Package "linux"

Name: linux


This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Linux kernel version specific cloud tools for version 3.13.0
  • Linux kernel specific documentation for version 3.13.0
  • Header files related to Linux kernel version 3.13.0
  • Linux kernel headers for version 3.13.0 on 32 bit x86 SMP

Latest version: 3.13.0-143.192
Release: trusty (14.04)
Level: updates
Repository: main


Save this URL for the latest version of "linux": https://www.ubuntuupdates.org/linux

Other versions of "linux" in Trusty

Repository Area Version
base main 3.13.0-24.46
security main 3.13.0-143.192
proposed main 3.13.0-144.193
PPA: Canonical Kernel Team 3.13.0-144.193

Packages in group

Deleted packages are displayed in grey.

linux-cloud-tools-common linux-doc linux-headers-3.13.0-128 linux-headers-3.13.0-128-generic linux-headers-3.13.0-128-lowlatency
linux-headers-3.13.0-129 linux-headers-3.13.0-129-generic linux-headers-3.13.0-129-lowlatency linux-headers-3.13.0-132 linux-headers-3.13.0-132-generic
linux-headers-3.13.0-132-lowlatency linux-headers-3.13.0-133 linux-headers-3.13.0-133-generic linux-headers-3.13.0-133-lowlatency linux-headers-3.13.0-135
linux-headers-3.13.0-135-generic linux-headers-3.13.0-135-lowlatency linux-headers-3.13.0-137 linux-headers-3.13.0-137-generic linux-headers-3.13.0-137-lowlatency
linux-headers-3.13.0-139 linux-headers-3.13.0-139-generic linux-headers-3.13.0-139-lowlatency linux-headers-3.13.0-141 linux-headers-3.13.0-141-generic
linux-headers-3.13.0-141-lowlatency linux-headers-3.13.0-142 linux-headers-3.13.0-142-generic linux-headers-3.13.0-142-lowlatency linux-headers-3.13.0-143
linux-headers-3.13.0-143-generic linux-headers-3.13.0-143-lowlatency linux-image-3.13.0-126-generic linux-image-3.13.0-126-lowlatency linux-image-3.13.0-128-generic
linux-image-3.13.0-128-lowlatency linux-image-3.13.0-129-generic linux-image-3.13.0-129-lowlatency linux-image-3.13.0-132-generic linux-image-3.13.0-132-lowlatency
linux-image-3.13.0-133-generic linux-image-3.13.0-133-lowlatency linux-image-3.13.0-135-generic linux-image-3.13.0-135-lowlatency linux-image-3.13.0-137-generic
linux-image-3.13.0-137-lowlatency linux-image-3.13.0-139-generic linux-image-3.13.0-139-lowlatency linux-image-3.13.0-141-generic linux-image-3.13.0-141-lowlatency
linux-image-3.13.0-142-generic linux-image-3.13.0-142-lowlatency linux-image-3.13.0-143-generic linux-image-3.13.0-143-lowlatency linux-image-extra-3.13.0-126-generic
linux-image-extra-3.13.0-128-generic linux-image-extra-3.13.0-129-generic linux-image-extra-3.13.0-132-generic linux-image-extra-3.13.0-133-generic linux-image-extra-3.13.0-135-generic
linux-image-extra-3.13.0-137-generic linux-image-extra-3.13.0-139-generic linux-image-extra-3.13.0-141-generic linux-image-extra-3.13.0-142-generic linux-image-extra-3.13.0-143-generic
linux-libc-dev linux-source-3.13.0 linux-tools-3.13.0-126 linux-tools-3.13.0-126-generic linux-tools-3.13.0-126-lowlatency
linux-tools-3.13.0-128 linux-tools-3.13.0-128-generic linux-tools-3.13.0-128-lowlatency linux-tools-3.13.0-129 linux-tools-3.13.0-129-generic
linux-tools-3.13.0-129-lowlatency linux-tools-3.13.0-132 linux-tools-3.13.0-132-generic linux-tools-3.13.0-132-lowlatency linux-tools-3.13.0-133
linux-tools-3.13.0-133-generic linux-tools-3.13.0-133-lowlatency linux-tools-3.13.0-135 linux-tools-3.13.0-135-generic linux-tools-3.13.0-135-lowlatency
linux-tools-3.13.0-137 linux-tools-3.13.0-137-generic linux-tools-3.13.0-137-lowlatency linux-tools-3.13.0-139 linux-tools-3.13.0-139-generic
linux-tools-3.13.0-139-lowlatency linux-tools-3.13.0-141 linux-tools-3.13.0-141-generic linux-tools-3.13.0-141-lowlatency linux-tools-3.13.0-142
linux-tools-3.13.0-142-generic linux-tools-3.13.0-142-lowlatency linux-tools-3.13.0-143 linux-tools-3.13.0-143-generic linux-tools-3.13.0-143-lowlatency


