This bug was fixed in the package linux - 4.8.0-54.57 --------------- linux (4.8.0-54.57) yakkety; urgency=low
* linux: 4.8.0-54.57 -proposed tracker (LP: #1692589) * CVE-2017-0605 - tracing: Use strlcpy() instead of strcpy() in __trace_find_cmdline() * Populating Hyper-V MSR for Ubuntu 13.10 (LP: #1193172) - SAUCE: (no-up) hv: Supply vendor ID and package ABI * [Hyper-V] Implement Hyper-V PTP Source (LP: #1676635) - hv: allocate synic pages for all present CPUs - hv: init percpu_list in hv_synic_alloc() - Drivers: hv: vmbus: Prevent sending data on a rescinded channel - hv: switch to cpuhp state machine for synic init/cleanup - hv: make CPU offlining prevention fine-grained - Drivers: hv: vmbus: Fix a rescind handling bug - Drivers: hv: util: kvp: Fix a rescind processing issue - Drivers: hv: util: Fcopy: Fix a rescind processing issue - Drivers: hv: util: Backup: Fix a rescind processing issue - Drivers: hv: vmbus: Move the definition of hv_x64_msr_hypercall_contents - Drivers: hv: vmbus: Move the definition of generate_guest_id() - Revert "UBUNTU: SAUCE: (no-up) hv: Supply vendor ID and package ABI" - Drivers: hv vmbus: Move Hypercall page setup out of common code - Drivers: hv: vmbus: Move Hypercall invocation code out of common code - Drivers: hv: vmbus: Consolidate all Hyper-V specific clocksource code - Drivers: hv: vmbus: Move the extracting of Hypervisor version information - Drivers: hv: vmbus: Move the crash notification function - Drivers: hv: vmbus: Move the check for hypercall page setup - Drivers: hv: vmbus: Move the code to signal end of message - Drivers: hv: vmbus: Restructure the clockevents code - Drivers: hv: util: Use hv_get_current_tick() to get current tick - Drivers: hv: vmbus: Get rid of an unsused variable - Drivers: hv: vmbus: Define APIs to manipulate the message page - Drivers: hv: vmbus: Define APIs to manipulate the event page - Drivers: hv: vmbus: Define APIs to manipulate the synthetic interrupt controller - Drivers: hv: vmbus: Define an API to retrieve virtual processor index - Drivers: hv: vmbus: Define an APIs to manage interrupt state - Drivers: hv: vmbus: Cleanup hyperv_vmbus.h - hv_util: switch to using timespec64 - Drivers: hv: restore hypervcall page cleanup before kexec - Drivers: hv: restore TSC page cleanup before kexec - Drivers: hv: balloon: add a fall through comment to hv_memory_notifier() - Drivers: hv: vmbus: Use all supported IC versions to negotiate - Drivers: hv: Log the negotiated IC versions. - Drivers: hv: Fix the bug in generating the guest ID - hv: export current Hyper-V clocksource - hv_utils: implement Hyper-V PTP source - SAUCE: (no-up) hv: Supply vendor ID and package ABI * CIFS: Enable encryption for SMB3 (LP: #1670508) - SMB3: Add mount parameter to allow user to override max credits - SMB2: Separate Kerberos authentication from SMB2_sess_setup - SMB2: Separate RawNTLMSSP authentication from SMB2_sess_setup - SMB3: parsing for new snapshot timestamp mount parm - cifs: Simplify SMB2 and SMB311 dependencies - cifs: Only select the required crypto modules - cifs: Add soft dependencies - CIFS: Separate SMB2 header structure - CIFS: Make SendReceive2() takes resp iov - CIFS: Make send_cancel take rqst as argument - CIFS: Send RFC1001 length in a separate iov - CIFS: Separate SMB2 sync header processing - CIFS: Separate RFC1001 length processing for SMB2 read - CIFS: Add capability to transform requests before sending - CIFS: Enable encryption during session setup phase - CIFS: Encrypt SMB3 requests before sending - CIFS: Add transform header handling callbacks - CIFS: Add mid handle callback - CIFS: Add copy into pages callback for a read operation - CIFS: Decrypt and process small encrypted packets - CIFS: Add capability to decrypt big read responses - CIFS: Allow to switch on encryption with seal mount option - CIFS: Fix possible use after free in demultiplex thread * APST quirk needed for Samsung 512GB NVMe drive (LP: #1678184) - nvme: Adjust the Samsung APST quirk - nvme: Quirk APST off on "THNSF5256GPUK TOSHIBA" -- Kleber Sacilotto de Souza <kleber.so...@canonical.com> Mon, 22 May 2017 18:56:12 +0200 ** Changed in: linux (Ubuntu Yakkety) Status: Fix Committed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-0605 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1670508 Title: CIFS: Enable encryption for SMB3 Status in linux package in Ubuntu: Fix Released Status in linux source package in Xenial: In Progress Status in linux source package in Yakkety: Fix Released Status in linux source package in Zesty: Fix Released Bug description: There has been work upstream to enable encryption support for SMB3 connections. This is a particularly valuable (and commonly requested) feature with the Azure Files service as encryption is required to connect to an Azure Files storage share from on-prem or from a different Azure region. The relevant commits are as follows: CIFS: Fix possible use after free in demultiplex thread Commit 61cfac6f267dabcf2740a7ec8a0295833b28b5f5 CIFS: Allow to switch on encryption with seal mount option Commit ae6f8dd4d0c87bfb72da9d9b56342adf53e69c31 CIFS: Add capability to decrypt big read responses Commit c42a6abe3012832a68a371dabe17c2ced97e62ad CIFS: Decrypt and process small encrypted packets Commit 4326ed2f6a16ae9d33e4209b540dc9a371aba840 CIFS: Add copy into pages callback for a read operation Commit d70b9104b1ca586f73aaf59426756cec3325a40e CIFS: Add mid handle callback Commit 9b7c18a2d4b798963ea80f6769701dcc4c24b55e CIFS: Add transform header handling callbacks Commit 9bb17e0916a03ab901fb684e874d77a1e96b3d1e CIFS: Encrypt SMB3 requests before sending Commit 026e93dc0a3eefb0be060bcb9ecd8d7a7fd5c398 CIFS: Enable encryption during session setup phase Commit cabfb3680f78981d26c078a26e5c748531257ebb CIFS: Add capability to transform requests before sending Commit 7fb8986e7449d0a5cebd84d059927afa423fbf85 CIFS: Separate RFC1001 length processing for SMB2 read Commit b8f57ee8aad414a3122bff72d7968a94baacb9b6 CIFS: Separate SMB2 sync header processing Commit cb200bd6264a80c04e09e8635fa4f3901cabdaef CIFS: Send RFC1001 length in a separate iov Commit 738f9de5cdb9175c19d24cfdf90b4543fc3b47bf CIFS: Make send_cancel take rqst as argument Commit fb2036d817584df42504910fe104f68517e8990e CIFS: Make SendReceive2() takes resp iov Commit da502f7df03d2d0b416775f92ae022f3f82bedd5 CIFS: Separate SMB2 header structure Commit 31473fc4f9653b73750d3792ffce6a6e1bdf0da7 cifs: Add soft dependencies Commit b9be76d585d48cb25af8db0d35e1ef9030fbe13a cifs: Only select the required crypto modules Commit 3692304bba6164be3810afd41b84ecb0e1e41db1 cifs: Simplify SMB2 and SMB311 dependencies Commit c1ecea87471bbb614f8121e00e5787f363140365 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1670508/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp