UbuntuUpdates.org

Package "linux-lts-xenial"

This package belongs to a PPA: Canonical Kernel Team

Name: linux-lts-xenial

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Linux kernel version specific cloud tools for version 4.4.0-137
  • Linux kernel version specific cloud tools for version 4.4.0-137
  • Linux kernel version specific cloud tools for version 4.4.0-138
  • Linux kernel version specific cloud tools for version 4.4.0-138

Latest version: 4.4.0-138.164~14.04.1
Release: trusty (14.04)
Level: base
Repository: main

Links

Save this URL for the latest version of "linux-lts-xenial": https://www.ubuntuupdates.org/linux-lts-xenial



Other versions of "linux-lts-xenial" in Trusty

Repository Area Version
security main 4.4.0-137.163~14.04.1
updates main 4.4.0-137.163~14.04.1
proposed main 4.4.0-138.164~14.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 4.4.0-138.164~14.04.1 2018-10-05 14:09:02 UTC

 linux-lts-xenial (4.4.0-138.164~14.04.1) trusty; urgency=medium
 .
   * linux-lts-xenial: 4.4.0-138.164~14.04.1 -proposed tracker (LP: #1795584)
 .
   * Improvements to the kernel source package preparation (LP: #1793461)
     - Packaging: update-from-master: allow rebase to be skipped
 .
   [ Ubuntu: 4.4.0-138.164 ]
 .
   * linux: 4.4.0-138.164 -proposed tracker (LP: #1795582)
   * Linux 4.4.155 stable release build is broken on ppc64 (LP: #1795662)
     - powerpc/fadump: Return error when fadump registration fails
   * Kernel hang on drive pull caused by regression introduced by commit
     287922eb0b18 (LP: #1791790)
     - block: Fix a race between blk_cleanup_queue() and timeout handling
   * qeth: use vzalloc for QUERY OAT buffer (LP: #1793086)
     - s390/qeth: use vzalloc for QUERY OAT buffer
   * Page leaking in cachefiles_read_backing_file while vmscan is active
     (LP: #1793430)
     - SAUCE: cachefiles: Page leaking in cachefiles_read_backing_file while vmscan
       is active
   * Bugfix for handling of shadow doorbell buffer (LP: #1788222)
     - nvme-pci: add a memory barrier to nvme_dbbuf_update_and_check_event
   * Xenial update to 4.4.155 stable release (LP: #1792419)
     - net: 6lowpan: fix reserved space for single frames
     - net: mac802154: tx: expand tailroom if necessary
     - 9p/net: Fix zero-copy path in the 9p virtio transport
     - net: lan78xx: Fix misplaced tasklet_schedule() call
     - spi: davinci: fix a NULL pointer dereference
     - drm/i915/userptr: reject zero user_size
     - powerpc/fadump: handle crash memory ranges array index overflow
     - powerpc/pseries: Fix endianness while restoring of r3 in MCE handler.
     - fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed
     - 9p/virtio: fix off-by-one error in sg list bounds check
     - net/9p/client.c: version pointer uninitialized
     - net/9p/trans_fd.c: fix race-condition by flushing workqueue before the
       kfree()
     - dm cache metadata: save in-core policy_hint_size to on-disk superblock
     - iio: ad9523: Fix displayed phase
     - iio: ad9523: Fix return value for ad952x_store()
     - vmw_balloon: fix inflation of 64-bit GFNs
     - vmw_balloon: do not use 2MB without batching
     - vmw_balloon: VMCI_DOORBELL_SET does not check status
     - vmw_balloon: fix VMCI use when balloon built into kernel
     - tracing: Do not call start/stop() functions when tracing_on does not change
     - tracing/blktrace: Fix to allow setting same value
     - kthread, tracing: Don't expose half-written comm when creating kthreads
     - uprobes: Use synchronize_rcu() not synchronize_sched()
     - 9p: fix multiple NULL-pointer-dereferences
     - PM / sleep: wakeup: Fix build error caused by missing SRCU support
     - pnfs/blocklayout: off by one in bl_map_stripe()
     - ARM: tegra: Fix Tegra30 Cardhu PCA954x reset
     - mm/tlb: Remove tlb_remove_table() non-concurrent condition
     - iommu/vt-d: Add definitions for PFSID
     - iommu/vt-d: Fix dev iotlb pfsid use
     - osf_getdomainname(): use copy_to_user()
