UbuntuUpdates.org

Package "linux-lts-xenial"

This package belongs to a PPA: Canonical Kernel Team

Name: linux-lts-xenial

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Linux kernel buildinfo for version 4.4.0 on 32 bit x86 SMP
  • Linux kernel buildinfo for version 4.4.0 on 32 bit x86 SMP
  • Linux kernel buildinfo for version 4.4.0 on 32 bit x86 SMP
  • Linux kernel buildinfo for version 4.4.0 on 32 bit x86 SMP

Latest version: 4.4.0-144.170~14.04.1
Release: trusty (14.04)
Level: base
Repository: main

Links

Save this URL for the latest version of "linux-lts-xenial": https://www.ubuntuupdates.org/linux-lts-xenial



Other versions of "linux-lts-xenial" in Trusty

Repository Area Version
security main 4.4.0-143.169~14.04.2
updates main 4.4.0-143.169~14.04.2
proposed main 4.4.0-144.170~14.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 4.4.0-144.170~14.04.1 2019-03-18 18:07:45 UTC

 linux-lts-xenial (4.4.0-144.170~14.04.1) trusty; urgency=medium
 .
   * linux-lts-xenial: 4.4.0-144.170~14.04.1 -proposed tracker (LP: #1819659)
 .
   * Packaging resync (LP: #1786013)
     - [Packaging] resync getabis
     - [Packaging] update update.conf
 .
   * Strip specific changes from update-from-*master (LP: #1817734)
     - Packaging: Introduce copy-files and local-mangle
     - Packaging: Make update-from-*master call copy-files
 .
   [ Ubuntu: 4.4.0-144.170 ]
 .
   * linux: 4.4.0-144.170 -proposed tracker (LP: #1819660)
   * Packaging resync (LP: #1786013)
     - [Packaging] resync getabis
     - [Packaging] update helper scripts
     - [Packaging] resync retpoline extraction
   * C++ demangling support missing from perf (LP: #1396654)
     - [Packaging] fix a mistype
   * CVE-2019-9213
     - mm: enforce min addr even if capable() in expand_downwards()
   * CVE-2019-3460
     - Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt
   * Xenial update: 4.4.176 upstream stable release (LP: #1818815)
     - net: fix IPv6 prefix route residue
     - vsock: cope with memory allocation failure at socket creation time
     - hwmon: (lm80) Fix missing unlock on error in set_fan_div()
     - net: Fix for_each_netdev_feature on Big endian
     - net: Add header for usage of fls64()
     - tcp: tcp_v4_err() should be more careful
     - net: Do not allocate page fragments that are not skb aligned
     - tcp: clear icsk_backoff in tcp_write_queue_purge()
     - vxlan: test dev->flags & IFF_UP before calling netif_rx()
     - net: stmmac: Fix a race in EEE enable callback
     - net: ipv4: use a dedicated counter for icmp_v4 redirect packets
     - x86: livepatch: Treat R_X86_64_PLT32 as R_X86_64_PC32
     - mfd: as3722: Handle interrupts on suspend
     - mfd: as3722: Mark PM functions as __maybe_unused
     - net/x25: do not hold the cpu too long in x25_new_lci()
     - mISDN: fix a race in dev_expire_timer()
     - ax25: fix possible use-after-free
     - Linux 4.4.176
   * sky2 ethernet card don't work after returning from suspension
     (LP: #1798921) // Xenial update: 4.4.176 upstream stable release
     (LP: #1818815)
     - sky2: Increase D3 delay again
   * Xenial update: 4.4.175 upstream stable release (LP: #1818813)
     - drm/bufs: Fix Spectre v1 vulnerability
     - staging: iio: adc: ad7280a: handle error from __ad7280_read32()
     - ASoC: Intel: mrfld: fix uninitialized variable access
     - scsi: lpfc: Correct LCB RJT handling
     - ARM: 8808/1: kexec:offline panic_smp_self_stop CPU
     - dlm: Don't swamp the CPU with callbacks queued during recovery
     - x86/PCI: Fix Broadcom CNB20LE unintended sign extension (redux)
     - powerpc/pseries: add of_node_put() in dlpar_detach_node()
     - serial: fsl_lpuart: clear parity enable bit when disable parity
     - ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl
     - staging:iio:ad2s90: Make probe handle spi_setup failure
     - staging: iio: ad7780: update voltage on read
     - ARM: OMAP2+: hwmod: Fix some section annotations
     - modpost: validate symbol names also in find_elf_symbol
     - perf tools: Add Hygon Dhyana support
     - soc/tegra: Don't leak device tree node reference