Version: 3.13.0-143.192 2018-03-08 15:06:51 UTC

  linux (3.13.0-143.192) trusty; urgency=medium

  * linux: 3.13.0-143.192 -proposed tracker (LP: #1751838)

  * CVE-2017-5715 (Spectre v2 retpoline)
    - x86/alternatives: Fix ALTERNATIVE_2 padding generation properly
    - x86/alternatives: Fix alt_max_short macro to really be a max()
    - x86/alternatives: Guard NOPs optimization
    - x86/alternatives: Switch AMD F15h and later to the P6 NOPs
    - x86/alternatives: Make optimize_nops() interrupt safe and synced
    - x86/alternatives: Fix optimize_nops() checking
    - x86/cpuid: Provide get_scattered_cpuid_leaf()
    - x86/cpu: Factor out application of forced CPU caps
    - x86/cpufeatures: Make CPU bugs sticky
    - x86/cpufeatures: Add X86_BUG_CPU_INSECURE
    - x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN
    - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]
    - x86/cpu, x86/pti: Do not enable PTI on AMD processors
    - x86/cpu: Merge bugs.c and bugs_64.c
    - sysfs/cpu: Add vulnerability folder
    - x86/cpu: Implement CPU vulnerabilites sysfs functions
    - x86/alternatives: Add missing '\n' at end of ALTERNATIVE inline asm
    - x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier
    - x86/asm: Use register variable to get stack pointer value
    - x86/kbuild: enable modversions for symbols exported from asm
    - x86/asm: Make asm/alternative.h safe from assembly
    - EXPORT_SYMBOL() for asm
    - kconfig.h: use __is_defined() to check if MODULE is defined
    - x86/retpoline: Add initial retpoline support
    - x86/spectre: Add boot time option to select Spectre v2 mitigation
    - x86/retpoline/crypto: Convert crypto assembler indirect jumps
    - x86/retpoline/entry: Convert entry assembler indirect jumps
    - x86/retpoline/ftrace: Convert ftrace assembler indirect jumps
    - x86/retpoline/hyperv: Convert assembler indirect jumps
    - x86/retpoline/xen: Convert Xen hypercall indirect jumps
    - x86/retpoline/checksum32: Convert assembler indirect jumps
    - x86/retpoline/irq32: Convert assembler indirect jumps
    - x86/retpoline: Fill return stack buffer on vmexit
    - x86/retpoline: Remove compile time warning
    - x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros
    - module: Add retpoline tag to VERMAGIC
    - x86/mce: Make machine check speculation protected
    - retpoline: Introduce start/end markers of indirect thunk
    - kprobes/x86: Disable optimizing on the function jumps to indirect thunk
    - x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
    - [Config] CONFIG_RETPOLINE=y
    - [Packaging] retpoline -- add call site validation
    - [Packaging] retpoline files must be sorted
    - [Config] disable retpoline for the first upload
    - [Config] updateconfigs - enable CONFIG_GENERIC_CPU_VULNERABILITIES

  * retpoline abi files are empty on i386 (LP: #1751021)
    - [Packaging] retpoline-extract -- instantiate retpoline files for i386
    - [Packaging] final-checks -- sanity checking ABI contents
    - [Packaging] final-checks -- check for empty retpoline files

  * CVE-2017-5715 (Spectre v2 Intel)
    - x86, microcode: Share native MSR accessing variants
    - kvm: vmx: Scrub hardware GPRs at VM-exit
    - SAUCE: x86/feature: Enable the x86 feature to control Speculation
    - SAUCE: x86/feature: Report presence of IBPB and IBRS control
    - SAUCE: x86/enter: MACROS to set/clear IBRS and set IBPB
    - SAUCE: x86/enter: Use IBRS on syscall and interrupts
    - SAUCE: x86/idle: Disable IBRS entering idle and enable it on wakeup
    - SAUCE: x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
    - SAUCE: x86/mm: Set IBPB upon context switch
    - SAUCE: x86/mm: Only set IBPB when the new thread cannot ptrace current
    - SAUCE: x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
    - SAUCE: x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
    - SAUCE: x86/kvm: Set IBPB when switching VM
    - SAUCE: x86/kvm: Toggle IBRS on VM entry and exit
    - SAUCE: x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
    - SAUCE: x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
    - SAUCE: x86/cpu/AMD: Add speculative control support for AMD
    - SAUCE: x86/microcode: Extend post microcode reload to support IBPB feature
    - SAUCE: KVM: SVM: Do not intercept new speculative control MSRs
    - SAUCE: x86/svm: Set IBRS value on VM entry and exit
    - SAUCE: x86/svm: Set IBPB when running a different VCPU
    - SAUCE: KVM: x86: Add speculative control CPUID support for guests
    - SAUCE: x86/entry: Fixup 32bit compat call locations
    - SAUCE: KVM: Fix spec_ctrl CPUID support for guests
    - SAUCE: x86/cpuid: Fix ordering of scattered feature list
    - SAUCE: turn off IBRS when full retpoline is present