     - sys: don't hold uts_sem while accessing userspace memory
     - userns: move user access out of the mutex
     - ubifs: Fix memory leak in lprobs self-check
     - Revert "UBIFS: Fix potential integer overflow in allocation"
     - ubifs: Check data node size before truncate
     - ubifs: Fix synced_i_size calculation for xattr inodes
     - pwm: tiehrpwm: Fix disabling of output of PWMs
     - fb: fix lost console when the user unplugs a USB adapter
     - udlfb: set optimal write delay
     - getxattr: use correct xattr length
     - bcache: release dc->writeback_lock properly in bch_writeback_thread()
     - perf auxtrace: Fix queue resize
     - fs/quota: Fix spectre gadget in do_quotactl
     - x86/io: add interface to reserve io memtype for a resource range. (v1.1)
     - drm/drivers: add support for using the arch wc mapping API.
     - Linux 4.4.155
   * Xenial update to 4.4.154 stable release (LP: #1792392)
     - sched/sysctl: Check user input value of sysctl_sched_time_avg
     - Cipso: cipso_v4_optptr enter infinite loop
     - vti6: fix PMTU caching and reporting on xmit
     - xfrm: fix missing dst_release() after policy blocking lbcast and multicast
     - xfrm: free skb if nlsk pointer is NULL
     - mac80211: add stations tied to AP_VLANs during hw reconfig
     - nl80211: Add a missing break in parse_station_flags
     - drm/bridge: adv7511: Reset registers on hotplug
     - scsi: libiscsi: fix possible NULL pointer dereference in case of TMF
     - drm/imx: imx-ldb: disable LDB on driver bind
     - drm/imx: imx-ldb: check if channel is enabled before printing warning
     - usb: gadget: r8a66597: Fix two possible sleep-in-atomic-context bugs in
       init_controller()
     - usb: gadget: r8a66597: Fix a possible sleep-in-atomic-context bugs in
       r8a66597_queue()
     - usb/phy: fix PPC64 build errors in phy-fsl-usb.c
     - tools: usb: ffs-test: Fix build on big endian systems
     - usb: gadget: f_uac2: fix endianness of 'struct cntrl_*_lay3'
     - tools/power turbostat: fix -S on UP systems
     - net: caif: Add a missing rcu_read_unlock() in caif_flow_cb
     - qed: Fix possible race for the link state value.
     - atl1c: reserve min skb headroom
     - net: prevent ISA drivers from building on PPC32
     - can: mpc5xxx_can: check of_iomap return before use
     - i2c: davinci: Avoid zero value of CLKH
     - media: staging: omap4iss: Include asm/cacheflush.h after generic includes
     - bnx2x: Fix invalid memory access in rss hash config path.
     - net: axienet: Fix double deregister of mdio
     - selftests/ftrace: Add snapshot and tracing_on test case
     - zswap: re-check zswap_is_full() after do zswap_shrink()
     - tools/power turbostat: Read extended processor family from CPUID
     - Revert "MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum"
     - enic: handle mtu change for vf properly
  

Source diff to previous version
1793461 Improvements to the kernel source package preparation
1795662 Linux 4.4.155 stable release build is broken on ppc64
1791790 Kernel hang on drive pull caused by regression introduced by commit 287922eb0b18
1793086 qeth: use vzalloc for QUERY OAT buffer
1793430 Page leaking in cachefiles_read_backing_file while vmscan is active
1788222 Bugfix for handling of shadow doorbell buffer
1792419 Xenial update to 4.4.155 stable release
1792392 Xenial update to 4.4.154 stable release
1792383 Xenial update to 4.4.153 stable release
1792377 Xenial update to 4.4.152 stable release
1792340 Xenial update to 4.4.151 stable release
1792336 Xenial update to 4.4.150 stable release
1792310 Xenial update to 4.4.149 stable release
1792174 Xenial update to 4.4.148 stable release
1792109 Xenial update to 4.4.147 stable release
1791953 Xenial update to 4.4.146 stable release
1791942 Xenial update to 4.4.145 stable release
1793753 kernel panic - null pointer dereference on ipset operations
1792044 update ENA driver to latest mainline version
CVE-2018-9363 HID: Bluetooth: hidp: buffer overflow in hidp_process_report

