Package "linux-kvm"

  linux-kvm (4.4.0-1060.67) xenial; urgency=medium

  * xenial/linux-kvm: 4.4.0-1060.67 -proposed tracker (LP: #1846060)

  * Xenial update: 4.4.190 upstream stable release (LP: #1845038)
    - [config] Update CONFIG_ISCSI_IBFT_FIND option name

  * ubuntu_quota_smoke_test failed with KVM kernel (LP: #1784535)
    - [Config] Enable quota module support

  [ Ubuntu: 4.4.0-166.195 ]

  * xenial/linux: 4.4.0-166.195 -proposed tracker (LP: #1846069)
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
  * CVE-2017-18232
    - scsi: libsas: direct call probe and destruct
  * CVE-2018-21008
    - rsi: add fix for crash during assertions
  * Xenial update: 4.4.194 upstream stable release (LP: #1845405)
    - bridge/mdb: remove wrong use of NLM_F_MULTI
    - cdc_ether: fix rndis support for Mediatek based smartphones
    - ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()'
    - isdn/capi: check message length in capi_write()
    - net: Fix null de-reference of device refcount
    - sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
    - sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()'
    - sctp: use transport pf_retrans in sctp_do_8_2_transport_strike
    - tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR
    - tipc: add NULL pointer check before calling kfree_rcu
    - tun: fix use-after-free when register netdev failed
    - Revert "MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur"
    - Btrfs: fix assertion failure during fsync and use of stale transaction
    - genirq: Prevent NULL pointer dereference in resend_irqs()
    - KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl
    - KVM: x86: work around leak of uninitialized stack contents
    - KVM: nVMX: handle page fault in vmread
    - MIPS: VDSO: Prevent use of smp_processor_id()
    - MIPS: VDSO: Use same -m%-float cflag as the kernel proper
    - clk: rockchip: Don't yell about bad mmc phases when getting
    - driver core: Fix use-after-free and double free on glue directory
    - crypto: talitos - check AES key size
    - crypto: talitos - check data blocksize in ablkcipher.
    - x86/build: Add -Wnoaddress-of-packed-member to REALMODE_CFLAGS, to silence
      GCC9 build warning
    - MIPS: netlogic: xlr: Remove erroneous check in nlm_fmn_send()
    - ARC: configs: Remove CONFIG_INITRAMFS_SOURCE from defconfigs
    - USB: usbcore: Fix slab-out-of-bounds bug during device reset
    - media: tm6000: double free if usb disconnect while streaming
    - x86/boot: Add missing bootparam that breaks boot on some platforms
    - xen-netfront: do not assume sk_buff_head list is empty in error handling
    - serial: sprd: correct the wrong sequence of arguments
    - tty/serial: atmel: reschedule TX after RX was started
    - mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings
    - s390/bpf: fix lcgr instruction encoding
    - ARM: OMAP2+: Fix omap4 errata warning on other SoCs
    - s390/bpf: use 32-bit index for tail calls
    - NFSv4: Fix return values for nfs4_file_open()
    - NFS: Fix initialisation of I/O result struct in nfs_pgio_rpcsetup
    - Kconfig: Fix the reference to the IDT77105 Phy driver in the description of
      ATM_NICSTAR_USE_IDT77105
    - ARM: 8874/1: mm: only adjust sections of valid mm structures
    - r8152: Set memory to all 0xFFs on failed reg reads
    - x86/apic: Fix arch_dynirq_lower_bound() bug for DT enabled machines
    - netfilter: nf_conntrack_ftp: Fix debug output
    - NFSv2: Fix eof handling
    - NFSv2: Fix write regression
    - cifs: set domainName when a domain-key is used in multiuser
    - cifs: Use kzfree() to zero out the password
    - sky2: Disable MSI on yet another ASUS boards (P6Xxxx)
    - tools/power turbostat: fix buffer overrun
    - net: seeq: Fix the function used to release some memory in an error handling
      path
    - dmaengine: ti: omap-dma: Add cleanup in omap_dma_probe()
    - keys: Fix missing null pointer check in request_key_auth_describe()
    - floppy: fix usercopy direction
    - media: technisat-usb2: break out of loop at end of buffer
    - ARC: export "abort" for modules
    - net_sched: let qdisc_put() accept NULL pointer
    - Linux 4.4.194
  * CVE-2019-14821
    - KVM: coalesced_mmio: add bounds checking
  * Xenial update: 4.4.193 upstream stable release (LP: #1845395)
    - ALSA: hda - Fix potential endless loop at applying quirks
    - ALSA: hda/realtek - Fix overridden device-specific initialization
    - xfrm: clean up xfrm protocol checks
    - vhost/test: fix build for vhost test
    - scripts/decode_stacktrace: match basepath using shell prefix operator, not
      regex
    - clk: s2mps11: Add used attribute to s2mps11_dt_match
    - x86, boot: Remove multiple copy of static function sanitize_boot_params()
    - af_packet: tone down the Tx-ring unsupported spew.
    - Linux 4.4.193
  * Xenial update: 4.4.192 upstream stable release (LP: #1845374)
    - net: tundra: tsi108: use spin_lock_irqsave instead of spin_lock_irq in IRQ
      context
    - net: tc35815: Explicitly check NET_IP_ALIGN is not zero in tc35815_rx
    - Bluetooth: btqca: Add a short delay before downloading the NVM
    - ibmveth: Convert multicast list size for little-endian system
    - gpio: Fix build error of function redefinition
    - cxgb4: fix a memory leak bug
    - net: myri10ge: fix memory leaks
    - cx82310_eth: fix a memory leak bug
    - net: kalmia: fix memory leaks
    - wimax/i2400m: fix a memory leak bug
    - ravb: Fix use-after-free ravb_tstamp_skb
    - Tools: hv: kvp: eliminate 'may be used uninitialized' warning
    - IB/mlx4: Fix memory leaks
    - ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr()
    - KVM: arm/arm64: Only skip MMIO insn once
    - libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer
    - spi: bcm2835aux: ensure interrupts are enabled for shared handler
    - spi: bcm2835aux: unifying code between

