UbuntuUpdates.org

Package "linux-azure"

Name: linux-azure

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Header files related to Linux kernel version 4.10.0
  • Header files related to Linux kernel version 4.10.0
  • Header files related to Linux kernel version 4.11.0
  • Header files related to Linux kernel version 4.11.0

Latest version: 4.15.0-1022.22~16.04.1
Release: xenial (16.04)
Level: proposed
Repository: main

Links

Save this URL for the latest version of "linux-azure": https://www.ubuntuupdates.org/linux-azure



Other versions of "linux-azure" in Xenial

Repository Area Version
security main 4.15.0-1021.21~16.04.1
updates main 4.15.0-1021.21~16.04.1
PPA: Canonical Kernel Team 4.15.0-1022.22~16.04.1

Packages in group

Deleted packages are displayed in grey.

linux-azure-headers-4.10.0-1005 linux-azure-headers-4.10.0-1006 linux-azure-headers-4.11.0-1002 linux-azure-headers-4.11.0-1003 linux-azure-headers-4.11.0-1004
linux-azure-headers-4.11.0-1005 linux-azure-headers-4.11.0-1006 linux-azure-headers-4.11.0-1007 linux-azure-headers-4.11.0-1008 linux-azure-headers-4.11.0-1009
linux-azure-headers-4.11.0-1010 linux-azure-headers-4.11.0-1011 linux-azure-headers-4.11.0-1012 linux-azure-headers-4.11.0-1013 linux-azure-headers-4.11.0-1014
linux-azure-headers-4.11.0-1015 linux-azure-headers-4.11.0-1016 linux-azure-headers-4.13.0-1001 linux-azure-headers-4.13.0-1002 linux-azure-headers-4.13.0-1004
linux-azure-headers-4.13.0-1005 linux-azure-headers-4.13.0-1006 linux-azure-headers-4.13.0-1007 linux-azure-headers-4.13.0-1008 linux-azure-headers-4.13.0-1009
linux-azure-headers-4.13.0-1010 linux-azure-headers-4.13.0-1011 linux-azure-headers-4.13.0-1012 linux-azure-headers-4.13.0-1013 linux-azure-headers-4.13.0-1014
linux-azure-headers-4.13.0-1016 linux-azure-headers-4.13.0-1017 linux-azure-headers-4.13.0-1018 linux-azure-headers-4.15.0-1013 linux-azure-headers-4.15.0-1014
linux-azure-headers-4.15.0-1016 linux-azure-headers-4.15.0-1017 linux-azure-headers-4.15.0-1018 linux-azure-headers-4.15.0-1019 linux-azure-headers-4.15.0-1020
linux-azure-headers-4.15.0-1021 linux-azure-headers-4.15.0-1022

Changelog

Version: 4.15.0-1022.22~16.04.1 2018-08-17 02:33:35 UTC

  linux-azure (4.15.0-1022.22~16.04.1) xenial; urgency=medium

  * linux-azure: 4.15.0-1022.22~16.04.1 -proposed tracker (LP: #1787159)

  * linux-azure: 4.15.0-1022.22 -proposed tracker (LP: #1787155)

  * linux-azure: make sure CONFIG_MLX{4,5}_INFINIBAND stays as "y"
    (LP: #1785822)
    - [Config] azure: Ensure CONFIG_MLX5_INFINIBAND=y

  [ Ubuntu: 4.15.0-33.36 ]