Version: 4.4.0-137.163~14.04.1 2018-09-26 11:09:30 UTC

 linux-lts-xenial (4.4.0-137.163~14.04.1) trusty; urgency=medium
 .
   * CVE-2018-14633
     - iscsi target: Use hex2bin instead of a re-implementation
 .
   * CVE-2018-17182
     - mm: get rid of vmacache_flush_all() entirely
 .
 linux (4.4.0-136.162) xenial; urgency=medium
 .
   * linux: 4.4.0-136.162 -proposed tracker (LP: #1791745)
 .
   * CVE-2017-5753
     - bpf: properly enforce index mask to prevent out-of-bounds speculation
     - Revert "UBUNTU: SAUCE: bpf: Use barrier_nospec() instead of osb()"
     - Revert "bpf: prevent speculative execution in eBPF interpreter"
 .
   * L1TF mitigation not effective in some CPU and RAM combinations
     (LP: #1788563) // CVE-2018-3620 // CVE-2018-3646
     - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
     - x86/speculation/l1tf: Fix off-by-one error when warning that system has too
       much RAM
     - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+
 .
   * CVE-2018-15594
     - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests
 .
   * Xenial update to 4.4.144 stable release (LP: #1791080)
     - KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in
       parallel.
     - x86/MCE: Remove min interval polling limitation
     - fat: fix memory allocation failure handling of match_strdup()
     - ALSA: rawmidi: Change resized buffers atomically
     - ARC: Fix CONFIG_SWAP
     - ARC: mm: allow mprotect to make stack mappings executable
     - mm: memcg: fix use after free in mem_cgroup_iter()
     - ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns
     - ipv6: fix useless rol32 call on hash
     - lib/rhashtable: consider param->min_size when setting initial table size
     - net/ipv4: Set oif in fib_compute_spec_dst
     - net: phy: fix flag masking in __set_phy_supported
     - ptp: fix missing break in switch
     - tg3: Add higher cpu clock for 5762.
     - net: Don't copy pfmemalloc flag in __copy_skb_header()
     - skbuff: Unconditionally copy pfmemalloc in __skb_clone()
     - xhci: Fix perceived dead host due to runtime suspend race with event handler
     - x86/paravirt: Make native_save_fl() extern inline
     - SAUCE: Add missing CPUID_7_EDX defines
     - SAUCE: x86/speculation: Expose indirect_branch_prediction_barrier()
     - x86/pti: Mark constant arrays as __initconst
     - x86/asm/entry/32: Simplify pushes of zeroed pt_regs->REGs
     - x86/entry/64/compat: Clear registers for compat syscalls, to reduce
       speculation attack surface
     - x86/speculation: Clean up various Spectre related details
     - x86/speculation: Fix up array_index_nospec_mask() asm constraint
     - x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend
     - x86/mm: Factor out LDT init from context init
     - x86/mm: Give each mm TLB flush generation a unique ID
     - SAUCE: x86/speculation: Use Indirect Branch Prediction Barrier in context
       switch
     - x86/speculation: Use IBRS if available before calling into firmware
     - x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP
     - selftest/seccomp: Fix the seccomp(2) signature
     - xen: set cpu capabilities from xen_start_kernel()
     - x86/amd: don't set X86_BUG_SYSRET_SS_ATTRS when running under Xen
     - SAUCE: Preserve SPEC_CTRL MSR in new inlines
     - SAUCE: Add Knights Mill to NO SSB list
     - x86/process: Correct and optimize TIF_BLOCKSTEP switch
     - x86/process: Optimize TIF_NOTSC switch
     - Revert "x86/cpufeatures: Add FEATURE_ZEN"
     - Revert "x86/cpu/AMD: Fix erratum 1076 (CPB bit)"
     - x86/cpu/AMD: Fix erratum 1076 (CPB bit)
     - x86/cpufeatures: Add FEATURE_ZEN
     - x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths
     - x86/cpu: Re-apply forced caps every time CPU caps are re-read
     - block: do not use interruptible wait anywhere
     - clk: tegra: Fix PLL_U post divider and initial rate on Tegra30
     - ubi: Introduce vol_ignored()
     - ubi: Rework Fastmap attach base code
     - ubi: Be more paranoid while seaching for the most recent Fastmap
     - ubi: Fix races around ubi_refill_pools()
     - ubi: Fix Fastmap's update_vol()
     - ubi: fastmap: Erase outdated anchor PEBs during attach
     - Linux 4.4.144
 .
   * CVE-2017-5715 (Spectre v2 s390x)
     - s390: detect etoken facility
     - s390/lib: use expoline for all bcr instructions
     - SAUCE: s390: use expoline thunks for all branches generated by the BPF JIT
 .
   * Xenial update to 4.4.143 stable release (LP: #1790884)
     - compiler, clang: suppress warning for unused static inline functions
     - compiler, clang: properly override 'inline' for clang
     - compiler, clang: always inline when CONFIG_OPTIMIZE_INLINING is disabled
     - compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations
     - x86/asm: Add _ASM_ARG* constants for argument registers to
     - ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent
     - bcm63xx_enet: correct clock usage
     - bcm63xx_enet: do not write to random DMA channel on BCM6345
     - crypto: crypto4xx - remove bad list_del
     - crypto: crypto4xx - fix crypto4xx_build_pdr, crypto4xx_build_sdr leak
     - atm: zatm: Fix potential Spectre v1
     - net: dccp: avoid crash in ccid3_hc_rx_send_feedback()
     - net: dccp: switch rx_tstamp_last_feedback to monotonic clock
     - net/mlx5: Fix incorrect raw command length parsing
     - net: sungem: fix rx checksum support
     - qed: Limit msix vectors in kdump kernel to the minimum required count.
     - r8152: napi hangup fix after disconnect
     - tcp: fix Fast Open key endianness
     - tcp: prevent bogus FRTO undos with non-SACK flows
     - vhost_net: validate sock before trying to put its fd
     - net_sched: blackhole: tell upper qdisc about dropped packets
     - net/mlx5: Fix command interface race in polling mode
     - net: cxgb3_main: fix potential Spectre v1
     - rtlwifi: rtl8821ae: fix firmware

