - Fix memory corruption caused by p8_ghash
    - crypto: vmx - Ensure ghash-generic is enabled

  * arm64: SPCR console not autodetected (LP: #1630311)
    - of/serial: move earlycon early_param handling to serial
    - [Config] CONFIG_ACPI_SPCR_TABLE=y
    - ACPI: parse SPCR and enable matching console
    - ARM64: ACPI: enable ACPI_SPCR_TABLE
    - serial: pl011: add console matching function

* include/linux/security.h header syntax error with !CONFIG_SECURITYFS
...

Changed in linux:
importance:	Unknown → Medium
status:	Unknown → Confirmed

Ubuntu
linux package

proc_keys_show crash when reading /proc/keys

Bug Description

CVE References

Duplicates of this bug

Other bug subscribers

Remote bug watches

	Status	Importance	Assigned to
Linux	Fix Released	Medium	redhat-bugs #1373966
linux (Ubuntu)	Fix Released	High	Colin Ian King
Precise	Fix Released	High	Colin Ian King
Trusty	Fix Released	High	Colin Ian King
Vivid	Fix Released	High	Colin Ian King
Xenial	Fix Released	High	Colin Ian King
Yakkety	Fix Released	High	Colin Ian King

Changed in linux (Ubuntu):
status:	In Progress → Fix Released

Ubuntulinux package

proc_keys_show crash when reading /proc/keys

Bug Description

CVE References

Duplicates of this bug

Other bug subscribers

Remote bug watches

Ubuntu
linux package