  * linux: 4.15.0-33.36 -proposed tracker (LP: #1787149)
  * RTNL assertion failure on ipvlan (LP: #1776927)
    - ipvlan: drop ipv6 dependency
    - ipvlan: use per device spinlock to protect addrs list updates
    - SAUCE: fix warning from "ipvlan: drop ipv6 dependency"
  * ubuntu_bpf_jit test failed on Bionic s390x systems (LP: #1753941)
    - test_bpf: flag tests that cannot be jited on s390
  * HDMI/DP audio can't work on the laptop of Dell Latitude 5495 (LP: #1782689)
    - drm/nouveau: fix nouveau_dsm_get_client_id()'s return type
    - drm/radeon: fix radeon_atpx_get_client_id()'s return type
    - drm/amdgpu: fix amdgpu_atpx_get_client_id()'s return type
    - platform/x86: apple-gmux: fix gmux_get_client_id()'s return type
    - ALSA: hda: use PCI_BASE_CLASS_DISPLAY to replace PCI_CLASS_DISPLAY_VGA
    - vga_switcheroo: set audio client id according to bound GPU id
  * locking sockets broken due to missing AppArmor socket mediation patches
    (LP: #1780227)
    - UBUNTU SAUCE: apparmor: fix apparmor mediating locking non-fs, unix sockets
  * Update2 for ocxl driver (LP: #1781436)
    - ocxl: Fix page fault handler in case of fault on dying process
  * netns: unable to follow an interface that moves to another netns
    (LP: #1774225)
    - net: core: Expose number of link up/down transitions
    - dev: always advertise the new nsid when the netns iface changes
    - dev: advertise the new ifindex when the netns iface changes
  * [Bionic] Disk IO hangs when using BFQ as io scheduler (LP: #1780066)
    - block, bfq: fix occurrences of request finish method's old name
    - block, bfq: remove batches of confusing ifdefs
    - block, bfq: add requeue-request hook
  * HP ProBook 455 G5 needs mute-led-gpio fixup (LP: #1781763)
    - ALSA: hda: add mute led support for HP ProBook 455 G5
  * [Bionic] bug fixes to improve stability of the ThunderX2 i2c driver
    (LP: #1781476)
    - i2c: xlp9xx: Fix issue seen when updating receive length
    - i2c: xlp9xx: Make sure the transfer size is not more than
      I2C_SMBUS_BLOCK_SIZE
  * x86/kvm: fix LAPIC timer drift when guest uses periodic mode (LP: #1778486)
    - x86/kvm: fix LAPIC timer drift when guest uses periodic mode
  * Please include ax88179_178a and r8152 modules in d-i udeb (LP: #1771823)
    - [Config:] d-i: Add ax88179_178a and r8152 to nic-modules
  * Nvidia fails after switching its mode (LP: #1778658)
    - PCI: Restore config space on runtime resume despite being unbound
  * Kernel error "task zfs:pid blocked for more than 120 seconds" (LP: #1781364)
    - SAUCE: (noup) zfs to 0.7.5-1ubuntu16.3
  * CVE-2018-12232
    - PATCH 1/1] socket: close race condition between sock_close() and
      sockfs_setattr()
  * CVE-2018-10323
    - xfs: set format back to extents if xfs_bmap_extents_to_btree
  * change front mic location for more lenovo m7/8/9xx machines (LP: #1781316)
    - ALSA: hda/realtek - Fix the problem of two front mics on more machines
    - ALSA: hda/realtek - two more lenovo models need fixup of MIC_LOCATION
  * Cephfs + fscache: unable to handle kernel NULL pointer dereference at
    0000000000000000 IP: jbd2__journal_start+0x22/0x1f0 (LP: #1783246)
    - ceph: track read contexts in ceph_file_info
  * Touchpad of ThinkPad P52 failed to work with message "lost sync at byte"
    (LP: #1779802)
    - Input: elantech - fix V4 report decoding for module with middle key
    - Input: elantech - enable middle button of touchpads on ThinkPad P52
  * xhci_hcd 0000:00:14.0: Root hub is not suspended (LP: #1779823)
    - usb: xhci: dbc: Fix lockdep warning
    - usb: xhci: dbc: Don't decrement runtime PM counter if DBC is not started
  * CVE-2018-13406
    - video: uvesafb: Fix integer overflow in allocation
  * CVE-2018-10840
    - ext4: correctly handle a zero-length xattr with a non-zero e_value_offs
  * CVE-2018-11412
    - ext4: do not allow external inodes for inline data
  * CVE-2018-10881
    - ext4: clear i_data in ext4_inode_info when removing inline data
  * CVE-2018-12233
    - jfs: Fix inconsistency between memory allocation and ea_buf->max_size
  * CVE-2018-12904
    - kvm: nVMX: Enforce cpl=0 for VMX instructions
  * Error parsing PCC subspaces from PCCT (LP: #1528684)
    - mailbox: PCC: erroneous error message when parsing ACPI PCCT
  * CVE-2018-13094
    - xfs: don't call xfs_da_shrink_inode with NULL bp
  * other users' coredumps can be read via setgid directory and killpriv bypass
    (LP: #1779923) // CVE-2018-13405
    - Fix up non-directory creation in SGID directories
  * Invoking obsolete 'firmware_install' target breaks snap build (LP: #1782166)
    - snapcraft.yaml: stop invoking the obsolete (and non-existing)
      'firmware_install' target
  * snapcraft.yaml: missing ubuntu-retpoline-extract-one script breaks the build
    (LP: #1782116)
    - snapcraft.yaml: copy retpoline-extract-one to scripts before build
  * Allow Raven Ridge's audio controller to be runtime suspended (LP: #1782540)
    - ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge
  * CVE-2018-11506
    - sr: pass down correctly sized SCSI sense buffer
  * Bionic update: upstream stable patchset 2018-07-24 (LP: #1783418)
    - net: Fix a bug in removing queues from XPS map
    - net/mlx4_core: Fix error handling in mlx4_init_port_info.
    - net/sched: fix refcnt leak in the error path of tcf_vlan_init()
    - net: sched: red: avoid hashing NULL child
    - net/smc: check for missing nlattrs in SMC_PNETID messages
    - net: test tailroom before appending to linear skb
    - packet: in packet_snd start writing at link layer allocation
    - sock_diag: fix