  * CVE-2017-5753 (Spectre v1 Intel)
    - x86: Add another set of MSR accessor functions
    - x86/cpu/AMD: Make the LFENCE instruction serialized
    - SAUCE: x86/cpu/AMD: switch to lfence rather than mfence
    - locking/barriers: introduce new observable speculation barrier
    - bpf: prevent speculative execution in eBPF interpreter
    - uvcvideo: prevent speculative execution
    - carl9170: prevent speculative execution
    - qla2xxx: prevent speculative execution
    - fs: prevent speculative execution
    - udf: prevent speculative execution
    - userns: prevent speculative execution
    - SAUCE: claim mitigation via observable speculation barrier
    - powerpc: add osb barrier
    - s390/spinlock: add osb memory barrier
    - arm64: no osb() implementation yet
    - arm: no osb() implementation yet

  * CVE-2017-5715 (revert embargoed) // CVE-2017-5753 (revert embargoed)
    - Revert "UBUNTU: SAUCE: x86/cpuid: Fix ordering of scattered feature list"
    - Revert "UBUNTU: SAUCE: KVM: Fix spec_ctrl CPUID support for guests"
    - Revert "UBUNTU: SAUCE: x86/entry: Fixup 32bit compat call locations"
    - Revert "UBUNTU: SAUCE: powerpc: no gmb() implementation yet

Source diff to previous version
1751021 retpoline abi files are empty on i386
1750786 stress-ng enosys stressor triggers a kernel BUG
CVE-2017-5715 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an at
CVE-2017-5753 Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker wi

Version: 3.13.0-142.191 2018-02-22 16:08:51 UTC

  linux (3.13.0-142.191) trusty; urgency=medium

  * linux: 3.13.0-142.191 -proposed tracker (LP: #1746900)

  * CVE-2017-17806
    - crypto: hmac - require that the underlying hash algorithm is unkeyed

  * CVE-2017-18017
    - netfilter: xt_TCPMSS: add more sanity tests on tcph->doff

  * CVE-2017-17450
    - netfilter: xt_osf: Add missing permission checks

  * CVE-2018-5344
    - loop: fix concurrent lo_open/lo_release

  * CVE-2017-5715 (Spectre v2 embargoed) // CVE-2017-5753 (Spectre v1 embargoed)
    - x86/asm/msr: Make wrmsrl_safe() a function

  * CVE-2017-1000407
    - KVM: VMX: remove I/O port 0x80 bypass on Intel hosts

  * CVE-2017-0861
    - ALSA: pcm: prevent UAF in snd_pcm_info

  * CVE-2017-14051
    - scsi: qla2xxx: Fix an integer overflow in sysfs code

  * CVE-2017-15868
    - Bluetooth: bnep: bnep_add_connection() should verify that it's dealing with
      l2cap socket

  * CVE-2018-5333
    - RDS: null pointer dereference in rds_atomic_free_op

  * powerpc: flush L1D on return to use (LP: #1742772) // CVE-2017-5754
    - SAUCE: powerpc: Prevent Meltdown attack with L1-D$ flush
    - SAUCE: powerpc: Remove dead code in sycall entry
    - SAUCE: rfi-flush: Add barriers to the fallback L1D flushing
    - SAUCE: rfi-flush: Fallback flush add load dependency
    - SAUCE: rfi-flush: Fix the 32-bit KVM build
    - SAUCE: rfi-flush: Fix some RFI conversions in the KVM code
    - SAUCE: rfi-flush: Make the fallback robust against memory corruption
    - SAUCE: powerpc/kernel: Does not use sync
    - SAUCE: rfi-flush: Factor out init_fallback_flush()
    - SAUCE: rfi-flush: Make setup_rfi_flush() not __init
    - SAUCE: rfi-flush: Move the logic to avoid a redo into the sysfs code
    - SAUCE: rfi-flush: Make it possible to call setup_rfi_flush() again
    - SAUCE: rfi-flush: Call setup_rfi_flush() after LPM migration
    - SAUCE: rfi-flush: Fix fallback on distros using bootmem
    - SAUCE: rfi-flush: fix package build error (unused variable limit)
    - SAUCE: rfi-flush: Fix kernel package build using bootmem
    - SAUCE: rfi-flush: Move rfi_flush_fallback_area to end of paca
    - SAUCE: rfi-flush: Fix rename of pseries_setup_rfi_flush()
    - SAUCE: rfi-flush: Mark DEBUG_RFI as BROKEN
    - SAUCE: rfi-flush: Switch to new linear fallback flush
    - SAUCE: powerpc/kernel: Remove unused variable
    - SAUCE: powerpc/kernel: Fix typo on variable
    - SAUCE: powerpc/kernel: Fix instructions usage
    - SAUCE: powerpc/kernel: Define PACA_L1D_FLUSH_SIZE
    - SAUCE: rfi-flush: Fix for kernel crash.

