UbuntuUpdates.org

Package "linux-source-3.13.0"

Name: linux-source-3.13.0

Description:

Linux kernel source for version 3.13.0 with Ubuntu patches

Latest version: 3.13.0-96.143
Release: trusty (14.04)
Level: updates
Repository: main
Head package: linux

Links

Save this URL for the latest version of "linux-source-3.13.0": http://www.ubuntuupdates.org/linux-source-3.13.0


Download "linux-source-3.13.0"


Other versions of "linux-source-3.13.0" in Trusty

Repository Area Version
base main 3.13.0-24.46
security main 3.13.0-96.143
proposed main 3.13.0-97.144
PPA: Canonical Kernel Team 3.13.0-97.144

Changelog

Version: 3.13.0-96.143 2016-09-19 17:06:25 UTC

  linux (3.13.0-96.143) trusty; urgency=low

  [ Tim Gardner ]

  * Release Tracking Bug
    - LP: #1618083

  * CVE-2015-8767
    - sctp: Prevent soft lockup when sctp_accept() is called during a timeout
      event

  * MacBookPro11,4 fails to poweroff or suspend (LP: #1587714)
    - SAUCE: PCI: Workaround to enable poweroff on Mac Pro 11

  * 3.13: libvirtd: page allocation failure: order:4, mode:0x1040d0
    (LP: #1616193)
    - vhost-net: extend device allocation to vmalloc
    - vhost-net: don't open-code kvfree

  * [arm64] nova instances can't boot with 3.13.0-92 (LP: #1608854)
    - Revert "UBUNTU: [Config] CONFIG_EFI=n for arm64"
    - Revert "UBUNTU: SAUCE: UEFI: Set EFI_SECURE_BOOT bit in x86_efi_facility"
    - Revert "UBUNTU: SAUCE: UEFI: Add secure boot and MOK SB State disabled
      sysctl"
    - Revert "UBUNTU: SAUCE: UEFI: Display MOKSBState when disabled"
    - Revert "UBUNTU: SAUCE: UEFI: efi: Disable secure boot if shim is in insecure
      mode"
    - Revert "UBUNTU: SAUCE: UEFI MODSIGN: Import certificates from UEFI Secure
      Boot"
    - Revert "UBUNTU: SAUCE: UEFI: efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on
      EFI"
    - Revert "UBUNTU: SAUCE: UEFI: Add option to automatically enforce module
      signatures when in Secure Boot mode"
    - Revert "UBUNTU: [Config] CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE=y"
    - Revert "UBUNTU: SAUCE: UEFI: x86: Restrict MSR access when module loading is
      restricted"
    - Revert "UBUNTU: SAUCE: UEFI: kexec: Disable at runtime if the kernel
      enforces module loading restrictions"
    - Revert "UBUNTU: SAUCE: UEFI: acpi: Ignore acpi_rsdp kernel parameter when
      module loading is restricted"
    - Revert "UBUNTU: SAUCE: UEFI: Restrict /dev/mem and /dev/kmem when module
      loading is restricted"
    - Revert "UBUNTU: SAUCE: UEFI: asus-wmi: Restrict debugfs interface when
      module loading is restricted"
    - Revert "UBUNTU: SAUCE: UEFI: ACPI: Limit access to custom_method"
    - Revert "UBUNTU: SAUCE: UEFI: x86: Lock down IO port access when module
      security is enabled"
    - Revert "UBUNTU: SAUCE: UEFI: PCI: Lock down BAR access when module security
      is enabled"
    - Revert "UBUNTU: SAUCE: UEFI: Add secure_modules() call"
    - Revert "x86/efi: Build our own EFI services pointer table"
    - Revert "efi: Add separate 32-bit/64-bit definitions"

  * [Hyper-V] storvsc messages for CD-ROM medium not present tray closed
    (LP: #1590655)
    - scsi: storvsc: Filter out storvsc messages CD-ROM medium not present

  * CVE-2016-3841
    - ipv6: add complete rcu protection around np->opt

 -- Kamal Mostafa <email address hidden> Tue, 16 Aug 2016 10:20:51 -0700

Source diff to previous version
1590655 [Hyper-V] storvsc messages for CD-ROM medium not present tray closed
1587714 MacBookPro11,4 fails to poweroff or suspend
CVE-2016-3841 The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (us
1616193 3.13: libvirtd: page allocation failure: order:4, mode:0x1040d0
1608854 [arm64] nova instances can't boot with 3.13.0-92
CVE-2015-8767 net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local use

