group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #13737
[Bug 1683505] Re: enable CONFIG_CPU_SW_DOMAIN_PAN for raspi2/raspi3
This bug was fixed in the package linux-raspi2 - 4.4.0-1057.64
---------------
linux-raspi2 (4.4.0-1057.64) xenial; urgency=low
* linux-raspi2: 4.4.0-1057.64 -proposed tracker (LP: #1692040)
* linux xenial derivatives fail to build (LP: #1691814)
- [Packaging] Set do_tools_common in common vars
- [Packaging] Do not build tools-common
linux-raspi2 (4.4.0-1056.63) xenial; urgency=low
* linux-raspi2: 4.4.0-1056.63 -proposed tracker (LP: #1691182)
* enable CONFIG_CPU_SW_DOMAIN_PAN for raspi2/raspi3 (LP: #1683505)
- [Config] CPU_SW_DOMAIN_PAN=y
[ Ubuntu: 4.4.0-79.100 ]
* linux: 4.4.0-79.100 -proposed tracker (LP: #1691180)
* linux-aws/linux-gke incorrectly producing and using linux-*-tools-
common/linux-*-cloud-tools-common (LP: #1688579)
- [Config] make linux-tools-common and linux-cloud-tools-common provide linux-
gke versions
- [Config] make linux-tools-common and linux-cloud-tools-common provide linux-
aws versions
- [Packaging] prevent linux-*-tools-common from being produced from non linux
packages
* CVE-2017-0605
- tracing: Use strlcpy() instead of strcpy() in __trace_find_cmdline()
* i915-bpo crashes on external hdmi input (LP: #1580272)
- SAUCE: i915_bpo: Silence the warning about watermark entries not changing
* Kernel panics on Xenial when using cgroups and strict CFS limits
(LP: #1687512)
- sched/fair: Initialize throttle_count for new task-groups lazily
- sched/fair: Do not announce throttled next buddy in dequeue_task_fair()
* bonding - mlx5 - speed changed to 0 after changing ring size (LP: #1687877)
- bonding: allow notifications for bond_set_slave_link_state
* Xenial update to 4.4.67 stable release (LP: #1689296)
- timerfd: Protect the might cancel mechanism proper
- Handle mismatched open calls
- ASoC: intel: Fix PM and non-atomic crash in bytcr drivers
- ALSA: ppc/awacs: shut up maybe-uninitialized warning
- drbd: avoid redefinition of BITS_PER_PAGE
- mtd: avoid stack overflow in MTD CFI code
- net: tg3: avoid uninitialized variable warning
- netlink: Allow direct reclaim for fallback allocation
- IB/qib: rename BITS_PER_PAGE to RVT_BITS_PER_PAGE
- IB/ehca: fix maybe-uninitialized warnings
- ext4: require encryption feature for EXT4_IOC_SET_ENCRYPTION_POLICY
- ext4 crypto: revalidate dentry after adding or removing the key
- ext4 crypto: use dget_parent() in ext4_d_revalidate()
- ext4/fscrypto: avoid RCU lookup in d_revalidate
- nfsd4: minor NFSv2/v3 write decoding cleanup
- nfsd: stricter decoding of write-like NFSv2/v3 ops
- dm ioctl: prevent stack leak in dm ioctl call
- Linux 4.4.67
* Precision Rack failed to resume from S4 (LP: #1686061)
- x86 / hibernate: Use hlt_play_dead() when resuming from hibernation
- x86/boot: Split out kernel_ident_mapping_init()
- x86/power/64: Always create temporary identity mapping correctly
* Xenial update to 4.4.66 stable release (LP: #1688505)
- f2fs: do more integrity verification for superblock
- xc2028: unlock on error in xc2028_set_config()
- ARM: OMAP2+: timer: add probe for clocksources
- clk: sunxi: Add apb0 gates for H3
- crypto: testmgr - fix out of bound read in __test_aead()
- drm/amdgpu: fix array out of bounds
- ext4: check if in-inode xattr is corrupted in ext4_expand_extra_isize_ea()
- md:raid1: fix a dead loop when read from a WriteMostly disk
- MIPS: Fix crash registers on non-crashing CPUs
- net: cavium: liquidio: Avoid dma_unmap_single on uninitialized ndata
- net_sched: close another race condition in tcf_mirred_release()
- RDS: Fix the atomicity for congestion map update
- regulator: core: Clear the supply pointer if enabling fails
- usb: gadget: f_midi: Fixed a bug when buflen was smaller than wMaxPacketSize
- xen/x86: don't lose event interrupts
- sparc64: kern_addr_valid regression
- sparc64: Fix kernel panic due to erroneous #ifdef surrounding pmd_write()
- net: neigh: guard against NULL solicit() method
- net: phy: handle state correctly in phy_stop_machine
- l2tp: purge socket queues in the .destruct() callback
- l2tp: take reference on sessions being dumped
- l2tp: fix PPP pseudo-wire auto-loading
- net: ipv4: fix multipath RTM_GETROUTE behavior when iif is given
- sctp: listen on the sock only when it's state is listening or closed
- tcp: clear saved_syn in tcp_disconnect()
- dp83640: don't recieve time stamps twice
- net: ipv6: RTF_PCPU should not be settable from userspace
- netpoll: Check for skb->queue_mapping
- ip6mr: fix notification device destruction
- macvlan: Fix device ref leak when purging bc_queue
- ipv6: check skb->protocol before lookup for nexthop
- ipv6: check raw payload size correctly in ioctl
- ALSA: firewire-lib: fix inappropriate assignment between signed/unsigned
type
- ALSA: seq: Don't break snd_use_lock_sync() loop by timeout
