Package "linux-libc-dev"

 linux (6.17.0-34.34) questing; urgency=medium
 .
   * questing/linux: 6.17.0-34.34 -proposed tracker (LP: #2154216)
 .
   * Kernel regression (6.8.0-117.generic) (LP: #2153556)
     - bonding: do not set usable_slaves for broadcast mode
 .
   * powerpc-build in ubuntu_kernel_selftests fails to build due to
     uninitialized value (LP: #2129844)
     - selftests/powerpc: Suppress -Wmaybe-uninitialized with GCC 15
 .
   * iptables connlimit traffic loss (LP: #2149872)
     - netfilter: nf_conncount: fix tracking of connections from localhost
 .
   * On Dell system, the internal OLED display drops to a visibly low FPS after
     suspend/resume (LP: #2144712)
     - drm/i915/psr: Disable Panel Replay on Dell XPS 14 DA14260 as a quirk
     - drm/i915/psr: Fixes for Dell XPS DA14260 quirk
 .
   * CVE-2026-23272
     - netfilter: nf_tables: unconditionally bump set->nelems before insertion
 .
   * CVE-2026-31418
     - netfilter: ipset: drop logically empty buckets in mtype_del
 .
   * CVE-2026-23392
     - netfilter: nf_tables: release flowtable after rcu grace period on error
 .
   * CVE-2026-23278
     - netfilter: nf_tables: always walk all pending catchall elements
 .
   * CVE-2026-46300
     - net: skbuff: preserve shared-frag marker during coalescing
     - net: skbuff: propagate shared-frag marker through frag-transfer helpers
 .
   * net/rds: reset op_nents when zerocopy page pin fails (LP: #2153962)
     - net/rds: reset op_nents when zerocopy page pin fails
 .
   * CVE-2026-46333
     - ptrace: slightly saner 'get_dumpable()' logic
 .
   * CVE-2026-43500
     - rxrpc: Fix conn-level packet handling to unshare RESPONSE packets
     - rxrpc: Fix potential UAF after skb_unshare() failure
     - rxrpc: Fix rxrpc_input_call_event() to only unshare DATA packets
     - rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
 .
   * CVE-2026-31676 // CVE-2026-43500
     - rxrpc: only handle RESPONSE during service challenge
 .
   * CVE-2026-43284
     - xfrm: esp: avoid in-place decrypt on shared skb frags
 .
   * CVE-2026-31419
     - net: bonding: fix use-after-free in bond_xmit_broadcast()
 .
   * CVE-2026-31431
     - crypto: algif_aead - Revert to operating out-of-place
     - crypto: algif_aead - snapshot IV for async AEAD requests
     - crypto: authencesn - Do not place hiseq at end of dst for out-of-place
       decryption
     - crypto: authencesn - Fix src offset when decrypting in-place
     - crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl
     - crypto: algif_aead - Fix minimum RX size check for decryption
 .
   * CVE-2026-31533
     - net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption
 .
   * CVE-2026-31504
     - net: fix fanout UAF in packet_release() via NETDEV_UP race

 linux (6.17.0-33.33) questing; urgency=medium
 .
   * questing/linux: 6.17.0-33.33 -proposed tracker (LP: #2154029)
 .
   * powerpc-build in ubuntu_kernel_selftests fails to build due to
     uninitialized value (LP: #2129844)
     - selftests/powerpc: Suppress -Wmaybe-uninitialized with GCC 15
 .
   * iptables connlimit traffic loss (LP: #2149872)
     - netfilter: nf_conncount: fix tracking of connections from localhost
 .
   * On Dell system, the internal OLED display drops to a visibly low FPS after
     suspend/resume (LP: #2144712)
     - drm/i915/psr: Disable Panel Replay on Dell XPS 14 DA14260 as a quirk
     - drm/i915/psr: Fixes for Dell XPS DA14260 quirk
 .
   * CVE-2026-23272
     - netfilter: nf_tables: unconditionally bump set->nelems before insertion
 .
   * CVE-2026-31418
     - netfilter: ipset: drop logically empty buckets in mtype_del
 .
   * CVE-2026-23392
     - netfilter: nf_tables: release flowtable after rcu grace period on error
 .
   * CVE-2026-23278
     - netfilter: nf_tables: always walk all pending catchall elements
 .
   * CVE-2026-46300
     - net: skbuff: preserve shared-frag marker during coalescing
     - net: skbuff: propagate shared-frag marker through frag-transfer helpers
 .
   * net/rds: reset op_nents when zerocopy page pin fails (LP: #2153962)
     - net/rds: reset op_nents when zerocopy page pin fails
 .
   * CVE-2026-46333
     - ptrace: slightly saner 'get_dumpable()' logic
 .
   * CVE-2026-43500
     - rxrpc: Fix conn-level packet handling to unshare RESPONSE packets
     - rxrpc: Fix potential UAF after skb_unshare() failure
     - rxrpc: Fix rxrpc_input_call_event() to only unshare DATA packets
     - rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
 .
   * CVE-2026-31676 // CVE-2026-43500
     - rxrpc: only handle RESPONSE during service challenge
 .
   * CVE-2026-43284
     - xfrm: esp: avoid in-place decrypt on shared skb frags
 .
   * CVE-2026-31419
     - net: bonding: fix use-after-free in bond_xmit_broadcast()
 .
   * CVE-2026-31431
     - crypto: algif_aead - Revert to operating out-of-place
     - crypto: algif_aead - snapshot IV for async AEAD requests
     - crypto: authencesn - Do not place hiseq at end of dst for out-of-place
       decryption
     - crypto: authencesn - Fix src offset when decrypting in-place
     - crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl
     - crypto: algif_aead - Fix minimum RX size check for decryption
 .
   * CVE-2026-31533
     - net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption
 .
   * CVE-2026-31504
     - net: fix fanout UAF in packet_release() via NETDEV_UP race