Source diff to previous version
1785822 linux-azure: make sure CONFIG_MLX{4,5}_INFINIBAND stays as \
1776927 RTNL assertion failure on ipvlan
1753941 ubuntu_bpf_jit test failed on Bionic s390x systems
1782689 HDMI/DP audio can't work on the laptop of Dell Latitude 5495
1780227 locking sockets broken due to missing AppArmor socket mediation patches
1781436 Update2 for ocxl driver
1774225 netns: unable to follow an interface that moves to another netns
1780066 [Bionic] Disk IO hangs when using BFQ as io scheduler
1781763 HP ProBook 455 G5 needs mute-led-gpio fixup
1781476 [Bionic] bug fixes to improve stability of the ThunderX2 i2c driver
1778486 x86/kvm: fix LAPIC timer drift when guest uses periodic mode
1771823 Please include ax88179_178a and r8152 modules in d-i udeb
1778658 Nvidia fails after switching its mode
1781364 Kernel error \
1781316 change front mic location for more lenovo m7/8/9xx machines
1783246 Cephfs + fscache: unable to handle kernel NULL pointer dereference at 0000000000000000 IP: jbd2__journal_start+0x22/0x1f0
1779802 Touchpad of ThinkPad P52 failed to work with message \
1779823 xhci_hcd 0000:00:14.0: Root hub is not suspended
1528684 Error parsing PCC subspaces from PCCT
1779923 other users' coredumps can be read via setgid directory and killpriv bypass
1782166 Invoking obsolete 'firmware_install' target breaks snap build
1782116 snapcraft.yaml: missing ubuntu-retpoline-extract-one script breaks the build
1782540 Allow Raven Ridge's audio controller to be runtime suspended
1783418 Bionic update: upstream stable patchset 2018-07-24
1782846 Bionic update: upstream stable patchset 2018-07-20
1780858 Bionic update: upstream stable patchset 2018-07-09
1780499 Bionic update: upstream stable patchset 2018-07-06
1778759 Bionic update: upstream stable patchset 2018-06-26
1778265 Bionic update: upstream stable patchset 2018-06-22
1756700 Ryzen/Raven Ridge USB ports do not work
1776389 [Ubuntu 1804][boston][ixgbe] EEH causes kernel BUG at /build/linux-jWa1Fv/linux-4.15.0/drivers/pci/msi.c:352 (i2S)
1770095 Need fix to aacraid driver to prevent panic
1775391 kernel: Fix arch random implementation
1775390 kernel: Fix memory leak on CCA and EP11 CPRB processing.
1774471 Various fixes for CXL kernel module
1764645 Bluetooth not working
1776491 linux-snapdragon: wcn36xx: mac address generation on boot
1777029 fscache: Fix hanging wait on page discarded by writeback
CVE-2018-12232 In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket f
CVE-2018-10323 The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service
CVE-2018-13406 An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attacker
CVE-2018-10840 Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by
CVE-2018-11412 In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain cir
CVE-2018-10881 A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of se
CVE-2018-12233 In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twic
CVE-2018-12904 In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, pot
CVE-2018-13094 An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da
CVE-2018-13405 The inode_init_owner function in fs/inode.c in the Linux kernel through 4.17.4 allows local users to create files with an unintended group ownership,
CVE-2018-11506 The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based
CVE-2018-1108 kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Programs, early in the
CVE-2018-3620 L1 Terminal Fault-OS/SMM Foreshadow-NG
CVE-2018-3646 L1 Terminal Fault-VMM

