* CVE-2017-5753
- bpf: properly enforce index mask to prevent out-of-bounds speculation
- Revert "UBUNTU: SAUCE: bpf: Use barrier_nospec() instead of osb()"
- Revert "bpf: prevent speculative execution in eBPF interpreter"
* L1TF mitigation not effective in some CPU and RAM combinations
(LP: #1788563) // CVE-2018-3620 // CVE-2018-3646
- x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
- x86/speculation/l1tf: Fix off-by-one error when warning that system has too
much RAM
- x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+
* CVE-2018-15594
- x86/paravirt: Fix spectre-v2 mitigations for paravirt guests
* Xenial update to 4.4.144 stable release (LP: #1791080)
- KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in
parallel.
- x86/MCE: Remove min interval polling limitation
- fat: fix memory allocation failure handling of match_strdup()
- ALSA: rawmidi: Change resized buffers atomically
- ARC: Fix CONFIG_SWAP
- ARC: mm: allow mprotect to make stack mappings executable
- mm: memcg: fix use after free in mem_cgroup_iter()
- ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns
- ipv6: fix useless rol32 call on hash
- lib/rhashtable: consider param->min_size when setting initial table size
- net/ipv4: Set oif in fib_compute_spec_dst
- net: phy: fix flag masking in __set_phy_supported
- ptp: fix missing break in switch
- tg3: Add higher cpu clock for 5762.
- net: Don't copy pfmemalloc flag in __copy_skb_header()
- skbuff: Unconditionally copy pfmemalloc in __skb_clone()
- xhci: Fix perceived dead host due to runtime suspend race with event handler
- x86/paravirt: Make native_save_fl() extern inline
- SAUCE: Add missing CPUID_7_EDX defines
- SAUCE: x86/speculation: Expose indirect_branch_prediction_barrier()
- x86/pti: Mark constant arrays as __initconst
- x86/asm/entry/32: Simplify pushes of zeroed pt_regs->REGs
- x86/entry/64/compat: Clear registers for compat syscalls, to reduce
speculation attack surface
- x86/speculation: Clean up various Spectre related details
- x86/speculation: Fix up array_index_nospec_mask() asm constraint
- x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend
- x86/mm: Factor out LDT init from context init
- x86/mm: Give each mm TLB flush generation a unique ID
- SAUCE: x86/speculation: Use Indirect Branch Prediction Barrier in context
switch
- x86/speculation: Use IBRS if available before calling into firmware
- x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP
- selftest/seccomp: Fix the seccomp(2) signature
- xen: set cpu capabilities from xen_start_kernel()
- x86/amd: don't set X86_BUG_SYSRET_SS_ATTRS when running under Xen
- SAUCE: Preserve SPEC_CTRL MSR in new inlines
- SAUCE: Add Knights Mill to NO SSB list
- x86/process: Correct and optimize TIF_BLOCKSTEP switch
- x86/process: Optimize TIF_NOTSC switch
- Revert "x86/cpufeatures: Add FEATURE_ZEN"
- Revert "x86/cpu/AMD: Fix erratum 1076 (CPB bit)"
- x86/cpu/AMD: Fix erratum 1076 (CPB bit)
- x86/cpufeatures: Add FEATURE_ZEN
- x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths
- x86/cpu: Re-apply forced caps every time CPU caps are re-read
- block: do not use interruptible wait anywhere
- clk: tegra: Fix PLL_U post divider and initial rate on Tegra30
- ubi: Introduce vol_ignored()
- ubi: Rework Fastmap attach base code
- ubi: Be more paranoid while seaching for the most recent Fastmap
- ubi: Fix races around ubi_refill_pools()
- ubi: Fix Fastmap's update_vol()
- ubi: fastmap: Erase outdated anchor PEBs during attach
- Linux 4.4.144
* CVE-2017-5715 (Spectre v2 s390x)
- s390: detect etoken facility
- s390/lib: use expoline for all bcr instructions
- SAUCE: s390: use expoline thunks for all branches generated by the BPF JIT
* Xenial update to 4.4.143 stable release (LP: #1790884)
- compiler, clang: suppress warning for unused static inline functions
- compiler, clang: properly override 'inline' for clang
- compiler, clang: always inline when CONFIG_OPTIMIZE_INLINING is disabled
- compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations
- x86/asm: Add _ASM_ARG* constants for argument registers to <asm/asm.h>
- ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent
- bcm63xx_enet: correct clock usage
- bcm63xx_enet: do not write to random DMA channel on BCM6345
- crypto: crypto4xx - remove bad list_del
- crypto: crypto4xx - fix crypto4xx_build_pdr, crypto4xx_build_sdr leak
- atm: zatm: Fix potential Spectre v1
- net: dccp: avoid crash in ccid3_hc_rx_send_feedback()
- net: dccp: switch rx_tstamp_last_feedback to monotonic clock
- net/mlx5: Fix incorrect raw command length parsing
- net: sungem: fix rx checksum support
- qed: Limit msix vectors in kdump kernel to the minimum required count.