Source diff to previous version
1788563 L1TF mitigation not effective in some CPU and RAM combinations
1791080 Xenial update to 4.4.144 stable release
1790884 Xenial update to 4.4.143 stable release
1790883 Xenial update to 4.4.142 stable release
1790620 Xenial update to 4.4.141 stable release
1789653 regression with EXT4 file systems and meta_bg flag
1790480 random oopses on s390 systems using NVMe devices
1787281 errors when scanning partition table of corrupted AIX disk
CVE-2018-14633 A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request f
CVE-2018-17182 An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An
CVE-2017-5753 Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker wi
CVE-2018-3620 L1 Terminal Fault-OS/SMM Foreshadow-NG
CVE-2018-3646 L1 Terminal Fault-VMM
CVE-2018-15594 arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectr
CVE-2017-5715 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an at
CVE-2018-15572 The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context swi
CVE-2018-6555 The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users
CVE-2018-6554 Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows lo

Version: 4.4.0-136.162~14.04.1 2018-09-12 16:08:05 UTC

 linux-lts-xenial (4.4.0-136.162~14.04.1) trusty; urgency=medium
 .
   * linux-lts-xenial: 4.4.0-136.162~14.04.1 -proposed tracker (LP: #1791747)
 .
   * linux: 4.4.0-136.162 -proposed tracker (LP: #1791745)
 .
   * CVE-2017-5753
     - bpf: properly enforce index mask to prevent out-of-bounds speculation
     - Revert "UBUNTU: SAUCE: bpf: Use barrier_nospec() instead of osb()"
     - Revert "bpf: prevent speculative execution in eBPF interpreter"
 .
   * L1TF mitigation not effective in some CPU and RAM combinations
     (LP: #1788563) // CVE-2018-3620 // CVE-2018-3646
     - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
     - x86/speculation/l1tf: Fix off-by-one error when warning that system has too
       much RAM
     - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+
 .
   * CVE-2018-15594
     - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests
 .
   * Xenial update to 4.4.144 stable release (LP: #1791080)
     - KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in
       parallel.
     - x86/MCE: Remove min interval polling limitation
     - fat: fix memory allocation failure handling of match_strdup()
     - ALSA: rawmidi: Change resized buffers atomically
     - ARC: Fix CONFIG_SWAP
     - ARC: mm: allow mprotect to make stack mappings executable
     - mm: memcg: fix use after free in mem_cgroup_iter()
     - ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns
     - ipv6: fix useless rol32 call on hash
     - lib/rhashtable: consider param->min_size when setting initial table size
     - net/ipv4: Set oif in fib_compute_spec_dst
     - net: phy: fix flag masking in __set_phy_supported
     - ptp: fix missing break in switch
     - tg3: Add higher cpu clock for 5762.
     - net: Don't copy pfmemalloc flag in __copy_skb_header()
     - skbuff: Unconditionally copy pfmemalloc in __skb_clone()
     - xhci: Fix perceived dead host due to runtime suspend race with event handler
     - x86/paravirt: Make native_save_fl() extern inline
     - SAUCE: Add missing CPUID_7_EDX defines
     - SAUCE: x86/speculation: Expose indirect_branch_prediction_barrier()
     - x86/pti: Mark constant arrays as __initconst
     - x86/asm/entry/32: Simplify pushes of zeroed pt_regs->REGs
     - x86/entry/64/compat: Clear registers for compat syscalls, to reduce