Version: 4.15.0-1021.21~16.04.1 2018-08-14 19:06:45 UTC

  linux-azure (4.15.0-1021.21~16.04.1) xenial; urgency=medium

  [ Ubuntu: 4.15.0-32.34 ]

  * CVE-2018-5391
    - Revert "net: increase fragment memory usage limits"
  * CVE-2018-3620 // CVE-2018-3646
    - x86/Centaur: Initialize supported CPU features properly
    - x86/Centaur: Report correct CPU/cache topology
    - x86/CPU/AMD: Have smp_num_siblings and cpu_llc_id always be present
    - perf/events/amd/uncore: Fix amd_uncore_llc ID to use pre-defined cpu_llc_id
    - x86/CPU: Rename intel_cacheinfo.c to cacheinfo.c
    - x86/CPU/AMD: Calculate last level cache ID from number of sharing threads
    - x86/CPU: Modify detect_extended_topology() to return result
    - x86/CPU/AMD: Derive CPU topology from CPUID function 0xB when available
    - x86/CPU: Move cpu local function declarations to local header
    - x86/CPU: Make intel_num_cpu_cores() generic
    - x86/CPU: Move cpu_detect_cache_sizes() into init_intel_cacheinfo()
    - x86/CPU: Move x86_cpuinfo::x86_max_cores assignment to
      detect_num_cpu_cores()
    - x86/CPU/AMD: Fix LLC ID bit-shift calculation
    - x86/mm: Factor out pageattr _PAGE_GLOBAL setting
    - x86/mm: Undo double _PAGE_PSE clearing
    - x86/mm: Introduce "default" kernel PTE mask
    - x86/espfix: Document use of _PAGE_GLOBAL
    - x86/mm: Do not auto-massage page protections
    - x86/mm: Remove extra filtering in pageattr code
    - x86/mm: Comment _PAGE_GLOBAL mystery
    - x86/mm: Do not forbid _PAGE_RW before init for __ro_after_init
    - x86/ldt: Fix support_pte_mask filtering in map_ldt_struct()
    - x86/power/64: Fix page-table setup for temporary text mapping
    - x86/pti: Filter at vma->vm_page_prot population
    - x86/boot/64/clang: Use fixup_pointer() to access '__supported_pte_mask'
    - x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT
    - x86/speculation/l1tf: Change order of offset/type in swap entry
    - x86/speculation/l1tf: Protect swap entries against L1TF
    - x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation
    - x86/speculation/l1tf: Make sure the first page is always reserved
    - x86/speculation/l1tf: Add sysfs reporting for l1tf
    - x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings
    - x86/speculation/l1tf: Limit swap file size to MAX_PA/2
    - x86/bugs: Move the l1tf function and define pr_fmt properly
    - sched/smt: Update sched_smt_present at runtime
    - x86/smp: Provide topology_is_primary_thread()
    - x86/topology: Provide topology_smt_supported()
    - cpu/hotplug: Make bringup/teardown of smp threads symmetric
    - cpu/hotplug: Split do_cpu_down()
    - cpu/hotplug: Provide knobs to control SMT
    - x86/cpu: Remove the pointless CPU printout
    - x86/cpu/AMD: Remove the pointless detect_ht() call
    - x86/cpu/common: Provide detect_ht_early()
    - x86/cpu/topology: Provide detect_extended_topology_early()
    - x86/cpu/intel: Evaluate smp_num_siblings early
    - x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info
    - x86/cpu/AMD: Evaluate smp_num_siblings early
    - x86/apic: Ignore secondary threads if nosmt=force
    - x86/speculation/l1tf: Extend 64bit swap file size limit
    - x86/cpufeatures: Add detection of L1D cache flush support.
    - x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings
    - x86/speculation/l1tf: Protect PAE swap entries against L1TF
    - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE
    - Revert "x86/apic: Ignore secondary threads if nosmt=force"
    - cpu/hotplug: Boot HT siblings at least once
    - x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present
    - x86/KVM/VMX: Add module argument for L1TF mitigation
    - x86/KVM/VMX: Add L1D flush algorithm
    - x86/KVM/VMX: Add L1D MSR based flush
    - x86/KVM/VMX: Add L1D flush logic
    - x86/KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers
    - x86/KVM/VMX: Add find_msr() helper function
    - x86/KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting
    - x86/KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs
    - x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required
    - cpu/hotplug: Online siblings when SMT control is turned on
    - x86/litf: Introduce vmx status variable
    - x86/kvm: Drop L1TF MSR list approach
    - x86/l1tf: Handle EPT disabled state proper
    - x86/kvm: Move l1tf setup function
    - x86/kvm: Add static key for flush always
    - x86/kvm: Serialize L1D flush parameter setter
    - x86/kvm: Allow runtime control of L1D flush
    - cpu/hotplug: Expose SMT control init function
    - cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early
    - x86/bugs, kvm: Introduce boot-time control of L1TF mitigations
    - Documentation: Add section about CPU vulnerabilities
    - x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures
    - x86/KVM/VMX: Initialize the vmx_l1d_flush_pages' content
    - Documentation/l1tf: Fix typos
    - cpu/hotplug: detect SMT disabled by BIOS
    - x86/KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush()
    - x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond'
    - x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush()
    - x86/irq: Demote irq_cpustat_t::__softirq_pending to u16
    - x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d
    - x86: Don't include linux/irq.h from asm/hardirq.h
    - x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d
    - x86/KVM/VMX: Don't set l1tf_flush_l1d from vmx_handle_external_intr()
    - Documentation/l1tf: Remove Yonah processors from not vulnerable list
    - x86/speculation: Simplify sysfs report of VMX L1TF vulnerability
    - x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry
    - KVM: x86: Add a framework for supporting MSR-based features
    - KVM: X86: Introduce kvm_get_msr_feature()
    - KVM: VMX: support MSR_IA32_ARCH_CAPABILITIES as a feature