- r8152: napi hangup fix after disconnect
- tcp: fix Fast Open key endianness
- tcp: prevent bogus FRTO undos with non-SACK flows
- vhost_net: validate sock before trying to put its fd
- net_sched: blackhole: tell upper qdisc about dropped packets
- net/mlx5: Fix command interface race in polling mode
- net: cxgb3_main: fix potential Spectre v1
- rtlwifi: rtl8821ae: fix firmware is not ready to run
- MIPS: Call dump_stack() from show_regs()
- MIPS: Use async IPIs for arch_trigger_cpumask_backtrace()
- netfilter: ebtables: reject non-bridge targets
- KEYS: DNS: fix parsing multiple options
- rds: avoid unenecessary cong_update in loop transport
- net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL.
- Linux 4.4.143
* Xenial update to 4.4.142 stable release (LP: #1790883)
- Kbuild: fix # escaping in .cmd files for future Make
- perf tools: Move syscall number fallbacks from perf-sys.h to
tools/arch/x86/include/asm/
- Linux 4.4.142
* Xenial update to 4.4.141 stable release (LP: #1790620)
- MIPS: Fix ioremap() RAM check
- ibmasm: don't write out of bounds in read handler
- vmw_balloon: fix inflation with batching
- ahci: Disable LPM on Lenovo 50 series laptops with a too old BIOS
- USB: serial: ch341: fix type promotion bug in ch341_control_in()
- USB: serial: cp210x: add another USB ID for Qivicon ZigBee stick
- USB: serial: keyspan_pda: fix modem-status error handling
- USB: yurex: fix out-of-bounds uaccess in read handler
- USB: serial: mos7840: fix status-register error handling
- usb: quirks: add delay quirks for Corsair Strafe
- xhci: xhci-mem: off by one in xhci_stream_id_to_ring()
- HID: usbhid: add quirk for innomedia INNEX GENESIS/ATARI adapter
- tools build: fix # escaping in .cmd files for future Make
- iw_cxgb4: correctly enforce the max reg_mr depth
- x86/cpufeature: Move some of the scattered feature bits to x86_capability
- x86/cpu: Provide a config option to disable static_cpu_has
- x86/fpu: Add an XSTATE_OP() macro
- x86/fpu: Get rid of xstate_fault()
- x86/headers: Don't include asm/processor.h in asm/atomic.h
- x86/cpufeature: Replace the old static_cpu_has() with safe variant
- x86/cpufeature: Get rid of the non-asm goto variant
- x86/alternatives: Add an auxilary section
- x86/alternatives: Discard dynamic check after init
- x86/vdso: Use static_cpu_has()
- x86/boot: Simplify kernel load address alignment check
- x86/cpufeature: Speed up cpu_feature_enabled()
- x86/cpufeature, x86/mm/pkeys: Add protection keys related CPUID definitions
- x86/mm/pkeys: Fix mismerge of protection keys CPUID bits
- x86/cpu: Add detection of AMD RAS Capabilities
- x86/cpufeature, x86/mm/pkeys: Fix broken compile-time disabling of pkeys
- x86/cpufeature: Make sure DISABLED/REQUIRED macros are updated
- x86/cpufeature: Add helper macro for mask check macros
- uprobes/x86: Remove incorrect WARN_ON() in uprobe_init_insn()
- netfilter: nf_queue: augment nfqa_cfg_policy
- netfilter: x_tables: initialise match/target check parameter struct