     - f2fs: move dir data flush to write checkpoint process
     - f2fs: fix wrong return value of f2fs_acl_create
     - sunvdc: Do not spin in an infinite loop when vio_ldc_send() returns EAGAIN
     - nfsd4: fix crash on writing v4_end_grace before nfsd startup
     - arm64: ftrace: don't adjust the LR value
     - ARM: dts: mmp2: fix TWSI2
     - x86/fpu: Add might_fault() to user_insn()
     - media: DaVinci-VPBE: fix error handling in vpbe_initialize()
     - smack: fix access permissions for keyring
     - usb: hub: delay hub autosuspend if USB3 port is still link training
     - timekeeping: Use proper seqcount initializer
     - ARM: dts: Fix OMAP4430 SDP Ethernet startup
     - mips: bpf: fix encoding bug for mm_srlv32_op
     - iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer
     - sata_rcar: fix deferred probing
     - clk: imx6sl: ensure MMDC CH0 handshake is bypassed
     - cpuidle: big.LITTLE: fix refcount leak
     - i2c-axxia: check for error conditions first
     - udf: Fix BUG on corrupted inode
     - ARM: pxa: avoid section mismatch warning
     - ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M
     - memstick: Prevent memstick host from getting runtime suspended during card
       detection
     - tty: serial: samsung: Properly set flags in autoCTS mode
     - arm64: KVM: Skip MMIO insn after emulation
     - powerpc/uaccess: fix warning/error with access_ok()
     - mac80211: fix radiotap vendor presence bitmap handling
     - xfrm6_tunnel: Fix spi check in __xfrm6_tunnel_alloc_spi
     - Bluetooth: Fix unnecessary error message for HCI request completion
     - cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan()
     - drbd: narrow rcu_read_lock in drbd_sync_handshake
     - drbd: disconnect, if the wrong UUIDs are attached on a connected peer
     - drbd: skip spurious timeout (ping-timeo) when failing promote
     - drbd: Avoid Clang warning about pointless switch statment
     - video: clps711x-fb: release disp device node in probe()
     - fbdev: fbmem: behave better with small rotated displays and many CPUs
     - fbdev: fbcon: Fix unregister crash when more than one framebuffer
     - KVM: x86: svm: report MSR_IA32_MCG_EXT_CTL as unsupported
     - NFS: nfs_compare_mount_options always compare auth flavors.
     - hwmon: (lm80) fix a missing check of the status of SMBus read
     - hwmon: (lm80) fix a missing check of bus read in lm80 probe
     - seq_buf: Make seq_buf_puts() null-terminate the buffer
     - crypto: ux500 - Use proper enum in cryp_set_dma_transfer
     - crypto: ux500 - Use proper enum in hash_set_dma_transfer
     - cifs: check ntwrk_buf_start for NULL before dereferencing it
     - um: Avoid marking pages with "changed pro

Source diff to previous version
1786013 Packaging resync
1817734 Strip specific changes from update-from-*master
1818815 Xenial update: 4.4.176 upstream stable release
1798921 sky2 ethernet card don't work after returning from suspension
1818813 Xenial update: 4.4.175 upstream stable release
1818806 Xenial update: 4.4.174 upstream stable release
1818803 Xenial update: 4.4.173 upstream stable release
1818797 Xenial update: 4.4.172 upstream stable release
1818237 Xenial update: 4.4.171 upstream stable release
1752072 [Packaging] Allow overlay of config annotations
1816756 squashfs hardening
1816806 Update ENA driver to version 2.0.3K
1814095 bnxt_en_po: TX timed out triggering Netdev Watchdog Timer
1817628 Regular D-state processes impacting LXD containers
1817784 libsas disks can have non-unique by-path names
1817918 Hard lockups due to unrestricted lapic timer delay
CVE-2019-9213 In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to
CVE-2019-3460 Heap data infoleak in multiple locations including functionl2cap_parse_conf_rsp
CVE-2018-9517 In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execut
CVE-2019-3459 Heap address infoleak in use of l2cap_get_conf_opt
CVE-2019-7222 KVM: x86: work around leak of uninitialized stack contents
CVE-2019-7221 KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer
CVE-2019-6974 In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading

Version: 4.4.0-143.169~14.04.2 2019-02-14 00:07:36 UTC

 linux-lts-xenial (4.4.0-143.169~14.04.2) trusty; urgency=medium
 .
   * linux-lts-xenial: 4.4.0-143.169~14.04.2 -proposed tracker (LP: #1814649)
 .
   * Packaging resync (LP: #1786013)
     - [Packaging] update helper scripts
 .
   * signing: only install a signed kernel (LP: #1764794)
     - [Config] linux-headers common package is in the linux namespace
 .
   * linux-buildinfo: pull out ABI information into its own package
     (LP: #1806380)
     - [Packaging] drop redundant = from define statements
     - [Config] resync flavour-control.stub
 .
   [ Ubuntu: 4.4.0-143.169 ]
 .
   * linux: 4.4.0-143.169 -proposed tracker (LP: #1814647)
   * x86/kvm: Backport fixup and missing commits (LP: #1811646)
     - KVM: x86: avoid vmalloc(0) in the KVM_SET_CPUID
     - kvm: nVMX: VMCLEAR an active shadow VMCS after last use
     - X86/nVMX: Properly set spec_ctrl and pred_cmd before merging MSRs
     - KVM/VMX: Optimize vmx_vcpu_run() and svm_vcpu_run() by marking the RDMSR
       path as unlikely()
     - kvm: x86: IA32_ARCH_CAPABILITIES is always supported
     - KVM: SVM: Add MSR-based feature support for serializing LFENCE
     - KVM: X86: Allow userspace to define the microcode version
     - KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled
     - KVM: VMX: fixes for vmentry_l1d_flush module parameter
     - kvm: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb
     - kvm: vmx: Scrub hardware GPRs at VM-exit
     - SAUCE: [Fix] x86/KVM/VMX: Add L1D flush logic
     - SAUCE: KVM: Move code fragments, cleanup and re-indent
   * linux-buildinfo: pull out ABI information into its own package
     (LP: #1806380)
     - [Packaging] limit preparation to linux-libc-dev in headers
     - [Packaging] commonise debhelper invocation
     - [Packaging] ABI -- accumulate abi information at the end of the build
     - [Packaging] buildinfo -- add basic build information
     - [Packaging] buildinfo -- add firmware information to the flavour ABI
     - [Packaging] buildinfo -- add compiler information to the flavour ABI
     - [Packaging] buildinfo -- add buildinfo support to getabis
     - [Config] buildinfo -- add retpoline version markers
     - [Packaging] getabis -- handle all known package combinations
     - [Packaging] getabis -- support parsing a simple version
   * signing: only install a signed kernel (LP: #1764794)
     - [Packaging] update to Debian like control scripts
     - [Packaging] switch to triggers for postinst.d postrm.d handling
     - [Packaging] signing -- switch to raw-signing tarballs
     - [Packaging] signing -- switch to linux-image as signed when available
     - [Packaging] printenv -- add signing options
     - [Packaging] fix invocation of header postinst hooks
     - [Packaging] signing -- add support for signing Opal kernel binaries
     - [Debian] Use src_pkg_name when constructing udeb control files
     - [Debian] Dynamically determine linux udebs package name
     - [Packaging] handle both linux-lts* and linux-hwe* as backports
     - [Config] linux-source-* is in the primary linux namespace
     - [Packaging] lookup the upstream tag
     - [Packaging] zfs/spl -- enhance provides information
     - [Packaging] switch up to debhelper 9
     - [Packaging] autopkgtest -- disable d-i when dropping flavours
     - [debian] support for ship_extras_package=false
     - [Debian] do_common_tools should always be on
     - [debian] do not force do_tools_common
     - [Packaging] Add linux-tools-host package for VM host tools
     - [Packaging] signing should be conditional
     - [Packaging] skip cloud tools packaging when not building package
     - [Packaging] add acpidbg
     - [debian] prep linux-libc-dev only if do_libc_dev_package=true
     - [Packaging] Only install cloud init files when do_tools_common=true
   * Redpine: Driver crash with network-manager 1.10 and above (LP: #1813869)
     - SAUCE: Redpine: enhancement for MAC spoofing to avoid kernel crash
   * Guests using IBRS incur a large performance penalty (LP: #1764956)
     - SAUCE: Restore the IBRS host state on VMEXIT
   * Xenial update: 4.4.170 upstream stable release (LP: #1811647)
     - USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data
     - xhci: Don't prevent USB2 bus suspend in state check intended for USB3 only
     - USB: serial: option: add GosunCn ZTE WeLink ME3630
     - USB: serial: option: add HP lt4132
     - USB: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode)
     - USB: serial: option: add Fibocom NL668 series
     - USB: serial: option: add Telit LN940 series
     - mmc: core: Reset HPI enabled state during re-init and in case of errors
     - mmc: omap_hsmmc: fix DMA API warning
     - gpio: max7301: fix driver for use with CONFIG_VMAP_STACK
     - Drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels
     - x86/mtrr: Don't copy uninitialized gentry fields back to userspace
     - drm/ioctl: Fix Spectre v1 vulnerabilities
     - ip6mr: Fix potential Spectre v1 vulnerability
     - ipv4: Fix potential Spectre v1 vulnerability
     - ax25: fix a use-after-free in ax25_fillin_cb()
     - ibmveth: fix DMA unmap error in ibmveth_xmit_start error path
     - ieee802154: lowpan_header_create check must check daddr
     - ipv6: explicitly initialize udp6_addr in udp_sock_create6()
     - isdn: fix kernel-infoleak in capi_unlocked_ioctl
     - netrom: fix locking in nr_find_socket()
     - packet: validate address length
     - packet: validate address length if non-zero
     - sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event
     - vhost: make sure used idx is seen before log in vhost_add_used_n()
     - VSOCK: Send reset control packet when socket is partially bound
     - xen/netfront: tolerate frags with no data
     - gro_cell: add napi_disable in gro_cells_destroy
     - sock: Make sock->sk_stamp thread-safe
     - ALSA: rme9652: Fix potential Spectre v1 vulnerability
     - ALSA: emu1