Source diff to previous version
CVE-2018-5391 RESERVED
CVE-2018-3620 L1 Terminal Fault-OS/SMM Foreshadow-NG
CVE-2018-3646 L1 Terminal Fault-VMM

Version: 4.15.0-1020.20~16.04.1 2018-08-07 14:06:47 UTC

  linux-azure (4.15.0-1020.20~16.04.1) xenial; urgency=medium

  * linux-azure: 4.15.0-1020.20~16.04.1 -proposed tracker (LP: #1784292)

  * linux-azure: 4.15.0-1020.20 -proposed tracker (LP: #1784288)

  [ Ubuntu: 4.15.0-31.33 ]

  * linux: 4.15.0-31.33 -proposed tracker (LP: #1784281)
  * ubuntu_bpf_jit test failed on Bionic s390x systems (LP: #1753941)
    - test_bpf: flag tests that cannot be jited on s390
  * HDMI/DP audio can't work on the laptop of Dell Latitude 5495 (LP: #1782689)
    - drm/nouveau: fix nouveau_dsm_get_client_id()'s return type
    - drm/radeon: fix radeon_atpx_get_client_id()'s return type
    - drm/amdgpu: fix amdgpu_atpx_get_client_id()'s return type
    - platform/x86: apple-gmux: fix gmux_get_client_id()'s return type
    - ALSA: hda: use PCI_BASE_CLASS_DISPLAY to replace PCI_CLASS_DISPLAY_VGA
    - vga_switcheroo: set audio client id according to bound GPU id
  * locking sockets broken due to missing AppArmor socket mediation patches
    (LP: #1780227)
    - UBUNTU SAUCE: apparmor: fix apparmor mediating locking non-fs, unix sockets
  * Update2 for ocxl driver (LP: #1781436)
    - ocxl: Fix page fault handler in case of fault on dying process
  * RTNL assertion failure on ipvlan (LP: #1776927)
    - ipvlan: drop ipv6 dependency
    - ipvlan: use per device spinlock to protect addrs list updates
  * netns: unable to follow an interface that moves to another netns
    (LP: #1774225)
    - net: core: Expose number of link up/down transitions
    - dev: always advertise the new nsid when the netns iface changes
    - dev: advertise the new ifindex when the netns iface changes
  * [Bionic] Disk IO hangs when using BFQ as io scheduler (LP: #1780066)
    - block, bfq: fix occurrences of request finish method's old name
    - block, bfq: remove batches of confusing ifdefs
    - block, bfq: add requeue-request hook
  * HP ProBook 455 G5 needs mute-led-gpio fixup (LP: #1781763)
    - ALSA: hda: add mute led support for HP ProBook 455 G5
  * [Bionic] bug fixes to improve stability of the ThunderX2 i2c driver
    (LP: #1781476)
    - i2c: xlp9xx: Fix issue seen when updating receive length
    - i2c: xlp9xx: Make sure the transfer size is not more than
      I2C_SMBUS_BLOCK_SIZE
  * x86/kvm: fix LAPIC timer drift when guest uses periodic mode (LP: #1778486)
    - x86/kvm: fix LAPIC timer drift when guest uses periodic mode
  * Please include ax88179_178a and r8152 modules in d-i udeb (LP: #1771823)
    - [Config:] d-i: Add ax88179_178a and r8152 to nic-modules
  * Nvidia fails after switching its mode (LP: #1778658)
    - PCI: Restore config space on runtime resume despite being unbound
  * Kernel error "task zfs:pid blocked for more than 120 seconds" (LP: #1781364)
    - SAUCE: (noup) zfs to 0.7.5-1ubuntu16.3
  * CVE-2018-12232
    - PATCH 1/1] socket: close race condition between sock_close() and
      sockfs_setattr()