- loop: add recursion validation to LOOP_CHANGE_FD
- PM / hibernate: Fix oops at snapshot_write()
- SAUCE: RDMA/ucm: Blacklist UCM module
- loop: remember whether sysfs_create_group() was done
- Linux 4.4.141
- [Config] Refresh configs for 4.4.141
* regression with EXT4 file systems and meta_bg flag (LP: #1789653)
- ext4: fix false negatives *and* false positives in ext4_check_descriptors()
* CVE-2018-15572
- x86/speculation: Protect against userspace-userspace spectreRSB
* random oopses on s390 systems using NVMe devices (LP: #1790480)
- s390/pci: fix out of bounds access during irq setup
* CVE-2018-6555
- SAUCE: irda: Only insert new objects into the global database via setsockopt
* CVE-2018-6554
- SAUCE: irda: Fix memory leak caused by repeated binds of irda socket
* errors when scanning partition table of corrupted AIX disk (LP: #1787281)
- partitions/aix: fix usage of uninitialized lv_info and lvname structures
- partitions/aix: append null character to print data from disk
This bug was fixed in the package linux - 4.4.0-137.163
---------------
linux (4.4.0-137.163) xenial; urgency=medium
* CVE-2018-14633
- iscsi target: Use hex2bin instead of a re-implementation
* CVE-2018-17182 flush_all( ) entirely
- mm: get rid of vmacache_
linux (4.4.0-136.162) xenial; urgency=medium
* linux: 4.4.0-136.162 -proposed tracker (LP: #1791745)
* CVE-2017-5753
- bpf: properly enforce index mask to prevent out-of-bounds speculation
- Revert "UBUNTU: SAUCE: bpf: Use barrier_nospec() instead of osb()"
- Revert "bpf: prevent speculative execution in eBPF interpreter"
* L1TF mitigation not effective in some CPU and RAM combinations /l1tf: Fix overflow in l1tf_pfn_limit() on 32bit /l1tf: Fix off-by-one error when warning that system has too /l1tf: Increase l1tf memory limit for Nehalem+
(LP: #1788563) // CVE-2018-3620 // CVE-2018-3646
- x86/speculation
- x86/speculation
much RAM
- x86/speculation
* CVE-2018-15594
- x86/paravirt: Fix spectre-v2 mitigations for paravirt guests
* Xenial update to 4.4.144 stable release (LP: #1791080) spec_dst branch_ prediction_ barrier( ) 64/compat: Clear registers for compat syscalls, to reduce nospec_ mask() asm constraint restrict_ branch_ speculation_ *() from C to CPP SYSRET_ SS_ATTRS when running under Xen store_bypass_ ht_init( ) to PV paths
- KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in
parallel.
- x86/MCE: Remove min interval polling limitation
- fat: fix memory allocation failure handling of match_strdup()
- ALSA: rawmidi: Change resized buffers atomically
- ARC: Fix CONFIG_SWAP
- ARC: mm: allow mprotect to make stack mappings executable
- mm: memcg: fix use after free in mem_cgroup_iter()
- ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns
- ipv6: fix useless rol32 call on hash
- lib/rhashtable: consider param->min_size when setting initial table size
- net/ipv4: Set oif in fib_compute_
- net: phy: fix flag masking in __set_phy_supported
- ptp: fix missing break in switch
- tg3: Add higher cpu clock for 5762.