Source diff to previous version
1786013 Packaging resync
1764794 signing: only install a signed kernel
1806380 linux-buildinfo: pull out ABI information into its own package
1811646 x86/kvm: Backport fixup and missing commits
1813869 Redpine: Driver crash with network-manager 1.10 and above
1764956 Guests using IBRS incur a large performance penalty
1811647 Xenial update: 4.4.170 upstream stable release
1811252 Xenial update: 4.4.169 upstream stable release
1811080 Xenial update: 4.4.168 upstream stable release
1793901 kernel oops in bcache module
1813873 Userspace break as a result of missing patch backport
1811803 Crash on \
CVE-2019-6133 In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization deci

Version: 4.4.0-143.169~14.04.1 2019-02-08 14:09:14 UTC

 linux-lts-xenial (4.4.0-143.169~14.04.1) trusty; urgency=medium
 .
   * linux-lts-xenial: 4.4.0-143.169~14.04.1 -proposed tracker (LP: #1814649)
 .
   * linux-buildinfo: pull out ABI information into its own package
     (LP: #1806380)
     - [Packaging] drop redundant = from define statements
     - [Config] resync flavour-control.stub
 .
   [ Ubuntu: 4.4.0-143.169 ]
 .
   * linux: 4.4.0-143.169 -proposed tracker (LP: #1814647)
   * x86/kvm: Backport fixup and missing commits (LP: #1811646)
     - KVM: x86: avoid vmalloc(0) in the KVM_SET_CPUID
     - kvm: nVMX: VMCLEAR an active shadow VMCS after last use
     - X86/nVMX: Properly set spec_ctrl and pred_cmd before merging MSRs
     - KVM/VMX: Optimize vmx_vcpu_run() and svm_vcpu_run() by marking the RDMSR
       path as unlikely()
     - kvm: x86: IA32_ARCH_CAPABILITIES is always supported
     - KVM: SVM: Add MSR-based feature support for serializing LFENCE
     - KVM: X86: Allow userspace to define the microcode version
     - KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled
     - KVM: VMX: fixes for vmentry_l1d_flush module parameter
     - kvm: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb
     - kvm: vmx: Scrub hardware GPRs at VM-exit
     - SAUCE: [Fix] x86/KVM/VMX: Add L1D flush logic
     - SAUCE: KVM: Move code fragments, cleanup and re-indent
   * linux-buildinfo: pull out ABI information into its own package
     (LP: #1806380)
     - [Packaging] limit preparation to linux-libc-dev in headers
     - [Packaging] commonise debhelper invocation
     - [Packaging] ABI -- accumulate abi information at the end of the build
     - [Packaging] buildinfo -- add basic build information
     - [Packaging] buildinfo -- add firmware information to the flavour ABI
     - [Packaging] buildinfo -- add compiler information to the flavour ABI
     - [Packaging] buildinfo -- add buildinfo support to getabis
     - [Config] buildinfo -- add retpoline version markers
     - [Packaging] getabis -- handle all known package combinations
     - [Packaging] getabis -- support parsing a simple version
   * signing: only install a signed kernel (LP: #1764794)
     - [Packaging] update to Debian like control scripts
     - [Packaging] switch to triggers for postinst.d postrm.d handling
     - [Packaging] signing -- switch to raw-signing tarballs
     - [Packaging] signing -- switch to linux-image as signed when available
     - [Packaging] printenv -- add signing options
     - [Packaging] fix invocation of header postinst hooks
     - [Packaging] signing -- add support for signing Opal kernel binaries
