Bug #1790884 “Xenial update to 4.4.143 stable release” : Bugs : linux package : Ubuntu

Stefan Bader (smb) on 2018-09-05

tags:	added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Xenial):
assignee:	nobody → Stefan Bader (smb)
importance:	Undecided → Medium
status:	New → In Progress
Changed in linux (Ubuntu):
status:	New → Invalid

Revision history for this message

Stefan Bader (smb) wrote on 2018-09-05:

#1

Skipped:
* "Revert "sit: reload iphdr in ipip6_rcv"" because it is
already applied for bug #1772775.

Stefan Bader (smb) on 2018-09-06

description:

updated

Kleber Sacilotto de Souza (kleber-souza) on 2018-09-06

Changed in linux (Ubuntu Xenial):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2018-10-01:

#2

Download full text (9.6 KiB)

This bug was fixed in the package linux - 4.4.0-137.163

---------------
linux (4.4.0-137.163) xenial; urgency=medium

* CVE-2018-14633
- iscsi target: Use hex2bin instead of a re-implementation

* CVE-2018-17182
- mm: get rid of vmacache_flush_all() entirely

linux (4.4.0-136.162) xenial; urgency=medium

* linux: 4.4.0-136.162 -proposed tracker (LP: #1791745)

  * CVE-2017-5753
    - bpf: properly enforce index mask to prevent out-of-bounds speculation
    - Revert "UBUNTU: SAUCE: bpf: Use barrier_nospec() instead of osb()"
    - Revert "bpf: prevent speculative execution in eBPF interpreter"

  * L1TF mitigation not effective in some CPU and RAM combinations
    (LP: #1788563) // CVE-2018-3620 // CVE-2018-3646
    - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
    - x86/speculation/l1tf: Fix off-by-one error when warning that system has too
      much RAM
    - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+

* CVE-2018-15594
- x86/paravirt: Fix spectre-v2 mitigations for paravirt guests

  * Xenial update to 4.4.144 stable release (LP: #1791080)
    - KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in
      parallel.
    - x86/MCE: Remove min interval polling limitation
    - fat: fix memory allocation failure handling of match_strdup()
    - ALSA: rawmidi: Change resized buffers atomically
    - ARC: Fix CONFIG_SWAP
    - ARC: mm: allow mprotect to make stack mappings executable
    - mm: memcg: fix use after free in mem_cgroup_iter()
    - ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns
    - ipv6: fix useless rol32 call on hash
    - lib/rhashtable: consider param->min_size when setting initial table size
    - net/ipv4: Set oif in fib_compute_spec_dst
    - net: phy: fix flag masking in __set_phy_supported
    - ptp: fix missing break in switch
    - tg3: Add higher cpu clock for 5762.
    - net: Don't copy pfmemalloc flag in __copy_skb_header()
    - skbuff: Unconditionally copy pfmemalloc in __skb_clone()
    - xhci: Fix perceived dead host due to runtime suspend race with event handler
    - x86/paravirt: Make native_save_fl() extern inline
    - SAUCE: Add missing CPUID_7_EDX defines
    - SAUCE: x86/speculation: Expose indirect_branch_prediction_barrier()
    - x86/pti: Mark constant arrays as __initconst
    - x86/asm/entry/32: Simplify pushes of zeroed pt_regs->REGs
    - x86/entry/64/compat: Clear registers for compat syscalls, to reduce
      speculation attack surface
    - x86/speculation: Clean up various Spectre related details
    - x86/speculation: Fix up array_index_nospec_mask() asm constraint
    - x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend
    - x86/mm: Factor out LDT init from context init
    - x86/mm: Give each mm TLB flush generation a unique ID
    - SAUCE: x86/speculation: Use Indirect Branch Prediction Barrier in context
      switch
    - x86/speculation: Use IBRS if available before calling into firmware
    - x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP
    - selftest/seccomp: Fix the seccomp(2) signature
    - xen: set cpu capabilities from xen_start_kernel()
    - x86/amd: d...

This bug was fixed in the package linux - 4.4.0-137.163

---------------
linux (4.4.0-137.163) xenial; urgency=medium

* CVE-2018-14633
    - iscsi target: Use hex2bin instead of a re-implementation

* CVE-2018-17182
    - mm: get rid of vmacache_flush_all() entirely

linux (4.4.0-136.162) xenial; urgency=medium

* linux: 4.4.0-136.162 -proposed tracker (LP: #1791745)

* CVE-2017-5753
    - bpf: properly enforce index mask to prevent out-of-bounds speculation
    - Revert "UBUNTU: SAUCE: bpf: Use barrier_nospec() instead of osb()"
    - Revert "bpf: prevent speculative execution in eBPF interpreter"

* L1TF mitigation not effective in some CPU and RAM combinations
    (LP: #1788563) // CVE-2018-3620 // CVE-2018-3646
    - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
    - x86/speculation/l1tf: Fix off-by-one error when warning that system has too
      much RAM
    - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+