- net: Don't copy pfmemalloc flag in __copy_skb_header()
- skbuff: Unconditionally copy pfmemalloc in __skb_clone()
- xhci: Fix perceived dead host due to runtime suspend race with event handler
- x86/paravirt: Make native_save_fl() extern inline
- SAUCE: Add missing CPUID_7_EDX defines
- SAUCE: x86/speculation: Expose indirect_
- x86/pti: Mark constant arrays as __initconst
- x86/asm/entry/32: Simplify pushes of zeroed pt_regs->REGs
- x86/entry/
speculation attack surface
- x86/speculation: Clean up various Spectre related details
- x86/speculation: Fix up array_index_
- x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend
- x86/mm: Factor out LDT init from context init
- x86/mm: Give each mm TLB flush generation a unique ID
- SAUCE: x86/speculation: Use Indirect Branch Prediction Barrier in context
switch
- x86/speculation: Use IBRS if available before calling into firmware
- x86/speculation: Move firmware_
- selftest/seccomp: Fix the seccomp(2) signature
- xen: set cpu capabilities from xen_start_kernel()
- x86/amd: don't set X86_BUG_
- SAUCE: Preserve SPEC_CTRL MSR in new inlines
- SAUCE: Add Knights Mill to NO SSB list
- x86/process: Correct and optimize TIF_BLOCKSTEP switch
- x86/process: Optimize TIF_NOTSC switch
- Revert "x86/cpufeatures: Add FEATURE_ZEN"
- Revert "x86/cpu/AMD: Fix erratum 1076 (CPB bit)"
- x86/cpu/AMD: Fix erratum 1076 (CPB bit)
- x86/cpufeatures: Add FEATURE_ZEN
- x86/xen: Add call of speculative_
- x86/cpu: Re-apply forced caps every time CPU caps are re-read
- block: do not use interruptible wait anywhere
- clk: tegra: Fix PLL_U post divider and initial rate on Tegra30
- ubi: Introduce vol_ignored()
- ubi: Rework Fastmap attach base code
- ubi: Be more paranoid while seaching for the most recent Fastmap
- ubi: Fix races around ubi_refill_pools()
- ubi: Fix Fastmap's update_vol()
- ubi: fastmap: Erase outdated anchor PEBs during attach
- Linux 4.4.144
* CVE-2017-5715 (Spectre v2 s390x)
- s390: detect etoken facility
- s390/lib: use expoline for all bcr instructions
- SAUCE: s390: use expoline thunks for all branches generated by the BPF JIT
* Xenial update to 4.4.143 stable release (LP: #1790884) OPTIMIZE_ INLINING is disabled _((gnu_ inline) ) to all inline declarations build_pdr, crypto4xx_build_sdr leak rx_send_ feedback( ) last_feedback to monotonic clock cpumask_ backtrace( ) send_skb( ) returned NULL.
- compiler, clang: suppress warning for unused static inline functions
- compiler, clang: properly override 'inline' for clang
- compiler, clang: always inline when CONFIG_
- compiler-gcc.h: Add __attribute_
- x86/asm: Add _ASM_ARG* constants for argument registers to <asm/asm.h>
- ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent
- bcm63xx_enet: correct clock usage
- bcm63xx_enet: do not write to random DMA channel on BCM6345
- crypto: crypto4xx - remove bad list_del
- crypto: crypto4xx - fix crypto4xx_
- atm: zatm: Fix potential Spectre v1
- net: dccp: avoid crash in ccid3_hc_
- net: dccp: switch rx_tstamp_
- net/mlx5: Fix incorrect raw command length parsing
- net: sungem: fix rx checksum support
- qed: Limit msix vectors in kdump kernel to the minimum required count.