     - [Debian] Use src_pkg_name when constructing udeb control files
     - [Debian] Dynamically determine linux udebs package name
     - [Packaging] handle both linux-lts* and linux-hwe* as backports
     - [Config] linux-source-* is in the primary linux namespace
     - [Packaging] lookup the upstream tag
     - [Packaging] zfs/spl -- enhance provides information
     - [Packaging] switch up to debhelper 9
     - [Packaging] autopkgtest -- disable d-i when dropping flavours
     - [debian] support for ship_extras_package=false
     - [Debian] do_common_tools should always be on
     - [debian] do not force do_tools_common
     - [Packaging] Add linux-tools-host package for VM host tools
     - [Packaging] signing should be conditional
     - [Packaging] skip cloud tools packaging when not building package
     - [Packaging] add acpidbg
     - [debian] prep linux-libc-dev only if do_libc_dev_package=true
     - [Packaging] Only install cloud init files when do_tools_common=true
   * Redpine: Driver crash with network-manager 1.10 and above (LP: #1813869)
     - SAUCE: Redpine: enhancement for MAC spoofing to avoid kernel crash
   * Guests using IBRS incur a large performance penalty (LP: #1764956)
     - SAUCE: Restore the IBRS host state on VMEXIT
   * Xenial update: 4.4.170 upstream stable release (LP: #1811647)
     - USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data
     - xhci: Don't prevent USB2 bus suspend in state check intended for USB3 only
     - USB: serial: option: add GosunCn ZTE WeLink ME3630
     - USB: serial: option: add HP lt4132
     - USB: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode)
     - USB: serial: option: add Fibocom NL668 series
     - USB: serial: option: add Telit LN940 series
     - mmc: core: Reset HPI enabled state during re-init and in case of errors
     - mmc: omap_hsmmc: fix DMA API warning
     - gpio: max7301: fix driver for use with CONFIG_VMAP_STACK
     - Drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels
     - x86/mtrr: Don't copy uninitialized gentry fields back to userspace
     - drm/ioctl: Fix Spectre v1 vulnerabilities
     - ip6mr: Fix potential Spectre v1 vulnerability
     - ipv4: Fix potential Spectre v1 vulnerability
     - ax25: fix a use-after-free in ax25_fillin_cb()
     - ibmveth: fix DMA unmap error in ibmveth_xmit_start error path
     - ieee802154: lowpan_header_create check must check daddr
     - ipv6: explicitly initialize udp6_addr in udp_sock_create6()
     - isdn: fix kernel-infoleak in capi_unlocked_ioctl
     - netrom: fix locking in nr_find_socket()
     - packet: validate address length
     - packet: validate address length if non-zero
     - sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event
     - vhost: make sure used idx is seen before log in vhost_add_used_n()
     - VSOCK: Send reset control packet when socket is partially bound
     - xen/netfront: tolerate frags with no data
     - gro_cell: add napi_disable in gro_cells_destroy
     - sock: Make sock->sk_stamp thread-safe
     - ALSA: rme9652: Fix potential Spectre v1 vulnerability
     - ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities
     - ALSA: pcm: Fix potential Spectre v1 vulnerability
     - ALSA: emux: Fix potential Spectre v1 vulnerabilities
     - ALSA: hda: add mute LED support for HP Elit