* CVE-2018-15594
    - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests

* Xenial update to 4.4.144 stable release (LP: #1791080)
    - KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in
      parallel.
    - x86/MCE: Remove min interval polling limitation
    - fat: fix memory allocation failure handling of match_strdup()
    - ALSA: rawmidi: Change resized buffers atomically
    - ARC: Fix CONFIG_SWAP
    - ARC: mm: allow mprotect to make stack mappings executable
    - mm: memcg: fix use after free in mem_cgroup_iter()
    - ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns
    - ipv6: fix useless rol32 call on hash
    - lib/rhashtable: consider param->min_size when setting initial table size
    - net/ipv4: Set oif in fib_compute_spec_dst
    - net: phy: fix flag masking in __set_phy_supported
    - ptp: fix missing break in switch
    - tg3: Add higher cpu clock for 5762.
    - net: Don't copy pfmemalloc flag in __copy_skb_header()
    - skbuff: Unconditionally copy pfmemalloc in __skb_clone()
    - xhci: Fix perceived dead host due to runtime suspend race with event handler
    - x86/paravirt: Make native_save_fl() extern inline
    - SAUCE: Add missing CPUID_7_EDX defines
    - SAUCE: x86/speculation: Expose indirect_branch_prediction_barrier()
    - x86/pti: Mark constant arrays as __initconst
    - x86/asm/entry/32: Simplify pushes of zeroed pt_regs->REGs
    - x86/entry/64/compat: Clear registers for compat syscalls, to reduce
      speculation attack surface
    - x86/speculation: Clean up various Spectre related details
    - x86/speculation: Fix up array_index_nospec_mask() asm constraint
    - x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend
    - x86/mm: Factor out LDT init from context init
    - x86/mm: Give each mm TLB flush generation a unique ID
    - SAUCE: x86/speculation: Use Indirect Branch Prediction Barrier in context
      switch
    - x86/speculation: Use IBRS if available before calling into firmware
    - x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP
    - selftest/seccomp: Fix the seccomp(2) signature
    - xen: set cpu capabilities from xen_start_kernel()
    - x86/amd: don't set X86_BUG_SYSRET_SS_ATTRS when running under Xen
    - SAUCE: Preserve SPEC_CTRL MSR in new inlines
    - SAUCE: Add Knights Mill to NO SSB list
    - x86/process: Correct and optimize TIF_BLOCKSTEP switch
    - x86/process: Optimize TIF_NOTSC switch
    - Revert "x86/cpufeatures: Add FEATURE_ZEN"
    - Revert "x86/cpu/AMD: Fix erratum 1076 (CPB bit)"
    - x86/cpu/AMD: Fix erratum 1076 (CPB bit)
    - x86/cpufeatures: Add FEATURE_ZEN
    - x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths
    - x86/cpu: Re-apply forced caps every time CPU caps are re-read
    - block: do not use interruptible wait anywhere
    - clk: tegra: Fix PLL_U post divider and initial rate on Tegra30
    - ubi: Introduce vol_ignored()
    - ubi: Rework Fastmap attach base code
    - ubi: Be more paranoid while seaching for the most recent Fastmap
    - ubi: Fix races around ubi_refill_pools()
    - ubi: Fix Fastmap's update_vol()
    - ubi: fastmap: Erase outdated anchor PEBs during attach
    - Linux 4.4.144

* CVE-2017-5715 (Spectre v2 s390x)
    - s390: detect etoken facility
    - s390/lib: use expoline for all bcr instructions
    - SAUCE: s390: use expoline thunks for all branches generated by the BPF JIT

* Xenial update to 4.4.143 stable release (LP: #1790884)
    - compiler, clang: suppress warning for unused static inline functions
    - compiler, clang: properly override 'inline' for clang
    - compiler, clang: always inline when CONFIG_OPTIMIZE_INLINING is disabled
    - compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations
    - x86/asm: Add _ASM_ARG* constants for argument registers to <asm/asm.h>
    - ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent
    - bcm63xx_enet: correct clock usage
    - bcm63xx_enet: do not write to random DMA channel on BCM6345
    - crypto: crypto4xx - remove bad list_del
    - crypto: crypto4xx - fix crypto4xx_build_pdr, crypto4xx_build_sdr leak
    - atm: zatm: Fix potential Spectre v1
    - net: dccp: avoid crash in ccid3_hc_rx_send_feedback()
    - net: dccp: switch rx_tstamp_last_feedback to monotonic clock
    - net/mlx5: Fix incorrect raw command length parsing
    - net: sungem: fix rx checksum support
    - qed: Limit msix vectors in kdump kernel to the minimum required count.
    - r8152: napi hangup fix after disconnect
    - tcp: fix Fast Open key endianness
    - tcp: prevent bogus FRTO undos with non-SACK flows
    - vhost_net: validate sock before trying to put its fd
    - net_sched: blackhole: tell upper qdisc about dropped packets
    - net/mlx5: Fix command interface race in polling mode
    - net: cxgb3_main: fix potential Spectre v1
    - rtlwifi: rtl8821ae: fix firmware is not ready to run
    - MIPS: Call dump_stack() from show_regs()
    - MIPS: Use async IPIs for arch_trigger_cpumask_backtrace()
    - netfilter: ebtables: reject non-bridge targets
    - KEYS: DNS: fix parsing multiple options
    - rds: avoid unenecessary cong_update in loop transport
    - net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL.
    - Linux 4.4.143

