* lunar/linux: 6.2.0-26.26 -proposed tracker (LP: #2026753)
* CVE-2023-2640 // CVE-2023-32629
- Revert "UBUNTU: SAUCE: overlayfs: handle idmapped mounts in
ovl_do_(set|remove)xattr"
- Revert "UBUNTU: SAUCE: overlayfs: Skip permission checking for
trusted.overlayfs.* xattrs"
- SAUCE: overlayfs: default to userxattr when mounted from non initial user
namespace
* CVE-2023-35001
- netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
* CVE-2023-31248
- netfilter: nf_tables: do not ignore genmask when looking up chain by id
* CVE-2023-3389
- io_uring/poll: serialize poll linked timer start with poll removal
* CVE-2023-3390
- netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
* CVE-2023-3090
- ipvlan:Fix out-of-bounds caused by unclear skb->cb
* CVE-2023-3269
- mm: introduce new 'lock_mm_and_find_vma()' page fault helper
- mm: make the page fault mmap locking killable
- arm64/mm: Convert to using lock_mm_and_find_vma()
- powerpc/mm: Convert to using lock_mm_and_find_vma()
- mips/mm: Convert to using lock_mm_and_find_vma()
- riscv/mm: Convert to using lock_mm_and_find_vma()
- arm/mm: Convert to using lock_mm_and_find_vma()
- mm/fault: convert remaining simple cases to lock_mm_and_find_vma()
- powerpc/mm: convert coprocessor fault to lock_mm_and_find_vma()
- mm: make find_extend_vma() fail if write lock not held
- execve: expand new process stack manually ahead of time
- mm: always expand the stack with the mmap write lock held
- [CONFIG]: Set CONFIG_LOCK_MM_AND_FIND_VMA
This bug was fixed in the package linux-gcp - 6.2.0-1010.10
---------------
linux-gcp (6.2.0-1010.10) lunar; urgency=medium
* lunar/linux-gcp: 6.2.0-1010.10 -proposed tracker (LP: #2026743)
* Packaging resync (LP: #1786013) dkms-versions -- update from kernel-versions (main/s2023.06.12)
- debian/
[ Ubuntu: 6.2.0-26.26 ]
* lunar/linux: 6.2.0-26.26 -proposed tracker (LP: #2026753) do_(set| remove) xattr" overlayfs. * xattrs" and_find_ vma()' page fault helper and_find_ vma() and_find_ vma() and_find_ vma() and_find_ vma() and_find_ vma() and_find_ vma() and_find_ vma() LOCK_MM_ AND_FIND_ VMA
* CVE-2023-2640 // CVE-2023-32629
- Revert "UBUNTU: SAUCE: overlayfs: handle idmapped mounts in
ovl_
- Revert "UBUNTU: SAUCE: overlayfs: Skip permission checking for
trusted.
- SAUCE: overlayfs: default to userxattr when mounted from non initial user
namespace
* CVE-2023-35001
- netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
* CVE-2023-31248
- netfilter: nf_tables: do not ignore genmask when looking up chain by id
* CVE-2023-3389
- io_uring/poll: serialize poll linked timer start with poll removal
* CVE-2023-3390
- netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
* CVE-2023-3090
- ipvlan:Fix out-of-bounds caused by unclear skb->cb
* CVE-2023-3269
- mm: introduce new 'lock_mm_
- mm: make the page fault mmap locking killable
- arm64/mm: Convert to using lock_mm_
- powerpc/mm: Convert to using lock_mm_
- mips/mm: Convert to using lock_mm_
- riscv/mm: Convert to using lock_mm_
- arm/mm: Convert to using lock_mm_
- mm/fault: convert remaining simple cases to lock_mm_
- powerpc/mm: convert coprocessor fault to lock_mm_
- mm: make find_extend_vma() fail if write lock not held
- execve: expand new process stack manually ahead of time
- mm: always expand the stack with the mmap write lock held
- [CONFIG]: Set CONFIG_
-- Roxana Nicolescu <email address hidden> Fri, 14 Jul 2023 10:51:44 +0200