linux-euclid (4.4.0-9019.20) xenial; urgency=low
* autoreconstruct -- ensure potentially empty directories are rebuild too
Fixes FTBS when starting to use an orig tarball.
* CVE-2017-7533
- dentry name snapshots
* CVE-2017-7374
- fscrypt: remove broken support for detecting keyring key revocation
* CVE-2017-7184
- xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window
- xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder
* CVE-2017-2636
- TTY: n_hdlc, fix lockdep false positive
- tty: n_hdlc: get rid of racy n_hdlc.tbuf
* CVE-2017-1000364
- mm: vma_adjust: remove superfluous confusing update in remove_next == 1 case
- mm: larger stack guard gap, between vmas
- Allow stack to grow up to address space limit
- mm: fix new crash in unmapped_area_topdown()
- mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack
- mm/mmap.c: expand_downwards: don't require the gap if !vm_prev
* CVE-2017-1000251
- Bluetooth: Properly check L2CAP config option output buffer length
* CVE-2017-1000112
- ipv4: Should use consistent conditional judgement for ip fragment in
__ip_append_data and ip_finish_output
- ipv6: Don't use ufo handling on later transformed packets
- udp: avoid ufo handling on IP payload compression packets
- ipv6: Should use consistent conditional judgement for ip6 fragment between
__ip6_append_data and ip6_finish_output
- net: account for current skb length when deciding about UFO
- udp: consistently apply ufo or fragmentation
* CVE-2017-1000111
- packet: fix tp_reserve race in packet_set_ring
* Fix CVE-2017-7308 (LP: #1678009)
- net/packet: fix overflow in check for priv area size
- net/packet: fix overflow in check for tp_frame_nr
- net/packet: fix overflow in check for tp_reserve
-- Stefan Bader <email address hidden> Thu, 12 Oct 2017 16:54:00 +0200