       speculation attack surface
     - x86/speculation: Clean up various Spectre related details
     - x86/speculation: Fix up array_index_nospec_mask() asm constraint
     - x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend
     - x86/mm: Factor out LDT init from context init
     - x86/mm: Give each mm TLB flush generation a unique ID
     - SAUCE: x86/speculation: Use Indirect Branch Prediction Barrier in context
       switch
     - x86/speculation: Use IBRS if available before calling into firmware
     - x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP
     - selftest/seccomp: Fix the seccomp(2) signature
     - xen: set cpu capabilities from xen_start_kernel()
     - x86/amd: don't set X86_BUG_SYSRET_SS_ATTRS when running under Xen
     - SAUCE: Preserve SPEC_CTRL MSR in new inlines
     - SAUCE: Add Knights Mill to NO SSB list
     - x86/process: Correct and optimize TIF_BLOCKSTEP switch
     - x86/process: Optimize TIF_NOTSC switch
     - Revert "x86/cpufeatures: Add FEATURE_ZEN"
     - Revert "x86/cpu/AMD: Fix erratum 1076 (CPB bit)"
     - x86/cpu/AMD: Fix erratum 1076 (CPB bit)
     - x86/cpufeatures: Add FEATURE_ZEN
     - x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths
     - x86/cpu: Re-apply forced caps every time CPU caps are re-read
     - block: do not use interruptible wait anywhere
     - clk: tegra: Fix PLL_U post divider and initial rate on Tegra30
     - ubi: Introduce vol_ignored()
     - ubi: Rework Fastmap attach base code
     - ubi: Be more paranoid while seaching for the most recent Fastmap
     - ubi: Fix races around ubi_refill_pools()
     - ubi: Fix Fastmap's update_vol()
     - ubi: fastmap: Erase outdated anchor PEBs during attach
     - Linux 4.4.144
 .
   * CVE-2017-5715 (Spectre v2 s390x)
     - s390: detect etoken facility
     - s390/lib: use expoline for all bcr instructions
     - SAUCE: s390: use expoline thunks for all branches generated by the BPF JIT
 .
   * Xenial update to 4.4.143 stable release (LP: #1790884)
     - compiler, clang: suppress warning for unused static inline functions
     - compiler, clang: properly override 'inline' for clang
     - compiler, clang: always inline when CONFIG_OPTIMIZE_INLINING is disabled
     - compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations
     - x86/asm: Add _ASM_ARG* constants for argument registers to
     - ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent
     - bcm63xx_enet: correct clock usage
     - bcm63xx_enet: do not write to random DMA channel on BCM6345
     - crypto: crypto4xx - remove bad list_del
     - crypto: crypto4xx - fix crypto4xx_build_pdr, crypto4xx_build_sdr leak
     - atm: zatm: Fix potential Spectre v1
     - net: dccp: avoid crash in ccid3_hc_rx_send_feedback()
     - net: dccp: switch rx_tstamp_last_feedback to monotonic clock
     - net/mlx5: Fix incorrect raw command length parsing
     - net: sungem: fix rx checksum support
     - qed: Limit msix vectors in kdump kernel to the minimum required count.
     - r8152: napi hangup fix after disconnect
     - tcp: fix Fast Open key endianness
     - tcp: prevent bogus FRTO undos with non-SACK flows
     - vhost_net: validate sock before trying to put its fd
     - net_sched: blackhole: tell upper qdisc about dropped packets
     - net/mlx5: Fix command interface race in polling mode
     - net: cxgb3_main: fix potential Spectre v1
     - rtlwifi: rtl8821ae: fix firmware is not ready to run
     - MIPS: Call dump_stack() from show_regs()
     - MIPS: Use async IPIs for arch_trigger_cpumask_backtrac