Version: 3.13.0-95.142 2016-08-29 19:06:45 UTC

  linux (3.13.0-95.142) trusty; urgency=low

  [ Stefan Bader ]

  * Release Tracking Bug
    - LP: #1612715

  * CVE-2016-5696
    - tcp: make challenge acks less predictable

Source diff to previous version
CVE-2016-5696 net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for man-in-

Version: 3.13.0-93.140 2016-08-08 19:06:56 UTC

  linux (3.13.0-93.140) trusty; urgency=low

  [ Seth Forshee ]

  * Release Tracking Bug
    - LP: #1604134

  * Boot failure with EFI stub (LP: #1603476)
    - x86/efi: Fix boot failure with EFI stub

  * CVE-2016-5243 (LP: #1589036)
    - tipc: fix an infoleak in tipc_nl_compat_link_dump

  * qeth: delete napi struct when removing a qeth device (LP: #1601831)
    - qeth: delete napi struct when removing a qeth device

  * deadlock on balloon deflation (LP: #1598197)
    - SAUCE: mm/balloon_compaction: Fix Regression of LP#1572562

  * serial: 8250_pci: Add support for 16 port Exar boards (LP: #1447485)
    - serial: 8250_pci: Add support for 16 port Exar boards
    - serial: 8250_pci: Add support for 12 port Exar boards
    - serial: 8250_pci: Correct uartclk for xr17v35x expansion chips

  * linux: Homogenize changelog format across releases (LP: #1599562)
    - Revert "UBUNTU: [debian] BugLink: close LP: bugs only for Launchpad urls"
    - [Debian] git-ubuntu-log -- switch to bug order
    - [Debian] git-ubuntu-log -- fix empty section formatting
    - [Debian] git-ubuntu-log -- output should be utf-8
    - [Debian] git-ubuntu-log -- handle invalid or private bugs
    - [Debian] git-ubuntu-log -- wrap long bug and commit titles
    - [Debian] git-ubuntu-log -- ensure we get the last commit
    - [Debian] git-ubuntu-log -- prevent bug references being split
    - [Debian] git-ubuntu-log -- git log output is UTF-8

  * exercising ptys causes a kernel oops (LP: #1586418)
    - devpts: fix null pointer dereference on failed memory allocation

  * Miscellaneous upstream changes
    - KEYS: potential uninitialized variable

 -- Seth Forshee <email address hidden> Mon, 18 Jul 2016 15:05:56 -0500

Source diff to previous version
1572562 KASan: out of bounds access in isolate_migratepages_range
1603476 Boot failure with EFI stub
1601831 qeth: delete napi struct when removing a qeth device
1598197 deadlock on balloon deflation
1447485 serial: 8250_pci: Add support for 16 port Exar boards
1599562 linux: Homogenize changelog format across releases
1586418 exercising ptys causes a kernel oops
CVE-2016-5243 The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel through 4.6.3 does not properly copy a certain string, which a

Version: 3.13.0-92.139 2016-07-14 19:07:02 UTC

  linux (3.13.0-92.139) trusty; urgency=low

  [ Kamal Mostafa ]

  * Release Tracking Bug
    - LP: #1597060

  [ Josh Boyer ]

  * SAUCE: UEFI: acpi: Ignore acpi_rsdp kernel parameter when module
    loading is restricted
    - LP: #1566221
  * SAUCE: UEFI: efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI
    - LP: #1566221
  * SAUCE: UEFI MODSIGN: Import certificates from UEFI Secure Boot
    - LP: #1566221, #1571691
  * SAUCE: UEFI: efi: Disable secure boot if shim is in insecure mode
    - LP: #1566221, #1571691

  [ Matthew Garrett ]

  * SAUCE: UEFI: Add secure_modules() call
    - LP: #1566221
  * SAUCE: UEFI: PCI: Lock down BAR access when module security is enabled
    - LP: #1566221
  * SAUCE: UEFI: x86: Lock down IO port access when module security is
    enabled
    - LP: #1566221
  * SAUCE: UEFI: ACPI: Limit access to custom_method
    - LP: #1566221
  * SAUCE: UEFI: asus-wmi: Restrict debugfs interface when module loading
    is restricted
    - LP: #1566221
  * SAUCE: UEFI: Restrict /dev/mem and /dev/kmem when module loading is
    restricted
    - LP: #1566221
  * SAUCE: UEFI: kexec: Disable at runtime if the kernel enforces module
    loading restrictions
    - LP: #1566221
  * SAUCE: UEFI: x86: Restrict MSR access when module loading is restricted
    - LP: #1566221
  * SAUCE: UEFI: Add option to automatically enforce module signatures when
    in Secure Boot mode
    - LP: #1566221