  linux-kvm (4.4.0-1059.66) xenial; urgency=medium

  * xenial/linux-kvm: 4.4.0-1059.66 -proposed tracker (LP: #1844407)

  [ Ubuntu: 4.4.0-165.193 ]

  * xenial/linux: 4.4.0-165.193 -proposed tracker (LP: #1844416)
  * Xenial update: 4.4.187 upstream stable release (LP: #1840081)
    - MIPS: ath79: fix ar933x uart parity mode
    - MIPS: fix build on non-linux hosts
    - dmaengine: imx-sdma: fix use-after-free on probe error path
    - ath10k: Do not send probe response template for mesh
    - ath9k: Check for errors when reading SREV register
    - ath6kl: add some bounds checking
    - ath: DFS JP domain W56 fixed pulse type 3 RADAR detection
    - batman-adv: fix for leaked TVLV handler.
    - media: dvb: usb: fix use after free in dvb_usb_device_exit
    - crypto: talitos - fix skcipher failure due to wrong output IV
    - media: marvell-ccic: fix DMA s/g desc number calculation
    - media: vpss: fix a potential NULL pointer dereference
    - net: stmmac: dwmac1000: Clear unused address entries
    - signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig
    - af_key: fix leaks in key_pol_get_resp and dump_sp.
    - xfrm: Fix xfrm sel prefix length validation
    - media: staging: media: davinci_vpfe: - Fix for memory leak if decoder
      initialization fails.
    - net: phy: Check against net_device being NULL
    - tua6100: Avoid build warnings.
    - locking/lockdep: Fix merging of hlocks with non-zero references
    - media: wl128x: Fix some error handling in fm_v4l2_init_video_device()
    - cpupower : frequency-set -r option misses the last cpu in related cpu list
    - net: fec: Do not use netdev messages too early
    - net: axienet: Fix race condition causing TX hang
    - s390/qdio: handle PENDING state for QEBSM devices
    - perf test 6: Fix missing kvm module load for s390
    - gpio: omap: fix lack of irqstatus_raw0 for OMAP4
    - gpio: omap: ensure irq is enabled before wakeup
    - regmap: fix bulk writes on paged registers
    - bpf: silence warning messages in core
    - rcu: Force inlining of rcu_read_lock()
    - xfrm: fix sa selector validation
    - perf evsel: Make perf_evsel__name() accept a NULL argument
    - vhost_net: disable zerocopy by default
    - EDAC/sysfs: Fix memory leak when creating a csrow object
    - media: i2c: fix warning same module names
    - ntp: Limit TAI-UTC offset
    - timer_list: Guard procfs specific code
    - acpi/arm64: ignore 5.1 FADTs that are reported as 5.0
    - media: coda: fix mpeg2 sequence number handling
    - media: coda: increment sequence offset for the last returned frame
    - mt7601u: do not schedule rx_tasklet when the device has been disconnected
    - x86/build: Add 'set -e' to mkcapflags.sh to delete broken capflags.c
    - mt7601u: fix possible memory leak when the device is disconnected
    - ath10k: fix PCIE device wake up failed
    - rslib: Fix decoding of shortened codes
    - rslib: Fix handling of of caller provided syndrome
    - ixgbe: Check DDM existence in transceiver before access
    - EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec
    - bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush()
    - Bluetooth: hci_bcsp: Fix memory leak in rx_skb
    - Bluetooth: 6lowpan: search for destination address in all peers
    - Bluetooth: Check state in l2cap_disconnect_rsp
    - Bluetooth: validate BLE connection interval updates
    - crypto: ghash - fix unaligned memory access in ghash_setkey()
    - crypto: arm64/sha1-ce - correct digest for empty data in finup
    - crypto: arm64/sha2-ce - correct digest for empty data in finup
    - Input: gtco - bounds check collection indent level
    - regulator: s2mps11: Fix buck7 and buck8 wrong voltages
    - tracing/snapshot: Resize spare buffer if size changed
    - NFSv4: Handle the special Linux file open access mode
    - lib/scatterlist: Fix mapping iterator when sg->offset is greater than
      PAGE_SIZE
    - ALSA: seq: Break too long mutex context in the write loop
    - media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom()
    - media: coda: Remove unbalanced and unneeded mutex unlock
    - KVM: x86/vPMU: refine kvm_pmu err msg when event creation failed
    - drm/nouveau/i2c: Enable i2c pads & busses during preinit
    - padata: use smp_mb in padata_reorder to avoid orphaned padata jobs
    - 9p/virtio: Add cleanup path in p9_virtio_init
    - PCI: Do not poll for PME if the device is in D3cold
    - take floppy compat ioctls to sodding floppy.c
    - floppy: fix out-of-bounds read in next_valid_format
    - floppy: fix invalid pointer dereference in drive_name
    - coda: pass the host file in vma->vm_file on mmap
    - gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM
    - parisc: Fix kernel panic due invalid values in IAOQ0 or IAOQ1
    - powerpc/32s: fix suspend/resume when IBATs 4-7 are used
    - powerpc/watchpoint: Restore NV GPRs while returning from exception
    - eCryptfs: fix a couple type promotion bugs
    - intel_th: msu: Fix single mode with disabled IOMMU
    - Bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug
    - usb: Handle USB3 remote wakeup for LPM enabled devices correctly
    - dm bufio: fix deadlock with loop device
    - bnx2x: Prevent load reordering in tx completion processing
    - caif-hsi: fix possible deadlock in cfhsi_exit_module()
    - ipv4: don't set IPv6 only flags to IPv4 addresses
    - net: bcmgenet: use promisc for unsupported filters
    - net: neigh: fix multiple neigh timer scheduling
    - nfc: fix potential illegal memory access
    - sky2: Disable MSI on ASUS P6T
    - netrom: fix a memory leak in nr_rx_frame()
    - netrom: hold sock when setting skb->destructor
    - tcp: Reset bytes_acked and bytes_received when disconnecting
    - bonding: validate ip header before check IPPROTO_IGMP
    - net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling
    - net: bridge: mcast:

  linux-kvm (4.4.0-1058.65) xenial; urgency=medium

  [ Ubuntu: 4.4.0-164.192 ]

  * CVE-2019-14835
    - SAUCE: vhost: make sure log_num < in_num

 -- Kleber Sacilotto de Souza <email address hidden> Mon, 16 Sep 2019 13:44:21 +0200