Source diff to previous version
1788563 L1TF mitigation not effective in some CPU and RAM combinations
1791080 Xenial update to 4.4.144 stable release
1790884 Xenial update to 4.4.143 stable release
1790883 Xenial update to 4.4.142 stable release
1790620 Xenial update to 4.4.141 stable release
1789653 regression with EXT4 file systems and meta_bg flag
1790480 random oopses on s390 systems using NVMe devices
1787281 errors when scanning partition table of corrupted AIX disk
CVE-2017-5753 Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker wi
CVE-2018-3620 L1 Terminal Fault-OS/SMM Foreshadow-NG
CVE-2018-3646 L1 Terminal Fault-VMM
CVE-2018-15594 arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectr
CVE-2017-5715 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an at
CVE-2018-15572 The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context swi
CVE-2018-6555 The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users
CVE-2018-6554 Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows lo

Version: 4.4.0-135.161~14.04.1 2018-08-28 21:08:36 UTC

 linux-lts-xenial (4.4.0-135.161~14.04.1) trusty; urgency=medium
 .
   * linux-lts-xenial: 4.4.0-135.161~14.04.1 -proposed tracker (LP: #1788768)
 .
   * linux: 4.4.0-135.161 -proposed tracker (LP: #1788766)
 .
   * [Regression] APM Merlin boards fail to recover link after interface down/up
     (LP: #1785739)
     - net: phylib: fix interrupts re-enablement in phy_start
     - net: phy: fix phy_start to consider PHY_IGNORE_INTERRUPT
 .
   * qeth: don't clobber buffer on async TX completion (LP: #1786057)
     - s390/qeth: don't clobber buffer on async TX completion
 .
   * nvme: avoid cqe corruption (LP: #1788035)
     - nvme: avoid cqe corruption when update at the same time as read
 .
   * CacheFiles: Error: Overlong wait for old active object to go away.
     (LP: #1776254)
     - cachefiles: Fix missing clear of the CACHEFILES_OBJECT_ACTIVE flag
     - cachefiles: Wait rather than BUG'ing on "Unexpected object collision"
 .
   * fscache cookie refcount updated incorrectly during fscache object allocation
     (LP: #1776277) // fscache cookie refcount updated incorrectly during fscache
     object allocation (LP: #1776277)
     - fscache: Fix reference overput in fscache_attach_object() error handling
 .
   * FS-Cache: Assertion failed: FS-Cache: 6 == 5 is false (LP: #1774336)
     - Revert "UBUNTU: SAUCE: CacheFiles: fix a read_waiter/read_copier race"
     - fscache: Allow cancelled operations to be enqueued
     - cachefiles: Fix refcounting bug in backing-file read monitoring
 .
   * linux-cloud-tools-common: Ensure hv-kvp-daemon.service starts before
     walinuxagent.service (LP: #1739107)
     - [Debian] hyper-v -- Ensure that hv-kvp-daemon.service starts before
       walinuxagent.service