Source diff to previous version
1806380 linux-buildinfo: pull out ABI information into its own package
1811646 x86/kvm: Backport fixup and missing commits
1764794 signing: only install a signed kernel
1813869 Redpine: Driver crash with network-manager 1.10 and above
1764956 Guests using IBRS incur a large performance penalty
1811647 Xenial update: 4.4.170 upstream stable release
1811252 Xenial update: 4.4.169 upstream stable release
1811080 Xenial update: 4.4.168 upstream stable release
1793901 kernel oops in bcache module
1813873 Userspace break as a result of missing patch backport
1811803 Crash on \
CVE-2019-6133 In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization deci

Version: 4.4.0-142.168~14.04.1 2019-01-19 18:08:03 UTC

 linux-lts-xenial (4.4.0-142.168~14.04.1) trusty; urgency=medium
 .
   * linux-lts-xenial: 4.4.0-142.168~14.04.1 -proposed tracker (LP: #1811848)
 .
   * Xenial update: 4.4.164 upstream stable release (LP: #1810947)
     - [Config] Remove CONFIG{,_ARCH_USE}_QUEUED_SPINLOCKS
 .
   * Packaging resync (LP: #1786013)
     - [Packaging] update update.conf
 .
   [ Ubuntu: 4.4.0-142.168 ]
 .
   * linux: 4.4.0-142.168 -proposed tracker (LP: #1811846)
   * Packaging resync (LP: #1786013)
     - [Packaging] update helper scripts
   * iptables connlimit allows more connections than the limit when using
     multiple CPUs (LP: #1811094)
     - netfilter: xt_connlimit: don't store address in the conn nodes
     - SAUCE: netfilter: xt_connlimit: remove the 'addr' parameter in add_hlist()
     - netfilter: nf_conncount: expose connection list interface
     - netfilter: nf_conncount: Fix garbage collection with zones
     - netfilter: nf_conncount: fix garbage collection confirm race
     - netfilter: nf_conncount: don't skip eviction when age is negative
   * CVE-2017-5715
     - SAUCE: x86/speculation: Cleanup IBPB runtime control handling
     - SAUCE: x86/speculation: Cleanup IBRS runtime control handling
     - SAUCE: x86/speculation: Use x86_spec_ctrl_base in entry/exit code
     - SAUCE: x86/speculation: Move RSB_CTXSW hunk
   * Xenial update: 4.4.167 upstream stable release (LP: #1811077)
     - media: em28xx: Fix use-after-free when disconnecting
     - Revert "wlcore: Add missing PM call for
       wlcore_cmd_wait_for_event_or_timeout()"
     - rapidio/rionet: do not free skb before reading its length
     - s390/qeth: fix length check in SNMP processing
     - usbnet: ipheth: fix potential recvmsg bug and recvmsg bug 2
     - kvm: mmu: Fix race in emulated page table writes
     - xtensa: enable coprocessors that are being flushed
     - xtensa: fix coprocessor context offset definitions
     - Btrfs: ensure path name is null terminated at btrfs_control_ioctl
     - ALSA: wss: Fix invalid snd_free_pages() at error path
     - ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write
     - ALSA: control: Fix race between adding and removing a user element
     - ALSA: sparc: Fix invalid snd_free_pages() at error path
     - ext2: fix potential use after free
     - dmaengine: at_hdmac: fix memory leak in at_dma_xlate()
     - dmaengine: at_hdmac: fix module unloading
     - btrfs: release metadata before running delayed refs
     - USB: usb-storage: Add new IDs to ums-realtek
     - usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series