* Xenial update to 4.4.142 stable release (LP: #1790883)
    - Kbuild: fix # escaping in .cmd files for future Make
    - perf tools: Move syscall number fallbacks from perf-sys.h to
      tools/arch/x86/include/asm/
    - Linux 4.4.142

* Xenial update to 4.4.141 stable release (LP: #1790620)
    - MIPS: Fix ioremap() RAM check
    - ibmasm: don't write out of bounds in read handler
    - vmw_balloon: fix inflation with batching
    - ahci: Disable LPM on Lenovo 50 series laptops with a too old BIOS
    - USB: serial: ch341: fix type promotion bug in ch341_control_in()
    - USB: serial: cp210x: add another USB ID for Qivicon ZigBee stick
    - USB: serial: keyspan_pda: fix modem-status error handling
    - USB: yurex: fix out-of-bounds uaccess in read handler
    - USB: serial: mos7840: fix status-register error handling
    - usb: quirks: add delay quirks for Corsair Strafe
    - xhci: xhci-mem: off by one in xhci_stream_id_to_ring()
    - HID: usbhid: add quirk for innomedia INNEX GENESIS/ATARI adapter
    - tools build: fix # escaping in .cmd files for future Make
    - iw_cxgb4: correctly enforce the max reg_mr depth
    - x86/cpufeature: Move some of the scattered feature bits to x86_capability
    - x86/cpu: Provide a config option to disable static_cpu_has
    - x86/fpu: Add an XSTATE_OP() macro
    - x86/fpu: Get rid of xstate_fault()
    - x86/headers: Don't include asm/processor.h in asm/atomic.h
    - x86/cpufeature: Replace the old static_cpu_has() with safe variant
    - x86/cpufeature: Get rid of the non-asm goto variant
    - x86/alternatives: Add an auxilary section
    - x86/alternatives: Discard dynamic check after init
    - x86/vdso: Use static_cpu_has()
    - x86/boot: Simplify kernel load address alignment check
    - x86/cpufeature: Speed up cpu_feature_enabled()
    - x86/cpufeature, x86/mm/pkeys: Add protection keys related CPUID definitions
    - x86/mm/pkeys: Fix mismerge of protection keys CPUID bits
    - x86/cpu: Add detection of AMD RAS Capabilities
    - x86/cpufeature, x86/mm/pkeys: Fix broken compile-time disabling of pkeys
    - x86/cpufeature: Make sure DISABLED/REQUIRED macros are updated
    - x86/cpufeature: Add helper macro for mask check macros
    - uprobes/x86: Remove incorrect WARN_ON() in uprobe_init_insn()
    - netfilter: nf_queue: augment nfqa_cfg_policy
    - netfilter: x_tables: initialise match/target check parameter struct
    - loop: add recursion validation to LOOP_CHANGE_FD
    - PM / hibernate: Fix oops at snapshot_write()
    - SAUCE: RDMA/ucm: Blacklist UCM module
    - loop: remember whether sysfs_create_group() was done
    - Linux 4.4.141
    - [Config] Refresh configs for 4.4.141

* regression with EXT4 file systems and meta_bg flag (LP: #1789653)
    - ext4: fix false negatives *and* false positives in ext4_check_descriptors()

* CVE-2018-15572
    - x86/speculation: Protect against userspace-userspace spectreRSB

* random oopses on s390 systems using NVMe devices (LP: #1790480)
    - s390/pci: fix out of bounds access during irq setup

* CVE-2018-6555
    - SAUCE: irda: Only insert new objects into the global database via setsockopt

* CVE-2018-6554
    - SAUCE: irda: Fix memory leak caused by repeated binds of irda socket

* errors when scanning partition table of corrupted AIX disk (LP: #1787281)
    - partitions/aix: fix usage of uninitialized lv_info and lvname structures
    - partitions/aix: append null character to print data from disk

-- Stefan Bader <stefan.bader@canonical.com>  Mon, 24 Sep 2018 13:39:05 +0200

Changed in linux (Ubuntu Xenial):
status:	Fix Committed → Fix Released

Ubuntu
linux package

Xenial update to 4.4.143 stable release

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Invalid	Undecided	Unassigned
	Xenial	Fix Released	Medium	Stefan Bader

Ubuntulinux package