Source diff to previous version
1785739 [Regression] APM Merlin boards fail to recover link after interface down/up
1786057 qeth: don't clobber buffer on async TX completion
1788035 nvme: avoid cqe corruption
1776254 CacheFiles: Error: Overlong wait for old active object to go away.
1776277 fscache cookie refcount updated incorrectly during fscache object allocation
1774336 FS-Cache: Assertion failed: FS-Cache: 6 == 5 is false
1739107 linux-cloud-tools-common: Ensure hv-kvp-daemon.service starts before walinuxagent.service

Version: 4.4.0-134.160~14.04.1 2018-08-17 18:09:29 UTC

 linux-lts-xenial (4.4.0-134.160~14.04.1) trusty; urgency=medium
 .
   * linux-lts-xenial: 4.4.0-134.160~14.04.1 -proposed tracker (LP: #1787179)
 .
   * linux: 4.4.0-134.160 -proposed tracker (LP: #1787177)
 .
   * locking sockets broken due to missing AppArmor socket mediation patches
     (LP: #1780227)
     - UBUNTU SAUCE: apparmor: fix apparmor mediating locking non-fs, unix sockets
 .
   * Backport namespaced fscaps to xenial 4.4 (LP: #1778286)
     - Introduce v3 namespaced file capabilities
     - commoncap: move assignment of fs_ns to avoid null pointer dereference
     - capabilities: fix buffer overread on very short xattr
     - commoncap: Handle memory allocation failure.
 .
   * Xenial update to 4.4.140 stable release (LP: #1784409)
     - usb: cdc_acm: Add quirk for Uniden UBC125 scanner
     - USB: serial: cp210x: add CESINEL device ids
     - USB: serial: cp210x: add Silicon Labs IDs for Windows Update
     - n_tty: Fix stall at n_tty_receive_char_special().
     - staging: android: ion: Return an ERR_PTR in ion_map_kernel
     - n_tty: Access echo_* variables carefully.
     - x86/boot: Fix early command-line parsing when matching at end
     - ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode
     - i2c: rcar: fix resume by always initializing registers before transfer
     - ipv4: Fix error return value in fib_convert_metrics()
     - kprobes/x86: Do not modify singlestep buffer while resuming
     - nvme-pci: initialize queue memory before interrupts
     - netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_chain()
     - ARM: dts: imx6q: Use correct SDMA script for SPI5 core
     - ubi: fastmap: Correctly handle interrupted erasures in EBA
     - mm: hugetlb: yield when prepping struct pages
     - tracing: Fix missing return symbol in function_graph output
     - scsi: sg: mitigate read/write abuse
     - s390: Correct register corruption in critical section cleanup
     - drbd: fix access after free
     - cifs: Fix infinite loop when using hard mount option
     - jbd2: don't mark block as modified if the handle is out of credits
     - ext4: make sure bitmaps and the inode table don't overlap with bg
       descriptors
     - ext4: always check block group bounds in ext4_init_block_bitmap()
     - ext4: only look at the bg_flags field if it is valid
     - ext4: verify the depth of extent tree in ext4_find_extent()
     - ext4: include the illegal physical block in the bad map ext4_error msg
     - ext4: clear i_data in ext4_inode_info when removing inline data
     - ext4: add more inode number paranoia checks
     - ext4: add more mount time checks of the superblock
     - ext4: check superblock mapped prior to committing
     - HID: i2c-hid: Fix "incomplete report" noise
     - HID: hiddev: fix potential Spectre v1
     - HID: debug: check length before copy_to_user()
     - x86/mce: Detect local MCEs properly
     - x86/mce: Fix incorrect "Machine check from unknown source" message
     - media: cx25840: Use subdev host data for PLL override
     - mm, page_alloc: do not break __GFP_THISNODE by zonelist reset
     - dm bufio: avoid sleeping while holding the dm_bufio lock
     - dm bufio: drop the lock when doing GFP_NOIO allocation
     - mtd: rawnand: mxc: set spare area size register explicitly
     - dm bufio: don't take the lock in dm_bufio_shrink_count
     - mtd: cfi_cmdset_0002: Change definition naming to retry write operation
     - mtd: cfi_cmdset_0002: Change erase functions to retry for error
     - mtd: cfi_cmdset_0002: Change erase functions to check chip good only
     - netfilter: nf_log: don't hold nf_log_mutex during user access
     - staging: comedi: quatech_daqp_cs: fix no-op loop daqp_ao_insn_write()
     - Linux 4.4.140
 .
   * Xenial update to 4.4.139 stable release (LP: #1784382)
     - xfrm6: avoid potential infinite loop in _decode_session6()
     - netfilter: ebtables: handle string from userspace with care
     - ipvs: fix buffer overflow with sync daemon and service
     - atm: zatm: fix memcmp casting
     - net: qmi_wwan: Add Netgear Aircard 779S
     - net/sonic: Use dma_mapping_error()
     - Revert "Btrfs: fix scrub to repair raid6 corruption"
     - tcp: do not overshoot window_clamp in tcp_rcv_space_adjust()
     - Btrfs: make raid6 rebuild retry more
     - usb: musb: fix remote wakeup racing with suspend
     - bonding: re-evaluate force_primary when the primary slave name changes
     - tcp: verify the checksum of the first data segment in a new connection
     - ext4: update mtime in ext4_punch_hole even if no blocks are released
     - ext4: fix fencepost error in check for inode count overflow during resize
     - driver core: Don't ignore class_dir_create_and_add() failure.
     - btrfs: scrub: Don't use inode pages for device replace
     - ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream()
     - ALSA: hda: add dock and led support for HP EliteBook 830 G5
     - ALSA: hda: add dock and led support for HP ProBook 640 G4
     - cpufreq: Fix new policy initialization during limits updates via sysfs
     - libata: zpodd: make arrays cdb static, reduces object code size
     - libata: zpodd: small read overflow in eject_tray()
     - libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk
     - w1: mxc_w1: Enable clock before calling clk_get_rate() on it
     - x86/spectre_v1: Disable compiler optimizations over
       array_index_mask_nospec()
     - m68k/mm: Adjust VM area to be unmapped by gap size for __iounmap()
     - serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding version
     - signal/xtensa: Consistenly use SIGBUS in do_unaligned_user
     - usb: do not reset if a low-speed or full-speed device timed out
     - 1wire: family module autoload fails because of upper/lower case mismatch.
     - ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it
     - ASoC: cirrus: i2s: Fix LRCLK configuration
     - ASoC: cirrus: i2s: Fix {TX|RX}LinCtr