  * CVE-2018-10323
    - xfs: set format back to extents if xfs_bmap_extents_to_btree
  * change front mic location for more lenovo m7/8/9xx machines (LP: #1781316)
    - ALSA: hda/realtek - Fix the problem of two front mics on more machines
    - ALSA: hda/realtek - two more lenovo models need fixup of MIC_LOCATION
  * Cephfs + fscache: unable to handle kernel NULL pointer dereference at
    0000000000000000 IP: jbd2__journal_start+0x22/0x1f0 (LP: #1783246)
    - ceph: track read contexts in ceph_file_info
  * Touchpad of ThinkPad P52 failed to work with message "lost sync at byte"
    (LP: #1779802)
    - Input: elantech - fix V4 report decoding for module with middle key
    - Input: elantech - enable middle button of touchpads on ThinkPad P52
  * xhci_hcd 0000:00:14.0: Root hub is not suspended (LP: #1779823)
    - usb: xhci: dbc: Fix lockdep warning
    - usb: xhci: dbc: Don't decrement runtime PM counter if DBC is not started
  * CVE-2018-13406
    - video: uvesafb: Fix integer overflow in allocation
  * CVE-2018-10840
    - ext4: correctly handle a zero-length xattr with a non-zero e_value_offs
  * CVE-2018-11412
    - ext4: do not allow external inodes for inline data
  * CVE-2018-10881
    - ext4: clear i_data in ext4_inode_info when removing inline data
  * CVE-2018-12233
    - jfs: Fix inconsistency between memory allocation and ea_buf->max_size
  * CVE-2018-12904
    - kvm: nVMX: Enforce cpl=0 for VMX instructions
  * Error parsing PCC subspaces from PCCT (LP: #1528684)
    - mailbox: PCC: erroneous error message when parsing ACPI PCCT
  * CVE-2018-13094
    - xfs: don't call xfs_da_shrink_inode with NULL bp
  * other users' coredumps can be read via setgid directory and killpriv bypass
    (LP: #1779923) // CVE-2018-13405
    - Fix up non-directory creation in SGID directories
  * Invoking obsolete 'firmware_install' target breaks snap build (LP: #1782166)
    - snapcraft.yaml: stop invoking the obsolete (and non-existing)
      'firmware_install' target
  * snapcraft.yaml: missing ubuntu-retpoline-extract-one script breaks the build
    (LP: #1782116)
    - snapcraft.yaml: copy retpoline-extract-one to scripts before build
  * Allow Raven Ridge's audio controller to be runtime suspended (LP: #1782540)
    - ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge
  * CVE-2018-11506
    - sr: pass down correctly sized SCSI sense buffer
  * Bionic update: upstream stable patchset 2018-07-24 (LP: #1783418)
    - net: Fix a bug in removing queues from XPS map
    - net/mlx4_core: Fix error handling in mlx4_init_port_info.
    - net/sched: fix refcnt leak in the error path of tcf_vlan_init()
    - net: sched: red: avoid hashing NULL child
    - net/smc: check for missing nlattrs in SMC_PNETID messages
    - net: test tailroom before appending to linear skb
    - packet: in packet_snd start writing at link layer allocation
    - sock_diag: fix use-after-free read in __sk_free
    - tcp: purge write queue in tcp_connect_init()
    - vmxnet3: set the DMA mask before the first DMA map operation
    - vmxnet3: use DMA memory barriers where requir