     - misc: mic/scif: fix copy-paste error in scif_create_remote_lookup
     - Kbuild: suppress packed-not-aligned warning for default setting only
     - exec: avoid gcc-8 warning for get_task_comm
     - disable stringop truncation warnings for now
     - kobject: Replace strncpy with memcpy
     - unifdef: use memcpy instead of strncpy
     - kernfs: Replace strncpy with memcpy
     - ip_tunnel: Fix name string concatenate in __ip_tunnel_create()
     - drm: gma500: fix logic error
     - scsi: bfa: convert to strlcpy/strlcat
     - staging: rts5208: fix gcc-8 logic error warning
     - kdb: use memmove instead of overlapping memcpy
     - iser: set sector for ambiguous mr status errors
     - uprobes: Fix handle_swbp() vs. unregister() + register() race once more
     - MIPS: ralink: Fix mt7620 nd_sd pinmux
     - mips: fix mips_get_syscall_arg o32 check
     - drm/ast: Fix incorrect free on ioregs
     - scsi: scsi_devinfo: cleanly zero-pad devinfo strings
     - ALSA: trident: Suppress gcc string warning
     - scsi: csiostor: Avoid content leaks and casts
     - kgdboc: Fix restrict error
     - kgdboc: Fix warning with module build
     - leds: call led_pwm_set() in leds-pwm to enforce default LED_OFF
     - leds: turn off the LED and wait for completion on unregistering LED class
       device
     - leds: leds-gpio: Fix return value check in create_gpio_led()
     - Input: xpad - quirk all PDP Xbox One gamepads
     - Input: matrix_keypad - check for errors from of_get_named_gpio()
     - Input: elan_i2c - add ELAN0620 to the ACPI table
     - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR
     - Input: elan_i2c - add support for ELAN0621 touchpad
     - btrfs: Always try all copies when reading extent buffers
     - Btrfs: fix use-after-free when dumping free space
     - ARC: change defconfig defaults to ARCv2
     - arc: [devboards] Add support of NFSv3 ACL
     - mm: cleancache: fix corruption on missed inode invalidation
     - usb: gadget: dummy: fix nonsensical comparisons
     - iommu/vt-d: Fix NULL pointer dereference in prq_event_thread()
     - iommu/ipmmu-vmsa: Fix crash on early domain free
     - can: rcar_can: Fix erroneous registration
     - batman-adv: Expand merged fragment buffer for full packet
     - bnx2x: Assign unique DMAE channel number for FW DMAE transactions.
     - qed: Fix PTT leak in qed_drain()
     - qed: Fix reading wrong value in loop condition
     - net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command
     - net/mlx4_core: Fix uninitialized variable compilation warning
     - net/mlx4: Fix UBSAN warning of signed integer overflow
     - net: faraday: ftmac100: remove netif_running(netdev) check before disabling
       interrupts
     - iommu/vt-d: Use memunmap to free memremap
     - net: amd: add missing of_node_put()
     - usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device
     - usb: appledisplay: Add 27" Apple Cinema Display
     - USB: check usb_get_extra_descriptor for proper size
     - ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c
     - ALSA: hda: Add support for AMD Stoney Ridge
     - ALSA: pcm: Fix starvation on down_write_nonblock()
     - ALSA: pcm: Call snd_pcm_unlink() conditionally at closing
     - ALSA: pcm: Fix interval evaluation with openmin/max
     - virtio/s390: avoid race on vcdev->config
     - virtio/s3