 linux (6.17.0-30.30) questing; urgency=medium
 .
   * questing/linux: 6.17.0-30.30 -proposed tracker (LP: #2151895)
 .
   * powerpc-build in ubuntu_kernel_selftests fails to build due to
     uninitialized value (LP: #2129844)
     - selftests/powerpc: Suppress -Wmaybe-uninitialized with GCC 15
 .
   * iptables connlimit traffic loss (LP: #2149872)
     - netfilter: nf_conncount: fix tracking of connections from localhost
 .
   * On Dell system, the internal OLED display drops to a visibly low FPS after
     suspend/resume (LP: #2144712)
     - drm/i915/psr: Disable Panel Replay on Dell XPS 14 DA14260 as a quirk
     - drm/i915/psr: Fixes for Dell XPS DA14260 quirk
 .
   * CVE-2026-23272
     - netfilter: nf_tables: unconditionally bump set->nelems before insertion
 .
   * CVE-2026-31418
     - netfilter: ipset: drop logically empty buckets in mtype_del
 .
   * CVE-2026-23392
     - netfilter: nf_tables: release flowtable after rcu grace period on error
 .
   * CVE-2026-23278
     - netfilter: nf_tables: always walk all pending catchall elements
 .
   * CVE-2026-31419
     - net: bonding: fix use-after-free in bond_xmit_broadcast()
 .
   * CVE-2026-31431
     - crypto: algif_aead - Revert to operating out-of-place
     - crypto: algif_aead - snapshot IV for async AEAD requests
     - crypto: authencesn - Do not place hiseq at end of dst for out-of-place
       decryption
     - crypto: authencesn - Fix src offset when decrypting in-place
     - crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl
     - crypto: algif_aead - Fix minimum RX size check for decryption
 .
   * CVE-2026-31533
     - net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption
 .
   * CVE-2026-31504
     - net: fix fanout UAF in packet_release() via NETDEV_UP race

 linux (6.17.0-28.28) questing; urgency=medium
 .
   * questing/linux: 6.17.0-28.28 -proposed tracker (LP: #2150051)
 .
   * Linux kernel 6.17.0-22.22 breaks amdxdna (LP: #2149766)
     - Revert "iommu: disable SVA when CONFIG_X86 is set"
 .

