[ubuntu/xenial-proposed] linux_4.4.0-146.172_amd64.tar.gz - (Accepted)
linux (4.4.0-146.172) xenial; urgency=medium
* linux: 4.4.0-146.172 -proposed tracker (LP: #1822834)
* Packaging resync (LP: #1786013)
- [Packaging] update helper scripts
- [Packaging] resync retpoline extraction
* 3b080b2564287be91605bfd1d5ee985696e61d3c in ubuntu_btrfs_kernel_fixes
triggers system hang on i386 (LP: #1812845)
- btrfs: raid56: properly unmap parity page in finish_parity_scrub()
* Xenial update: 4.4.177 upstream stable release (LP: #1822271)
- ceph: avoid repeatedly adding inode to mdsc->snap_flush_list
- numa: change get_mempolicy() to use nr_node_ids instead of MAX_NUMNODES
- KEYS: allow reaching the keys quotas exactly
- mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while registering mfd cells
- mfd: twl-core: Fix section annotations on {,un}protect_pm_master
- mfd: db8500-prcmu: Fix some section annotations
- mfd: ab8500-core: Return zero in get_register_interruptible()
- mfd: qcom_rpm: write fw_version to CTRL_REG
- mfd: wm5110: Add missing ASRC rate register
- mfd: mc13xxx: Fix a missing check of a register-read failure
- net: hns: Fix use after free identified by SLUB debug
- MIPS: ath79: Enable OF serial ports in the default config
- scsi: qla4xxx: check return code of qla4xxx_copy_from_fwddb_param
- scsi: isci: initialize shost fully before calling scsi_add_host()
- MIPS: jazz: fix 64bit build
- isdn: i4l: isdn_tty: Fix some concurrency double-free bugs
- atm: he: fix sign-extension overflow on large shift
- leds: lp5523: fix a missing check of return value of lp55xx_read
- isdn: avm: Fix string plus integer warning from Clang
- RDMA/srp: Rework SCSI device reset handling
- KEYS: user: Align the payload buffer
- KEYS: always initialize keyring_index_key::desc_len
- batman-adv: fix uninit-value in batadv_interface_tx()
- net/packet: fix 4gb buffer limit due to overflow check
- team: avoid complex list operations in team_nl_cmd_options_set()
- sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach()
- net/mlx4_en: Force CHECKSUM_NONE for short ethernet frames
- ARCv2: Enable unaligned access in early ASM code
- Revert "bridge: do not add port to router list when receives query with
source 0.0.0.0"
- libceph: handle an empty authorize reply
- drm/msm: Unblock writer if reader closes file
- ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field
- ALSA: compress: prevent potential divide by zero bugs
- thermal: int340x_thermal: Fix a NULL vs IS_ERR() check
- usb: dwc3: gadget: Fix the uninitialized link_state when udc starts
- usb: gadget: Potential NULL dereference on allocation error
- ASoC: dapm: change snprintf to scnprintf for possible overflow
- ASoC: imx-audmux: change snprintf to scnprintf for possible overflow
- ARC: fix __ffs return value to avoid build warnings
- mac80211: fix miscounting of ttl-dropped frames
- serial: fsl_lpuart: fix maximum acceptable baud rate with over-sampling
- scsi: csiostor: fix NULL pointer dereference in csio_vport_set_state()
- net: altera_tse: fix connect_local_phy error path
- ibmveth: Do not process frames after calling napi_reschedule
- mac80211: don't initiate TDLS connection if station is not associated to
AP
- cfg80211: extend range deviation for DMG
- KVM: nSVM: clear events pending from svm_complete_interrupts() when
exiting
to L1
- arm/arm64: KVM: Feed initialized memory to MMIO accesses
- KVM: arm/arm64: Fix MMIO emulation data handling
- powerpc: Always initialize input array when calling epapr_hypercall()
- mmc: spi: Fix card detection during probe
- x86/uaccess: Don't leak the AC flag into __put_user() value evaluation
- USB: serial: option: add Telit ME910 ECM composition
- USB: serial: cp210x: add ID for Ingenico 3070
- USB: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485
- cpufreq: Use struct kobj_attribute instead of struct global_attr
- sockfs: getxattr: Fail with -EOPNOTSUPP for invalid attribute names
- ncpfs: fix build warning of strncpy
- isdn: isdn_tty: fix build warning of strncpy
- staging: lustre: fix buffer overflow of string buffer
- net-sysfs: Fix mem leak in netdev_register_kobject
- team: Free BPF filter when unregistering netdev
- bnxt_en: Drop oversize TX packets to prevent errors.