  [ Stefan Bader ]

  * [Config] Add pm80xx scsi driver to d-i
    - LP: #1595628

  [ Tim Gardner ]

  * [Config] CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE=y
  * SAUCE: UEFI: Display MOKSBState when disabled
    - LP: #1566221, #1571691
  * SAUCE: UEFI: Add secure boot and MOK SB State disabled sysctl
    - LP: #1593075
  * SAUCE: UEFI: Set EFI_SECURE_BOOT bit in x86_efi_facility
    - LP: #1593075
  * [Config] CONFIG_EFI=n for arm64
    - LP: #1566221

  [ Upstream Kernel Changes ]

  * powerpc/tm: Abort syscalls in active transactions
    - LP: #1572624
  * HID: core: prevent out-of-bound readings
    - LP: #1579190
  * efi: Add separate 32-bit/64-bit definitions
    - LP: #1566221
  * x86/efi: Build our own EFI services pointer table
    - LP: #1566221
  * mm: migrate dirty page without clear_page_dirty_for_io etc
    - LP: #1581865
    - CVE-2016-3070
  * oom_kill: change oom_kill.c to use for_each_thread()
    - LP: #1592429
  * oom_kill: has_intersects_mems_allowed() needs rcu_read_lock()
    - LP: #1592429
  * oom_kill: add rcu_read_lock() into find_lock_task_mm()
    - LP: #1592429
  * virtio_balloon: return the amount of freed memory from leak_balloon()
    - LP: #1587089
  * virtio_balloon: free some memory from balloon on OOM
    - LP: #1587089
  * virtio_ballon: change stub of release_pages_by_pfn
    - LP: #1587089
  * virtio_balloon: do not change memory amount visible via /proc/meminfo
    - LP: #1587089

 -- Kamal Mostafa <email address hidden> Tue, 28 Jun 2016 12:40:49 -0700

Source diff to previous version
1566221 linux: Enforce signed module loading when UEFI secure boot
1572624 Backport patch to abort syscalls in active transactions
1593075 linux: Implement secure boot state variables
1595628 scsi-modules udeb should include pm80xx
1579190 Key 5 automatically pressed on some Logitech wireless keyboards
CVE-2016-3070 Null pointer dereference in trace_writeback_dirty_page()
1592429 trusty kernel crash in OOM killer related to cgroups
1587089 Hide \

Version: 3.13.0-91.138 2016-06-27 21:06:42 UTC

  linux (3.13.0-91.138) trusty; urgency=medium

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1595991

  [ Upstream Kernel Changes ]

  * netfilter: x_tables: validate e->target_offset early
    - LP: #1555338
    - CVE-2016-3134
  * netfilter: x_tables: make sure e->next_offset covers remaining blob
    size
    - LP: #1555338
    - CVE-2016-3134
  * netfilter: x_tables: fix unconditional helper
    - LP: #1555338
    - CVE-2016-3134
  * netfilter: x_tables: don't move to non-existent next rule
    - LP: #1595350
  * netfilter: x_tables: validate targets of jumps
    - LP: #1595350
  * netfilter: x_tables: add and use xt_check_entry_offsets
    - LP: #1595350
  * netfilter: x_tables: kill check_entry helper
    - LP: #1595350
  * netfilter: x_tables: assert minimum target size
    - LP: #1595350
  * netfilter: x_tables: add compat version of xt_check_entry_offsets
    - LP: #1595350
  * netfilter: x_tables: check standard target size too
    - LP: #1595350
  * netfilter: x_tables: check for bogus target offset
    - LP: #1595350
  * netfilter: x_tables: validate all offsets and sizes in a rule
    - LP: #1595350
  * netfilter: x_tables: don't reject valid target size on some
    architectures
    - LP: #1595350
  * netfilter: arp_tables: simplify translate_compat_table args
    - LP: #1595350
  * netfilter: ip_tables: simplify translate_compat_table args
    - LP: #1595350
  * netfilter: ip6_tables: simplify translate_compat_table args
    - LP: #1595350
  * netfilter: x_tables: xt_compat_match_from_user doesn't need a retval
    - LP: #1595350
  * netfilter: x_tables: do compat validation via translate_table
    - LP: #1595350
  * netfilter: x_tables: introduce and use xt_copy_counters_from_user
    - LP: #1595350

1595350 Linux netfilter local privilege escalation issues
CVE-2016-3134 The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cau



About   -   Send Feedback to @ubuntu_updates