Xenial update to 4.4.139 stable release
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Xenial |
Fix Released
|
Medium
|
Kleber Sacilotto de Souza |
Bug Description
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The 4.4.139 upstream stable
patch set is now available. It should be included in the Ubuntu
kernel as well.
TEST CASE: TBD
The following patches from the 4.4.139 stable release shall be applied:
* xfrm6: avoid potential infinite loop in _decode_session6()
* netfilter: ebtables: handle string from userspace with care
* ipvs: fix buffer overflow with sync daemon and service
* atm: zatm: fix memcmp casting
* net: qmi_wwan: Add Netgear Aircard 779S
* net/sonic: Use dma_mapping_error()
* Revert "Btrfs: fix scrub to repair raid6 corruption"
* tcp: do not overshoot window_clamp in tcp_rcv_
* Btrfs: make raid6 rebuild retry more
* usb: musb: fix remote wakeup racing with suspend
* bonding: re-evaluate force_primary when the primary slave name changes
* tcp: verify the checksum of the first data segment in a new connection
* ext4: update mtime in ext4_punch_hole even if no blocks are released
* ext4: fix fencepost error in check for inode count overflow during resize
* driver core: Don't ignore class_dir_
* btrfs: scrub: Don't use inode pages for device replace
* ALSA: hda - Handle kzalloc() failure in snd_hda_
* ALSA: hda: add dock and led support for HP EliteBook 830 G5
* ALSA: hda: add dock and led support for HP ProBook 640 G4
* cpufreq: Fix new policy initialization during limits updates via sysfs
* libata: zpodd: make arrays cdb static, reduces object code size
* libata: zpodd: small read overflow in eject_tray()
* libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk
* w1: mxc_w1: Enable clock before calling clk_get_rate() on it
* fs/binfmt_misc.c: do not allow offset overflow
* x86/spectre_v1: Disable compiler optimizations over array_index_
* m68k/mm: Adjust VM area to be unmapped by gap size for __iounmap()
* serial: sh-sci: Use spin_{try}
* signal/xtensa: Consistenly use SIGBUS in do_unaligned_user
* usb: do not reset if a low-speed or full-speed device timed out
* 1wire: family module autoload fails because of upper/lower case mismatch.
* ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it
* ASoC: cirrus: i2s: Fix LRCLK configuration
* ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup
* lib/vsprintf: Remove atomic-unsafe support for %pCr
* mips: ftrace: fix static function graph tracing
* branch-check: fix long->int truncation when profiling branches
* ipmi:bt: Set the timeout before doing a capabilities check
* Bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw loader
* fuse: atomic_o_trunc should truncate pagecache
* fuse: don't keep dead fuse_conn at fuse_fill_super().
* fuse: fix control dir setup and teardown
* powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch
* powerpc/ptrace: Fix setting 512B aligned breakpoints with PTRACE_SET_DEBUGREG
* powerpc/ptrace: Fix enforcement of DAWR constraints
* cpuidle: powernv: Fix promotion from snooze if next state disabled
* powerpc/fadump: Unregister fadump on kexec down path.
* ARM: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct size
* of: unittest: for strings, account for trailing \0 in property length field
* IB/qib: Fix DMA api warning with debug kernel
* RDMA/mlx4: Discard unknown SQP work requests
* mtd: cfi_cmdset_0002: Change write buffer to check correct value
* mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock()
* mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips
* mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary
* mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking.
* MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum
* PCI: pciehp: Clear Presence Detect and Data Link Layer Status Changed on resume
* MIPS: io: Add barrier after register read in inX()
* time: Make sure jiffies_to_msecs() preserves non-zero time periods
* Btrfs: fix clone vs chattr NODATASUM race
* iio:buffer: make length types match kfifo types
* scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails
* scsi: zfcp: fix missing SCSI trace for result of eh_host_
* scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF
* scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed
* scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early return
* scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for ERP_FAILED
* scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED
* scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread
* linvdimm, pmem: Preserve read-only setting for pmem devices
* md: fix two problems with setting the "re-add" device state.