 linux (6.17.0-24.24) questing; urgency=medium
 .
   * questing/linux: 6.17.0-24.24 -proposed tracker (LP: #2148025)
 .
   * Remount ext4 to readonly with data=journal mode may dump call trace
     (LP: #2147400)
     - ext4: fix stale xarray tags after writeback
 .
   * System hangs during stress-ng stack test (LP: #2137755)
     - mm, swap: fix swap cache index error when retrying reclaim
 .
   * BUG: kernel NULL pointer dereference when starting VM inside a container
     (LP: #2147374)
     - apparmor: fix NULL pointer dereference in __unix_needs_revalidation
 .
   * BUG: kernel NULL pointer dereference in amdgpu (LP: #2144577)
     - drm/amdgpu: validate the flush_gpu_tlb_pasid()
     - drm/amdgpu: Fix validating flush_gpu_tlb_pasid()
 .
   * Jellyfin Desktop Flatpak doesn't work with the current AppArmor profile
     (LP: #2142956)
     - SAUCE: apparmor5.0.0 [53/57]: apparmor: fix af_unix local addr mediation
       binding
 .
   * Fine grained network mediation was broken if v8/v9 was used (LP: #2142860)
     - SAUCE: apparmor5.0.0 [29/57]: apparmor: fix fine grained inet mediation
       sock_file_perm
 .
   * Enable CirrusLogic audio solution CS42L45+CS35L63 on AMD and Intel PTL
     (LP: #2143104)
     - ASoC: amd: acp: Add ACP7.0 match entries for cs35l56 and cs42l43
     - ASoC: amd: acp: soc-acpi: add is_device_rt712_vb() helper
     - ASoC: amd: acp: Sort match table into most specific first
     - ASoC: amd: acp: Rename Cirrus Logic component match entries to include
       link and uid
     - ASoC: amd: acp: Sort Cirrus Logic match entries
     - ASoC: amd: acp: Add ACP7.0 match entries for Cirrus Logic parts
     - ASoC: amd: acp: Fix Kconfig dependencies for
       SND_SOC_ACPI_AMD_SDCA_QUIRKS
     - [Config] Enable SND_SOC_ACPI_AMD_SDCA_QUIRKS
     - soundwire: amd: add clock init control function
     - soundwire: amd: refactor bandwidth calculation logic
 .
   * CVE-2026-23112
     - nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec
 .
   * Canonical Kmod 2025 key rotation (LP: #2147447)
     - [Packaging] ubuntu-compatible-signing -- make Ubuntu-Compatible-Signing
       extensible
     - [Packaging] ubuntu-compatible-signing -- allow consumption of positive
       certs
     - [Packaging] ubuntu-compatible-signing -- report the livepatch:2025 key
     - [Config] prepare for Canonical Kmod key rotation
     - [Packaging] ubuntu-compatible-signing -- report the kmod:2025 key
     - [Packaging] ensure our cert rollups are always fresh
 .
   * Questing update: upstream stable patchset 2026-03-24 (LP: #2146193)
     - mptcp: fallback earlier on simult connection
     - mm: consider non-anon swap cache folios in folio_expected_ref_count()
     - mptcp: ensure context reset on disconnect()
     - wifi: mac80211: Discard Beacon frames to non-broadcast address
     - net: phy: mediatek: fix nvmem cell reference leak in
       mt798x_phy_calibration
     - drm/amdgpu: Forward VMID reservation errors
     - sched/fair: Small cleanup to sched_balance_newidle()
     - sched/fair: Small cleanup to update_newidle_cost()
     - sched/fair: Proportional newidle balance
     - Revert "iommu/amd: Skip enabling command/event buffers for kdump"
     - sched/proxy: Yield the donor task
     - drm: nova: depend on CONFIG_64BIT
     - sched/core: Add comment explaining force-idle vruntime snapshots
     - mm/huge_memory: merge uniform_split_supported() and
       non_uniform_split_supported()
     - drm/amdgpu: don't attach the tlb fence for SI
     - sched_ext: fix uninitialized ret on alloc_percpu() failure
     - idpf: fix LAN memory regions command on some NVMs
     - Bluetooth: MGMT: report BIS capability flags in supported settings
     - powerpc/tools: drop `-o pipefail` in gcc check scripts
     - net: airoha: Move net_devs registration in a dedicated routine
     - net: wangxun: move PHYLINK dependency
     - platform/x86/intel/pmt: Fix kobject memory leak on init failure
     - bng_en: update module description
     - mcb: Add missing modpost build support
     - net: mdio: rtl9300: use scoped for loops
     - tools/sched_ext: fix scx_show_state.py for scx_root change
     - platform/x86/intel/pmt/discovery: use valid device pointer in
       dev_err_probe
     - net: fib: restore ECMP balance from loopback
     - RDMA/mana_ib: check cqe length for kernel CQs
     - drm/gem-shmem: Fix the MODULE_LICENSE() string
     - kunit: Enforce task execution in {soft,hard}irq contexts
     - ublk: don't pass q_id to ublk_queue_cmd_buf_size()
     - ublk: implement NUMA-aware memory allocation
     - ublk: scan partition in async way
     - drm/xe/guc: READ/WRITE_ONCE g2h_fence->done
     - IB/rxe: Fix missing umem_odp->umem_mutex unlock on error path
     - hisi_acc_vfio_pci: Add .match_token_uuid callback in
       hisi_acc_vfio_pci_migrn_ops
     - mm, swap: do not perform synchronous discard during allocation
     - clk: qcom: mmcc-sdm660: Add missing MDSS reset
     - clk: qcom: Fix SM_VIDEOCC_6350 dependencies
     - [Config] set CONFIG_SM_GCC_6350, CONFIG_SM_VIDEOCC_6350 to '-'
     - clk: qcom: Fix dependencies of QCS_{DISP,GPU,VIDEO}CC_615
     - [Config] set CONFIG_QCS_{DISP,GPU,VIDEO}CC_615 to '-'
     - arm64: dts: ti: k3-am62d2-evm: Fix regulator properties
     - arm64: dts: ti: k3-am62d2-evm: Fix PMIC padconfig
     - arm64: dts: st: Add memory-region-names property for stm32mp257f-ev1
     - arm64: dts: qcom: sm6350: Fix wrong order of freq-table-hz for UFS
     - NFSD: Make FILE_SYNC WRITEs comply with spec
     - nvmet: pci-epf: move DMA initialization to EPC init callback
     - PCI: dwc: Add support for ELBI resource mapping
     - PCI: meson: Fix parsing the DBI register region
     - power: supply: max77705: Fix potential IRQ chip conflict when probing
       two devices
     - media: iris: Refine internal buffer reconfiguration logic for resolution
       change
     - LoongArch: Fix arch_dup_task_struct() for CONFIG_RANDSTRUCT
     - mm/damon/tests/co