Source diff to previous version
1810947 Xenial update: 4.4.164 upstream stable release
1786013 Packaging resync
1811094 iptables connlimit allows more connections than the limit when using multiple CPUs
1811077 Xenial update: 4.4.167 upstream stable release
1809699 cpu-hotplug test in ubuntu_kernel_selftest always return 0 on Xenial
1810328 iommu - need to effectively disable iommu if \
1791758 ldisc crash on reopened tty
1810967 Xenial update: 4.4.166 upstream stable release
1810958 Xenial update: 4.4.165 upstream stable release
1810807 Xenial update: 4.4.163 upstream stable release
1807393 nvme - Polling on timeout
1802421 Xenial: data corruption when using i40e with iommu
1806818 Fix Intel I210 doesn't work when ethernet cable gets plugged
CVE-2017-5715 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an at
CVE-2018-19407 The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer
CVE-2000-1134 Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka
CVE-2007-3852 The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code.
CVE-2008-0525 PatchLink Update client for Unix, as used by Novell ZENworks Patch Management Update Agent for Linux/Unix/Mac (LUM) 6.2094 through 6.4102 and other p
CVE-2009-0416 The SSL certificate setup program (genSslCert.sh) in Standards Based Linux Instrumentation for Manageability (SBLIM) sblim-sfcb 1.3.2 allows local us
CVE-2011-4834 The GetInstalledPackages function in the configuration tool in HP Application Lifestyle Management (ALM) 11 on AIX, HP-UX, and Solaris allows local u
CVE-2015-1838 modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
CVE-2015-7442 consoleinst.sh in IBM Installation Manager before 1.7.4.4 and 1.8.x before 1.8.4 and Packaging Utility before 1.7.4.4 and 1.8.x before 1.8.4 allows l
CVE-2016-7489 Teradata Virtual Machine Community Edition v15.10's perl script /opt/teradata/gsctools/bin/t2a.pl creates files in /tmp in an insecure manner, this m

Version: 4.4.0-141.167~14.04.1 2018-12-10 19:07:24 UTC

 linux-lts-xenial (4.4.0-141.167~14.04.1) trusty; urgency=medium
 .
   * linux-lts-xenial: 4.4.0-141.167~14.04.1 -proposed tracker (LP: #1806572)
 .
   [ Ubuntu: 4.4.0-141.167 ]
 .
   * linux: 4.4.0-141.167 -proposed tracker (LP: #1806569)
   * Redpine: firmware assert upon assoc timeout (LP: #1804360)
     - SAUCE: Redpine: fix for firmware assert upon assoc timeout
   * CVE-2018-12896
     - posix-timers: Sanitize overrun handling
   * CVE-2017-5753
     - ALSA: opl3: Hardening for potential Spectre v1
     - ALSA: asihpi: Hardening for potential Spectre v1
     - ALSA: hdspm: Hardening for potential Spectre v1
     - ALSA: rme9652: Hardening for potential Spectre v1
     - ALSA: control: Hardening for potential Spectre v1
     - usbip: vhci_sysfs: fix potential Spectre v1
     - libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store()
   * CVE-2018-18710
     - cdrom: fix improper type cast, which can leat to information leak.
   * CVE-2018-18690
     - xfs: don't fail when converting shortform attr to long form during
       ATTR_REPLACE
   * CVE-2017-18174
     - pinctrl: Add devm_ apis for pinctrl_{register, unregister}
     - pinctrl: amd: Use devm_pinctrl_register() for pinctrl registration

1804360 Redpine: firmware assert upon assoc timeout
CVE-2018-12896 An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by th
CVE-2017-5753 Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker wi
CVE-2018-18710 An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by lo
CVE-2018-18690 In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the ne
CVE-2017-18174 In the Linux kernel before 4.7, the amd_gpio_remove function in drivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function, leading to a dou



About   -   Send Feedback to @ubuntu_updates