* ubi: fastmap: Cancel work upon detach
* UBIFS: Fix potential integer overflow in allocation
* xfrm: Ignore socket policies when rebuilding hash tables
* xfrm: skip policies marked as dead while rehashing
* backlight: as3711_bl: Fix Device Tree node lookup
* backlight: max8925_bl: Fix Device Tree node lookup
* backlight: tps65217_bl: Fix Device Tree node lookup
* mfd: intel-lpss: Program REMAP register in PIO mode
* perf tools: Fix symbol and object code resolution for vdso32 and vdsox32
* perf intel-pt: Fix sync_switch INTEL_PT_
* perf intel-pt: Fix decoding to accept CBR between FUP and corresponding TIP
* perf intel-pt: Fix MTC timing after overflow
* perf intel-pt: Fix "Unexpected indirect branch" error
* perf intel-pt: Fix packet decoding of CYC packets
* media: v4l2-compat-
* media: cx231xx: Add support for AverMedia DVD EZMaker 7
* media: dvb_frontend: fix locking issues at dvb_frontend_
* nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir
* NFSv4: Fix possible 1-byte stack overflow in nfs_idmap_
* video: uvesafb: Fix integer overflow in allocation
* Input: elan_i2c - add ELAN0618 (Lenovo v330 15IKB) ACPI ID
* xen: Remove unnecessary BUG_ON from __unbind_from_irq()
* udf: Detect incorrect directory size
* Input: elan_i2c_smbus - fix more potential stack buffer overflows
* Input: elantech - enable middle button of touchpads on ThinkPad P52
* Input: elantech - fix V4 report decoding for module with middle key
* ALSA: hda/realtek - Add a quirk for FSC ESPRIMO U9210
* Btrfs: fix unexpected cow in run_delalloc_nocow
* spi: Fix scatterlist elements size in spi_map_buf
* block: Fix transfer when chunk sectors exceeds max
* dm thin: handle running out of data space vs concurrent discard
* cdc_ncm: avoid padding beyond end of skb
* Bluetooth: Fix connection if directed advertising and privacy is used
* Linux 4.4.139
The following patches have already been applied and therefore skipped:
* fs/binfmt_misc.c: do not allow offset overflow (bug 1775856)
* xfrm: Ignore socket policies when rebuilding hash tables (bug 1613787)
CVE References
tags: | added: kernel-stable-tracking-bug |
description: | updated |
Changed in linux (Ubuntu Xenial): | |
assignee: | nobody → Kleber Sacilotto de Souza (kleber-souza) |
importance: | Undecided → Medium |
status: | New → In Progress |
Changed in linux (Ubuntu): | |
status: | New → Invalid |
Changed in linux (Ubuntu Xenial): | |
status: | In Progress → Fix Committed |
This bug was fixed in the package linux - 4.4.0-134.160
---------------
linux (4.4.0-134.160) xenial; urgency=medium
* linux: 4.4.0-134.160 -proposed tracker (LP: #1787177)
* locking sockets broken due to missing AppArmor socket mediation patches
(LP: #1780227)
- UBUNTU SAUCE: apparmor: fix apparmor mediating locking non-fs, unix sockets
* Backport namespaced fscaps to xenial 4.4 (LP: #1778286)
- Introduce v3 namespaced file capabilities
- commoncap: move assignment of fs_ns to avoid null pointer dereference
- capabilities: fix buffer overread on very short xattr
- commoncap: Handle memory allocation failure.
* Xenial update to 4.4.140 stable release (LP: #1784409) char_special( ). metrics( ) block_bitmap( )
- usb: cdc_acm: Add quirk for Uniden UBC125 scanner
- USB: serial: cp210x: add CESINEL device ids
- USB: serial: cp210x: add Silicon Labs IDs for Windows Update
- n_tty: Fix stall at n_tty_receive_
- staging: android: ion: Return an ERR_PTR in ion_map_kernel
- n_tty: Access echo_* variables carefully.
- x86/boot: Fix early command-line parsing when matching at end
- ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode
- i2c: rcar: fix resume by always initializing registers before transfer
- ipv4: Fix error return value in fib_convert_
- kprobes/x86: Do not modify singlestep buffer while resuming
- nvme-pci: initialize queue memory before interrupts
- netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_chain()
- ARM: dts: imx6q: Use correct SDMA script for SPI5 core
- ubi: fastmap: Correctly handle interrupted erasures in EBA
- mm: hugetlb: yield when prepping struct pages
- tracing: Fix missing return symbol in function_graph output
- scsi: sg: mitigate read/write abuse
- s390: Correct register corruption in critical section cleanup
- drbd: fix access after free
- cifs: Fix infinite loop when using hard mount option
- jbd2: don't mark block as modified if the handle is out of credits
- ext4: make sure bitmaps and the inode table don't overlap with bg
descriptors
- ext4: always check block group bounds in ext4_init_
- ext4: only look at the bg_flags field if it is valid
- ext4: verify the depth of extent tree in ext4_find_extent()
- ext4: include the illegal physical block in the bad map ext4_error msg
- ext4: clear i_data in ext4_inode_info when removing inline data
- ext4: add more inode number paranoia checks
- ext4: add more mount time checks of the superblock
- ext4: check superblock mapped prior to committing
- HID: i2c-hid: Fix "incomplete report" noise
- HID: hiddev: fix potential Spectre v1
- HID: debug: check length before copy_to_user()
- x86/mce: Detect local MCEs properly
- x86/mce: Fix incorrect "Machine check from unknown source" message
- media: cx25840: Use subdev host data for PLL override
- mm, page_alloc: do not break __GFP_THISNODE by zonelist reset
- dm bufio: avoid sleeping while holding the dm_bufio lock
- dm bufio: drop the lock when doing GFP_NOIO allocation
- mtd: rawnand: mxc: set spa...