1780227 locking sockets broken due to missing AppArmor socket mediation patches
1778286 Backport namespaced fscaps to xenial 4.4
1784409 Xenial update to 4.4.140 stable release
1784382 Xenial update to 4.4.139 stable release
1620762 Support AverMedia DVD EZMaker 7 USB video capture dongle
1779830 vfio/pci: cannot assign a i40e pf device to a vm using vfio-pci
1781364 Kernel error \
1759848 Allow multiple mounts of zfs datasets
1773410 Redpine: Observed kernel panic while running wireless tests in regression mode
1777850 Redpine: Observed kernel panic while running soft-ap tests
1783241 [HMS] Upgrades to Support SocketCAN over USB on Dell IoT 300x Gateways
1779923 other users' coredumps can be read via setgid directory and killpriv bypass
1782116 snapcraft.yaml: missing ubuntu-retpoline-extract-one script breaks the build
1783152 Enable basic support for Solarflare 8000 series NIC
1777858 Redpine: Observed kernel panic while running wireless regressions tests
1777389 Xenial update to 4.4.138 stable release
1773400 Redpine: wifi-ap stopped working after restart
1777063 Xenial update to 4.4.137 stable release
1776177 Xenial update to 4.4.136 stable release
1776158 Xenial update to 4.4.135 stable release
CVE-2018-12233 In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twic
CVE-2018-13094 An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da
CVE-2018-13405 The inode_init_owner function in fs/inode.c in the Linux kernel through 4.17.4 allows local users to create files with an unintended group ownership,



About   -   Send Feedback to @ubuntu_updates