- net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails
- xen-netback: fix occasional leak of grant ref mappings under memory
pressure
- net: Add __icmp_send helper.
- net: avoid use IPCB in cipso_v4_error
- net: phy: Micrel KSZ8061: link failure after cable connect
- x86/CPU/AMD: Set the CPB bit unconditionally on F17h
- applicom: Fix potential Spectre v1 vulnerabilities
- MIPS: irq: Allocate accurate order pages for irq stack
- hugetlbfs: fix races and page leaks during
[ubuntu/xenial-proposed] linux-signed 4.4.0-146.172 (Accepted)
linux-signed (4.4.0-146.172) xenial; urgency=medium * Master version: 4.4.0-146.172 Date: 2019-04-03 08:58:00.843900+00:00 Changed-By: Khaled El Mously Signed-By: Steve Langasek https://launchpad.net/ubuntu/+source/linux-signed/4.4.0-146.172 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-proposed] linux-meta 4.4.0.146.154 (Accepted)
linux-meta (4.4.0.146.154) xenial; urgency=medium * Bump ABI 4.4.0-146 Date: 2019-04-03 08:58:03.344509+00:00 Changed-By: Khaled El Mously Signed-By: Steve Langasek https://launchpad.net/ubuntu/+source/linux-meta/4.4.0.146.154 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-proposed] linux 4.4.0-146.172 (Accepted)
linux (4.4.0-146.172) xenial; urgency=medium
* linux: 4.4.0-146.172 -proposed tracker (LP: #1822834)
* Packaging resync (LP: #1786013)
- [Packaging] update helper scripts
- [Packaging] resync retpoline extraction
* 3b080b2564287be91605bfd1d5ee985696e61d3c in ubuntu_btrfs_kernel_fixes
triggers system hang on i386 (LP: #1812845)
- btrfs: raid56: properly unmap parity page in finish_parity_scrub()
* Xenial update: 4.4.177 upstream stable release (LP: #1822271)
- ceph: avoid repeatedly adding inode to mdsc->snap_flush_list
- numa: change get_mempolicy() to use nr_node_ids instead of MAX_NUMNODES
- KEYS: allow reaching the keys quotas exactly
- mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while registering mfd cells
- mfd: twl-core: Fix section annotations on {,un}protect_pm_master
- mfd: db8500-prcmu: Fix some section annotations
- mfd: ab8500-core: Return zero in get_register_interruptible()
- mfd: qcom_rpm: write fw_version to CTRL_REG
- mfd: wm5110: Add missing ASRC rate register
- mfd: mc13xxx: Fix a missing check of a register-read failure
- net: hns: Fix use after free identified by SLUB debug
- MIPS: ath79: Enable OF serial ports in the default config
- scsi: qla4xxx: check return code of qla4xxx_copy_from_fwddb_param
- scsi: isci: initialize shost fully before calling scsi_add_host()
- MIPS: jazz: fix 64bit build
- isdn: i4l: isdn_tty: Fix some concurrency double-free bugs
- atm: he: fix sign-extension overflow on large shift
- leds: lp5523: fix a missing check of return value of lp55xx_read
- isdn: avm: Fix string plus integer warning from Clang
- RDMA/srp: Rework SCSI device reset handling
- KEYS: user: Align the payload buffer
- KEYS: always initialize keyring_index_key::desc_len
- batman-adv: fix uninit-value in batadv_interface_tx()
- net/packet: fix 4gb buffer limit due to overflow check
- team: avoid complex list operations in team_nl_cmd_options_set()
- sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach()
- net/mlx4_en: Force CHECKSUM_NONE for short ethernet frames
- ARCv2: Enable unaligned access in early ASM code
- Revert "bridge: do not add port to router list when receives query with
source 0.0.0.0"
- libceph: handle an empty authorize reply
- drm/msm: Unblock writer if reader closes file
- ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field
- ALSA: compress: prevent potential divide by zero bugs
- thermal: int340x_thermal: Fix a NULL vs IS_ERR() check
- usb: dwc3: gadget: Fix the uninitialized link_state when udc starts
- usb: gadget: Potential NULL dereference on allocation error
- ASoC: dapm: change snprintf to scnprintf for possible overflow
- ASoC: imx-audmux: change snprintf to scnprintf for possible overflow
- ARC: fix __ffs return value to avoid build warnings
- mac80211: fix miscounting of ttl-dropped frames
- serial: fsl_lpuart: fix maximum acceptable baud rate with over-sampling
- scsi: csiostor: fix NULL pointer dereference in csio_vport_set_state()
- net: altera_tse: fix connect_local_phy error path
- ibmveth: Do not process frames after calling napi_reschedule
- mac80211: don't initiate TDLS connection if station is not associated to
AP
- cfg80211: extend range deviation for DMG
- KVM: nSVM: clear events pending from svm_complete_interrupts() when
exiting
to L1
- arm/arm64: KVM: Feed initialized memory to MMIO accesses
- KVM: arm/arm64: Fix MMIO emulation data handling
- powerpc: Always initialize input array when calling epapr_hypercall()
- mmc: spi: Fix card detection during probe
- x86/uaccess: Don't leak the AC flag into __put_user() value evaluation
- USB: serial: option: add Telit ME910 ECM composition
- USB: serial: cp210x: add ID for Ingenico 3070
- USB: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485
- cpufreq: Use struct kobj_attribute instead of struct global_attr
- sockfs: getxattr: Fail with -EOPNOTSUPP for invalid attribute names
- ncpfs: fix build warning of strncpy
- isdn: isdn_tty: fix build warning of strncpy
- staging: lustre: fix buffer overflow of string buffer
- net-sysfs: Fix mem leak in netdev_register_kobject
- team: Free BPF filter when unregistering netdev
- bnxt_en: Drop oversize TX packets to prevent errors.
- net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails
- xen-netback: fix occasional leak of grant ref mappings under memory
pressure
- net: Add __icmp_send helper.
- net: avoid use IPCB in cipso_v4_error
- net: phy: Micrel KSZ8061: link failure after cable connect
- x86/CPU/AMD: Set the CPB bit unconditionally on F17h
- applicom: Fix potential Spectre v1 vulnerabilities
- MIPS: irq: Allocate accurate order pages for irq stack
- hugetlbfs: fix races and page leaks during
[ubuntu/partner/xenial] ibm-java80 8.0.5.30-0ubuntu1 (Accepted)
ibm-java80 (8.0.5.30-0ubuntu1) xenial; urgency=medium [ Java Information Manager ] * New upstream release. LP: #1818799. Date: 2019-03-06 16:19:09.425911+00:00 Changed-By: dann frazier Signed-By: Steve Langasek https://launchpad.net/ubuntu/+source/ibm-java80/8.0.5.30-0ubuntu1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] busybox 1:1.22.0-15ubuntu1.4 (Accepted)
busybox (1:1.22.0-15ubuntu1.4) xenial-security; urgency=medium * SECURITY UPDATE: directory traversal via tar symlink extraction - debian/patches/CVE-2011-5325-1.patch: postpone creation of symlinks with "suspicious" targets in archival/libarchive/data_extract_all.c, archival/tar.c, archival/tar_symlink_attack, include/bb_archive.h, testsuite/tar.tests. - debian/patches/CVE-2011-5325-2.patch: do not extract unsafe symlinks unless env variable is set in archival/libarchive/Kbuild.src, archival/libarchive/data_extract_all.c, archival/libarchive/unsafe_symlink_target.c, archival/tar.c, include/bb_archive.h, libbb/copy_file.c, testsuite/tar.tests. - debian/patches/CVE-2011-5325-3.patch: postpone creation of symlinks with "suspicious" targets in archival/libarchive/data_extract_all.c, archival/libarchive/unsafe_symlink_target.c, archival/tar.c, include/bb_archive.h, testsuite/tar.tests. - debian/patches/CVE-2011-5325-4.patch: extract "unsafe" symlinks the same way tar/unzip does in archival/cpio.c. - debian/patches/CVE-2011-5325-5.patch: fix symlink creation in archival/libarchive/get_header_ar.c. - CVE-2011-5325 * SECURITY UPDATE: integer overflow in the DHCP client - debian/patches/CVE-2016-2147-1.patch: fix a SEGV on malformed RFC1035-encoded domain name in networking/udhcp/domain_codec.c. - debian/patches/CVE-2016-2147-2.patch: fix a warning in debug code in networking/udhcp/domain_codec.c. - CVE-2016-2147 * SECURITY UPDATE: heap-based buffer overflow in the DHCP client - debian/patches/CVE-2016-2148.patch: fix OPTION_6RD parsing in networking/udhcp/common.c, networking/udhcp/dhcpc.c. - CVE-2016-2148 * SECURITY UPDATE: integer overflow in get_next_block - debian/patches/CVE-2017-15873.patch: fix runCnt overflow in archival/libarchive/decompress_bunzip2.c. - CVE-2017-15873 * SECURITY UPDATE: code execution in tab autocomplete feature - debian/patches/CVE-2017-16544.patch: check for control characters in libbb/lineedit.c. - CVE-2017-16544 * SECURITY UPDATE: DoS in unzip operations - debian/patches/CVE-2015-9261-1.patch: test for a bad archive in archival/libarchive/decompress_gunzip.c, added test in testsuite/unzip.tests. - debian/patches/CVE-2015-9261-2.patch: further fix decompression code in archival/libarchive/decompress_gunzip.c, testsuite/unzip.tests. - CVE-2015-9261 * SECURITY UPDATE: buffer overflow in wget - debian/patches/CVE-2018-1000517.patch: check chunk length in networking/wget.c. - CVE-2018-1000517 * SECURITY UPDATE: out-of-bounds read in udhcp - debian/patches/CVE-2018-20679.patch: check that 4-byte options are indeed 4-byte in networking/udhcp/common.*, networking/udhcp/dhcpc.c, networking/udhcp/dhcpd.c. - CVE-2018-20679 * SECURITY UPDATE: incomplete fix for out-of-bounds read in udhcp - debian/patches/CVE-2019-5747.patch: when decoding DHCP_SUBNET, ensure it is 4 bytes long in networking/udhcp/common.*, networking/udhcp/dhcpc.c. - CVE-2019-5747 * debian/rules: fix nocheck test so test suite gets run during build and set SKIP_INTERNET_TESTS=y. Date: 2019-03-07 15:05:18.047879+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/busybox/1:1.22.0-15ubuntu1.4 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] policykit-1 0.105-14.1ubuntu0.5 (Accepted)
policykit-1 (0.105-14.1ubuntu0.5) xenial-security; urgency=medium * SECURITY UPDATE: start time protection mechanism bypass - debian/patches/CVE-2019-6133.patch: Compare PolkitUnixProcess uids for temporary authorizations in src/polkit/polkitsubject.c, src/polkit/polkitunixprocess.c, src/polkitbackend/polkitbackendinteractiveauthority.c. - CVE-2019-6133 Date: 2019-03-27 14:37:14.729246+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/policykit-1/0.105-14.1ubuntu0.5 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] busybox 1:1.22.0-15ubuntu1.4 (Accepted)