  * upload urgency should be medium by default (LP: #1745338)
    - [Packaging] update urgency to medium by default

  * CVE-2017-12190
    - fix unbalanced page refcounting in bio_map_user_iov
    - more bio_map_user_iov() leak fixes

  * CVE-2017-15274
    - KEYS: fix dereferencing NULL payload with nonzero length

  * CVE-2017-14140
    - Sanitize 'move_pages()' permission checks

  * CVE-2017-15115
    - sctp: do not peel off an assoc from one netns to another one

  * CVE-2017-14489
    - scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't parse
      nlmsg properly

  * CVE-2017-12153
    - nl80211: check for the required netlink attributes presence

  * CVE-2017-16525
    - USB: serial: console: fix use-after-free after failed setup
    - USB: serial: console: fix use-after-free on disconnect

  * CVE-2017-7542
    - ipv6: avoid overflow of offset in ip6_find_1stfragopt
    - ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt()

  * CVE-2017-15102
    - usb: misc: legousbtower: Fix NULL pointer deference

  * CVE-2017-12192
    - KEYS: prevent KEYCTL_READ on negative key

  * CVE-2017-14156
    - video: fbdev: aty: do not leak uninitialized padding in clk to userspace

  * CVE-2017-5669
    - ipc/shm: Fix shmat mmap nil-page protection

  * CVE-2017-0750
    - f2fs: do more integrity verification for superblock

  * CVE-2017-7889
    - mm: Tighten x86 /dev/mem with zeroing reads

  * CVE-2017-8824
    - dccp: CVE-2017-8824: use-after-free in DCCP code

 -- Stefan Bader <email address hidden> Fri, 02 Feb 2018 13:01:39 +0100

Source diff to previous version
1742772 powerpc: flush L1D on return to use
1745338 upload urgency should be medium by default
CVE-2017-17806 The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkey
CVE-2017-18017 The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to c
CVE-2017-17450 net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operatio
CVE-2018-5344 In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (_
CVE-2017-5715 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an at
CVE-2017-5753 Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker wi

Version: 3.13.0-141.190 2018-01-22 21:07:05 UTC

  linux (3.13.0-141.190) trusty; urgency=low

  * linux: 3.13.0-141.190 -proposed tracker (LP: #1744308)

  * ubuntu_32_on_64 test crash Trusty 3.13.0-140 amd64 system (LP: #1744199) //
    test_too_early_vsyscall from ubuntu_qrt_kernel_panic crashes Trusty
    3.13.0-140 amd64 system (LP: #1744226) // CVE-2017-5715 // CVE-2017-5753
    - SAUCE: x86/entry: Fixup 32bit compat call locations

  * CVE-2017-5715 // CVE-2017-5753
    - SAUCE: x86/cpuid: Fix ordering of scattered feature list
    - SAUCE: KVM: Fix spec_ctrl CPUID support for guests

  * CVE-2017-5754
    - kaiser: Set _PAGE_NX only if supported
    - kaiser: Set _PAGE_NX only if supported

Source diff to previous version
1744199 ubuntu_32_on_64 test crash Trusty 3.13.0-140 amd64 system
1744226 test_too_early_vsyscall from ubuntu_qrt_kernel_panic crashes Trusty 3.13.0-140 amd64 system
CVE-2017-5715 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an at
CVE-2017-5753 Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker wi
CVE-2017-5754 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an at

Version: 3.13.0-139.188 2018-01-10 01:07:00 UTC

  linux (3.13.0-139.188) trusty; urgency=low

  * linux: 3.13.0-139.188 -proposed tracker (LP: #1741609)