- r8152: napi hangup fix after disconnect
- tcp: fix Fast Open key endianness
- tcp: prevent bogus FRTO undos with non-SACK flows
- vhost_net: validate sock before trying to put its fd
- net_sched: blackhole: tell upper qdisc about dropped packets
- net/mlx5: Fix command interface race in polling mode
- net: cxgb3_main: fix potential Spectre v1
- rtlwifi: rtl8821ae: fix firmware is not ready to run
- MIPS: Call dump_stack() from show_regs()
- MIPS: Use async IPIs for arch_trigger_
- netfilter: ebtables: reject non-bridge targets
- KEYS: DNS: fix parsing multiple options
- rds: avoid unenecessary cong_update in loop transport
- net/nfc: Avoid stalls when nfc_alloc_
- Linux 4.4.143
* Xenial update to 4.4.142 stable release (LP: #1790883) arch/x86/ include/ asm/
- Kbuild: fix # escaping in .cmd files for future Make
- perf tools: Move syscall number fallbacks from perf-sys.h to
tools/
- Linux 4.4.142
* Xenial update to 4.4.141 stable release (LP: #1790620) id_to_ring( ) enabled( ) group() was done
- MIPS: Fix ioremap() RAM check
- ibmasm: don't write out of bounds in read handler
- vmw_balloon: fix inflation with batching
- ahci: Disable LPM on Lenovo 50 series laptops with a too old BIOS
- USB: serial: ch341: fix type promotion bug in ch341_control_in()
- USB: serial: cp210x: add another USB ID for Qivicon ZigBee stick
- USB: serial: keyspan_pda: fix modem-status error handling
- USB: yurex: fix out-of-bounds uaccess in read handler
- USB: serial: mos7840: fix status-register error handling
- usb: quirks: add delay quirks for Corsair Strafe
- xhci: xhci-mem: off by one in xhci_stream_
- HID: usbhid: add quirk for innomedia INNEX GENESIS/ATARI adapter
- tools build: fix # escaping in .cmd files for future Make
- iw_cxgb4: correctly enforce the max reg_mr depth
- x86/cpufeature: Move some of the scattered feature bits to x86_capability
- x86/cpu: Provide a config option to disable static_cpu_has
- x86/fpu: Add an XSTATE_OP() macro
- x86/fpu: Get rid of xstate_fault()
- x86/headers: Don't include asm/processor.h in asm/atomic.h
- x86/cpufeature: Replace the old static_cpu_has() with safe variant
- x86/cpufeature: Get rid of the non-asm goto variant
- x86/alternatives: Add an auxilary section
- x86/alternatives: Discard dynamic check after init
- x86/vdso: Use static_cpu_has()
- x86/boot: Simplify kernel load address alignment check
- x86/cpufeature: Speed up cpu_feature_
- x86/cpufeature, x86/mm/pkeys: Add protection keys related CPUID definitions
- x86/mm/pkeys: Fix mismerge of protection keys CPUID bits
- x86/cpu: Add detection of AMD RAS Capabilities
- x86/cpufeature, x86/mm/pkeys: Fix broken compile-time disabling of pkeys
- x86/cpufeature: Make sure DISABLED/REQUIRED macros are updated
- x86/cpufeature: Add helper macro for mask check macros
- uprobes/x86: Remove incorrect WARN_ON() in uprobe_init_insn()
- netfilter: nf_queue: augment nfqa_cfg_policy
- netfilter: x_tables: initialise match/target check parameter struct
- loop: add recursion validation to LOOP_CHANGE_FD
- PM / hibernate: Fix oops at snapshot_write()
- SAUCE: RDMA/ucm: Blacklist UCM module
- loop: remember whether sysfs_create_
- Linux 4.4.141
- [Config] Refresh configs for 4.4.141
* regression with EXT4 file systems and meta_bg flag (LP: #1789653) descriptors( )
- ext4: fix false negatives *and* false positives in ext4_check_
* CVE-2018-15572
- x86/speculation: Protect against userspace-userspace spectreRSB
* random oopses on s390 systems using NVMe devices (LP: #1790480)
- s390/pci: fix out of bounds access during irq setup
* CVE-2018-6555
- SAUCE: irda: Only insert new objects into the global database via setsockopt
* CVE-2018-6554
- SAUCE: irda: Fix memory leak caused by repeated binds of irda socket
* errors when scanning partition table of corrupted AIX disk (LP: #1787281)
- partitions/aix: fix usage of uninitialized lv_info and lvname structures
- partitions/aix: append null character to print data from disk
-- Stefan Bader <email address hidden> Mon, 24 Sep 2018 13:39:05 +0200