Xenial update to 4.4.126 stable release
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Xenial |
Fix Released
|
Medium
|
Unassigned |
Bug Description
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree
or a minimally backported form of that patch. The 4.4.126 upstream
stable stable patch set is now available. It should be included
in the Ubuntu kernel as well.
git:
TEST CASE: TBD
The following patches from the 4.4.126 stable release shall be
applied:
* Linux 4.4.126
* net: systemport: Rewrite __bcm_sysport_
* net: fec: Fix unbalanced PM runtime calls
* ieee802154: 6lowpan: fix possible NULL deref in lowpan_
* s390/qeth: on channel error, reject further cmd requests
* s390/qeth: lock read device while queueing next buffer
* s390/qeth: when thread completes, wake up all waiters
* s390/qeth: free netdevice when removing a card
* team: Fix double free in error path
* skbuff: Fix not waking applications when errors are enqueued
* net: Only honor ifindex in IP_PKTINFO if non-0
* netlink: avoid a double skb free in genlmsg_mcast()
* net/iucv: Free memory obtained by kzalloc
* net: ethernet: ti: cpsw: add check for in-band mode setting with RGMII PHY interface
* net: ethernet: arc: Fix a potential memory leak if an optional regulator is deferred
* l2tp: do not accept arbitrary sockets
* ipv6: fix access to non-linear packet in ndisc_fill_
* dccp: check sk for closed state in dccp_sendmsg()
* net: Fix hlist corruptions in inet_evict_bucket()
* Revert "genirq: Use irqd_get_
* scsi: sg: don't return bogus Sg_requests
CVE References
Changed in linux (Ubuntu): | |
status: | New → Invalid |
description: | updated |
Changed in linux (Ubuntu Xenial): | |
importance: | Undecided → Medium |
status: | New → In Progress |
Changed in linux (Ubuntu Xenial): | |
status: | In Progress → Fix Committed |
This bug was fixed in the package linux - 4.4.0-127.153
---------------
linux (4.4.0-127.153) xenial; urgency=medium
* CVE-2018-3639 (powerpc) CHARACTERISTICS flags rfi_flush( ) setup_rfi_ flush() spectre_ v1() spectre_ v2()
- powerpc/pseries: Support firmware disable of RFI flush
- powerpc/powernv: Support firmware disable of RFI flush
- powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
- powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
- powerpc/rfi-flush: Always enable fallback flush on pseries
- powerpc/rfi-flush: Differentiate enabled and patched flush types
- powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
- powerpc/pseries: Add new H_GET_CPU_
- powerpc: Add security feature flags for Spectre/Meltdown
- powerpc/pseries: Set or clear security feature flags
- powerpc/powernv: Set or clear security feature flags
- powerpc/64s: Move cpu_show_meltdown()
- powerpc/64s: Enhance the information in cpu_show_meltdown()
- powerpc/powernv: Use the security flags in pnv_setup_
- powerpc/pseries: Use the security flags in pseries_
- powerpc/64s: Wire up cpu_show_
- powerpc/64s: Wire up cpu_show_
- powerpc/pseries: Fix clearing of security feature flags
- powerpc: Move default security feature flags
- powerpc/pseries: Restore default security feature flags on setup
- SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel
entry/exit
* CVE-2018-3639 (x86) msr_write msr_write( )
- SAUCE: Clean up IBPB and IBRS control functions and macros
- SAUCE: Fix up IBPB and IBRS kernel parameters documentation
- SAUCE: Remove #define X86_FEATURE_PTI
- x86/cpufeature: Move some of the scattered feature bits to x86_capability
- x86/cpufeature: Cleanup get_cpu_cap()
- x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6
- x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
- x86/cpufeatures: Add Intel feature bits for Speculation Control
- SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf
- x86/cpufeatures: Add AMD feature bits for Speculation Control
- x86/msr: Add definitions for new speculation control MSRs
- SAUCE: x86/msr: Rename MSR spec control feature bits
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes
- x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support
- x86/speculation: Add <asm/msr-index.h> dependency
- x86/cpufeatures: Clean up Spectre v2 related CPUID flags
- x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
- SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code
- SAUCE: x86: Add alternative_
- SAUCE: x86/nospec: Simplify alternative_
- SAUCE: x86/bugs: Concentrate bug detection into a separate function
- SAUCE: x86/bugs: Concentrate bug reporting into a separate function
- arch: Introduce post-init read-only memory
- SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- SAUCE: x86/bugs, KVM: Support the combination of guest a...