  * CVE-2017-5754
    - perf/x86: Correctly use FEATURE_PDCM
    - arch: Introduce smp_load_acquire(), smp_store_release()
    - mm, x86: Account for TLB flushes only when debugging
    - x86/mm: Clean up inconsistencies when flushing TLB ranges
    - x86/mm: Eliminate redundant page table walk during TLB range flushing
    - mm, x86: Revisit tlb_flushall_shift tuning for page flushes except on
    - x86/mm: Clean up the TLB flushing code
    - x86/mm: Rip out complicated, out-of-date, buggy TLB flushing
    - x86/mm: Fix missed global TLB flush stat
    - x86/mm: New tunable for single vs full TLB flush
    - x86/mm: Set TLB flush tunable to sane value (33)
    - x86/mm: Fix sparse 'tlb_single_page_flush_ceiling' warning and make the
      variable read-mostly
    - rcu: Provide counterpart to rcu_dereference() for non-RCU situations
    - rcu: Move lockless_dereference() out of rcupdate.h
    - x86/ldt: Make modify_ldt synchronous
    - x86/ldt: Correct LDT access in single stepping logic
    - x86/ldt: Correct FPU emulation access to LDT
    - x86/ldt: Further fix FPU emulation
    - x86/mm: Disable preemption during CR3 read+write
    - x86: Clean up cr4 manipulation
    - x86/mm: Add INVPCID helpers
    - x86/mm: Fix INVPCID asm constraint
    - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID
    - x86/mm: If INVPCID is available, use it to flush global mappings
    - mm/mmu_context, sched/core: Fix mmu_context.h assumption
    - sched/core: Add switch_mm_irqs_off() and use it in the scheduler
    - x86/mm: Build arch/x86/mm/tlb.c even on !SMP
    - x86/mm, sched/core: Uninline switch_mm()
    - x86/mm, sched/core: Turn off IRQs in switch_mm()
    - sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off()
    - x86/irq: Do not substract irq_tlb_count from irq_call_count
    - x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly()
    - x86/mm: Remove flush_tlb() and flush_tlb_current_task()
    - x86/mm: Make flush_tlb_mm_range() more predictable
    - x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range()
    - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP
    - x86/mm: Disable PCID on 32-bit kernels
    - x86/mm: Add the 'nopcid' boot option to turn off PCID
    - x86/mm: Enable CR4.PCIDE on supported systems
    - x86/mm/64: Fix reboot interaction with CR4.PCIDE
    - KAISER: Kernel Address Isolation
    - x86/mm/kaiser: re-enable vsyscalls
    - kaiser: user_map __kprobes_text too
    - kaiser: alloc_ldt_struct() use get_zeroed_page()
    - x86/alternatives: Cleanup DPRINTK macro
    - x86/alternatives: Add instruction padding
    - x86/alternatives: Make JMPs more robust
    - x86/alternatives: Use optimized NOPs for padding
    - kaiser: add "nokaiser" boot option, using ALTERNATIVE
    - x86, boot: Carve out early cmdline parsing function
    - x86/boot: Fix early command-line parsing when matching at end
    - x86/boot: Fix early command-line parsing when partial word matches
    - x86/boot: Simplify early command line parsing
    - x86/boot: Pass in size to early cmdline parsing
    - x86/boot: Add early cmdline parsing for options with arguments
    - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling
    - x86/kaiser: Check boottime cmdline params
    - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush
    - kaiser: asm/tlbflush.h handle noPGE at lower level
    - kaiser: kaiser_flush_tlb_on_return_to_user() check PCID
    - x86/paravirt: Dont patch flush_tlb_single
    - x86/kaiser: Reenable PARAVIRT
    - kaiser: disabled on Xen PV
    - x86/kaiser: Move feature detection up
    - KPTI: Report when enabled
    - kvmclock: export kvmclock clocksource and data pointers
    - x86/mm/kaiser: remove paravirt clock warning
    - kaiser: x86: Fix NMI handling
    - [Config] updateconfigs - enable PAGE_TABLE_ISOLATION

 -- Kleber Sacilotto de Souza <email address hidden> Tue, 09 Jan 2018 15:11:34 +0100

Source diff to previous version
CVE-2017-5754 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an at

Version: 3.13.0-137.186 2017-12-07 20:06:49 UTC

  linux (3.13.0-137.186) trusty; urgency=low

  * linux: 3.13.0-137.186 -proposed tracker (LP: #1736194)

  * CVE-2017-1000405
    - mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d()

  * CVE-2017-16939
    - netlink: add a start callback for starting a netlink dump
    - ipsec: Fix aborted xfrm policy dump crash

About   -   Send Feedback to @ubuntu_updates