busybox (1:1.22.0-15ubuntu1.4) xenial-security; urgency=medium * SECURITY UPDATE: directory traversal via tar symlink extraction - debian/patches/CVE-2011-5325-1.patch: postpone creation of symlinks with "suspicious" targets in archival/libarchive/data_extract_all.c, archival/tar.c, archival/tar_symlink_attack, include/bb_archive.h, testsuite/tar.tests. - debian/patches/CVE-2011-5325-2.patch: do not extract unsafe symlinks unless env variable is set in archival/libarchive/Kbuild.src, archival/libarchive/data_extract_all.c, archival/libarchive/unsafe_symlink_target.c, archival/tar.c, include/bb_archive.h, libbb/copy_file.c, testsuite/tar.tests. - debian/patches/CVE-2011-5325-3.patch: postpone creation of symlinks with "suspicious" targets in archival/libarchive/data_extract_all.c, archival/libarchive/unsafe_symlink_target.c, archival/tar.c, include/bb_archive.h, testsuite/tar.tests. - debian/patches/CVE-2011-5325-4.patch: extract "unsafe" symlinks the same way tar/unzip does in archival/cpio.c. - debian/patches/CVE-2011-5325-5.patch: fix symlink creation in archival/libarchive/get_header_ar.c. - CVE-2011-5325 * SECURITY UPDATE: integer overflow in the DHCP client - debian/patches/CVE-2016-2147-1.patch: fix a SEGV on malformed RFC1035-encoded domain name in networking/udhcp/domain_codec.c. - debian/patches/CVE-2016-2147-2.patch: fix a warning in debug code in networking/udhcp/domain_codec.c. - CVE-2016-2147 * SECURITY UPDATE: heap-based buffer overflow in the DHCP client - debian/patches/CVE-2016-2148.patch: fix OPTION_6RD parsing in networking/udhcp/common.c, networking/udhcp/dhcpc.c. - CVE-2016-2148 * SECURITY UPDATE: integer overflow in get_next_block - debian/patches/CVE-2017-15873.patch: fix runCnt overflow in archival/libarchive/decompress_bunzip2.c. - CVE-2017-15873 * SECURITY UPDATE: code execution in tab autocomplete feature - debian/patches/CVE-2017-16544.patch: check for control characters in libbb/lineedit.c. - CVE-2017-16544 * SECURITY UPDATE: DoS in unzip operations - debian/patches/CVE-2015-9261-1.patch: test for a bad archive in archival/libarchive/decompress_gunzip.c, added test in testsuite/unzip.tests. - debian/patches/CVE-2015-9261-2.patch: further fix decompression code in archival/libarchive/decompress_gunzip.c, testsuite/unzip.tests. - CVE-2015-9261 * SECURITY UPDATE: buffer overflow in wget - debian/patches/CVE-2018-1000517.patch: check chunk length in networking/wget.c. - CVE-2018-1000517 * SECURITY UPDATE: out-of-bounds read in udhcp - debian/patches/CVE-2018-20679.patch: check that 4-byte options are indeed 4-byte in networking/udhcp/common.*, networking/udhcp/dhcpc.c, networking/udhcp/dhcpd.c. - CVE-2018-20679 * SECURITY UPDATE: incomplete fix for out-of-bounds read in udhcp - debian/patches/CVE-2019-5747.patch: when decoding DHCP_SUBNET, ensure it is 4 bytes long in networking/udhcp/common.*, networking/udhcp/dhcpc.c. - CVE-2019-5747 * debian/rules: fix nocheck test so test suite gets run during build and set SKIP_INTERNET_TESTS=y. Date: 2019-03-07 15:05:18.047879+00:00 Changed-By: Marc Deslauriers https://launchpad.net/ubuntu/+source/busybox/1:1.22.0-15ubuntu1.4 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] policykit-1 0.105-14.1ubuntu0.5 (Accepted)
policykit-1 (0.105-14.1ubuntu0.5) xenial-security; urgency=medium * SECURITY UPDATE: start time protection mechanism bypass - debian/patches/CVE-2019-6133.patch: Compare PolkitUnixProcess uids for temporary authorizations in src/polkit/polkitsubject.c, src/polkit/polkitunixprocess.c, src/polkitbackend/polkitbackendinteractiveauthority.c. - CVE-2019-6133 Date: 2019-03-27 14:37:14.729246+00:00 Changed-By: Marc Deslauriers https://launchpad.net/ubuntu/+source/policykit-1/0.105-14.1ubuntu0.5 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