Source diff to previous version
1753941 ubuntu_bpf_jit test failed on Bionic s390x systems
1782689 HDMI/DP audio can't work on the laptop of Dell Latitude 5495
1780227 locking sockets broken due to missing AppArmor socket mediation patches
1781436 Update2 for ocxl driver
1776927 RTNL assertion failure on ipvlan
1774225 netns: unable to follow an interface that moves to another netns
1780066 [Bionic] Disk IO hangs when using BFQ as io scheduler
1781763 HP ProBook 455 G5 needs mute-led-gpio fixup
1781476 [Bionic] bug fixes to improve stability of the ThunderX2 i2c driver
1778486 x86/kvm: fix LAPIC timer drift when guest uses periodic mode
1771823 Please include ax88179_178a and r8152 modules in d-i udeb
1778658 Nvidia fails after switching its mode
1781364 Kernel error \
1781316 change front mic location for more lenovo m7/8/9xx machines
1783246 Cephfs + fscache: unable to handle kernel NULL pointer dereference at 0000000000000000 IP: jbd2__journal_start+0x22/0x1f0
1779802 Touchpad of ThinkPad P52 failed to work with message \
1779823 xhci_hcd 0000:00:14.0: Root hub is not suspended
1528684 Error parsing PCC subspaces from PCCT
1779923 other users' coredumps can be read via setgid directory and killpriv bypass
1782166 Invoking obsolete 'firmware_install' target breaks snap build
1782116 snapcraft.yaml: missing ubuntu-retpoline-extract-one script breaks the build
1782540 Allow Raven Ridge's audio controller to be runtime suspended
1783418 Bionic update: upstream stable patchset 2018-07-24
1782846 Bionic update: upstream stable patchset 2018-07-20
1780858 Bionic update: upstream stable patchset 2018-07-09
1780499 Bionic update: upstream stable patchset 2018-07-06
1778759 Bionic update: upstream stable patchset 2018-06-26
1778265 Bionic update: upstream stable patchset 2018-06-22
1756700 Ryzen/Raven Ridge USB ports do not work
1776389 [Ubuntu 1804][boston][ixgbe] EEH causes kernel BUG at /build/linux-jWa1Fv/linux-4.15.0/drivers/pci/msi.c:352 (i2S)
1770095 Need fix to aacraid driver to prevent panic
1775391 kernel: Fix arch random implementation
1775390 kernel: Fix memory leak on CCA and EP11 CPRB processing.
1774471 Various fixes for CXL kernel module
1764645 Bluetooth not working
1776491 linux-snapdragon: wcn36xx: mac address generation on boot
1777029 fscache: Fix hanging wait on page discarded by writeback
CVE-2018-12232 In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket f
CVE-2018-10323 The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service
CVE-2018-13406 An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attacker
CVE-2018-10840 Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by
CVE-2018-11412 In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain cir
CVE-2018-10881 A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of se
CVE-2018-12233 In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twic
CVE-2018-12904 In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, pot
CVE-2018-13094 An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da
CVE-2018-13405 The inode_init_owner function in fs/inode.c in the Linux kernel through 4.17.4 allows local users to create files with an unintended group ownership,
CVE-2018-11506 The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based
CVE-2018-1108 kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Programs, early in the

Version: 4.15.0-1019.19~16.04.1 2018-08-06 18:06:49 UTC

  linux-azure (4.15.0-1019.19~16.04.1) xenial; urgency=medium

  [ Ubuntu: 4.15.0-30.32 ]

  * CVE-2018-5390
    - tcp: free batches of packets in tcp_prune_ofo_queue()
    - tcp: avoid collapses in tcp_prune_queue() if possible
    - tcp: detect malicious patterns in tcp_collapse_ofo_queue()
    - tcp: call tcp_drop() from tcp_data_queue_ofo()
    - tcp: add tcp_ooo_try_coalesce() helper

 -- Stefan Bader <email address hidden> Thu, 26 Jul 2018 21:29:04 +0200

CVE-2018-5390 Linux Kernel TCP implementation vulnerable to Denial of Service

Version: *DELETED* 2018-07-21 00:07:17 UTC
No changelog for deleted or moved packages.



About   -   Send Feedback to @ubuntu_updates