- MIPS: KGDB: Use kernel context for sleeping threads
- MIPS: Avoid BUG warning in arch_check_elf
- p9_client_readdir() fix
- Input: i8042 - add Clevo P650RS to the i8042 reset list
- nfsd: check for oversized NFSv2/v3 arguments
- ARCv2: save r30 on kernel entry as gcc uses it for code-gen
- ftrace/x86: Fix triple fault with graph tracing and suspend-to-ram
- Linux 4.4.66
* Xenial update to 4.4.65 stable release (LP: #1688483)
- tipc: make sure IPv6 header fits in skb headroom
- tipc: make dist queue pernet
- tipc: re-enable compensation for socket receive buffer double counting
- tipc: correct error in node fsm
- tty: nozomi: avoid a harmless gcc warning
- hostap: avoid uninitialized variable use in hfa384x_get_rid
- gfs2: avoid uninitialized variable warning
- tipc: fix random link resets while adding a second bearer
- tipc: fix socket timer deadlock
- xc2028: avoid use after free
- netfilter: nfnetlink: correctly validate length of batch messages
- tipc: check minimum bearer MTU
- vfio/pci: Fix integer overflows, bitmask check
- staging/android/ion : fix a race condition in the ion driver
- ping: implement proper locking
- perf/core: Fix concurrent sys_perf_event_open() vs. 'move_group' race
- Linux 4.4.65
* Xenial update to 4.4.64 stable release (LP: #1687638)
- KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings
- KEYS: Change the name of the dead type to ".dead" to prevent user access
- KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings
- tracing: Allocate the snapshot buffer before enabling probe
- ring-buffer: Have ring_buffer_iter_empty() return true when empty
- cifs: Do not send echoes before Negotiate is complete
- CIFS: remove bad_network_name flag
- s390/mm: fix CMMA vs KSM vs others
- VSOCK: Detach QP check should filter out non matching QPs.
- Input: elantech - add Fujitsu Lifebook E547 to force crc_enabled
- ACPI / power: Avoid maybe-uninitialized warning
- mmc: sdhci-esdhc-imx: increase the pad I/O drive strength for DDR50 card
- mac80211: reject ToDS broadcast data frames
- ubi/upd: Always flush after prepared for an update
- powerpc/kprobe: Fix oops when kprobed on 'stdu' instruction
- x86/mce/AMD: Give a name to MCA bank 3 when accessed with legacy MSRs
- kvm: arm/arm64: Fix locking for kvm_free_stage2_pgd
- x86, pmem: fix broken __copy_user_nocache cache-bypass assumptions
- block: fix del_gendisk() vs blkdev_ioctl crash
- tipc: fix crash during node removal
- Linux 4.4.64
* Xenial update to 4.4.63 stable release (LP: #1687629)
- cgroup, kthread: close race window where new kthreads can be migrated to
non-root cgroups
- thp: fix MADV_DONTNEED vs clear soft dirty race
- drm/nouveau/mpeg: mthd returns true on success now
- drm/nouveau/mmu/nv4a: use nv04 mmu rather than the nv44 one
- CIFS: store results of cifs_reopen_file to avoid infinite wait
- Input: xpad - add support for Razer Wildcat gamepad
- perf/x86: Avoid exposing wrong/stale data in intel_pmu_lbr_read_32()
- x86/vdso: Ensure vdso32_enabled gets set to valid values only
- x86/vdso: Plug race between mapping and ELF header setup
- acpi, nfit, libnvdimm: fix interleave set cookie calculation (64-bit
comparison)
- iscsi-target: Fix TMR reference leak during session shutdown
- iscsi-target: Drop work-around for legacy GlobalSAN initiator
- scsi: sr: Sanity check returned mode data
- scsi: sd: Consider max_xfer_blocks if opt_xfer_blocks is unusable
- scsi: sd: Fix capacity calculation with 32-bit sector_t
- xen, fbfront: fix connecting to backend
- libnvdimm: fix reconfig_mutex, mmap_sem, and jbd2_handle lockdep splat
- irqchip/irq-imx-gpcv2: Fix spinlock initialization
- ftrace: Fix removing of second function probe
- char: Drop bogus dependency of DEVPORT on !M68K
- char: lack of bool string made CONFIG_DEVPORT always on
- Revert "MIPS: Lantiq: Fix cascaded IRQ setup"
- kvm: fix page struct leak in handle_vmon
- zram: do not use copy_page with non-page aligned address
- powerpc: Disable HFSCR[TM] if TM is not supported
- crypto: ahash - Fix EINPROGRESS notification callback
- ath9k: fix NULL pointer dereference
- dvb-usb-v2: avoid use-after-free
- ext4: fix inode checksum calculation problem if i_extra_size is small
- platform/x86: acer-wmi: setup accelerometer when machine has appropriate
notify event
- rtc: tegra: Implement clock handling
- mm: Tighten x86 /dev/mem with zeroing reads
- dvb-usb: don't use stack for firmware load
- dvb-usb-firmware: don't do DMA on stack
- virtio-console: avoid DMA from stack
- pegasus: Use heap buffers for all register access
- rtl8150: Use heap buffers for all register access
- catc: Combine failure cleanup code in catc_probe()
- catc: Use heap buffer for memory size test
- tty/serial: atmel: RS485 half duplex w/DMA: enable RX after TX is done
- net: ipv6: check route protocol when deleting routes
- MIPS: fix Select HAVE_IRQ_EXIT_ON_IRQ_STACK patch.
- Linux 4.4.63
-- Thadeu Lima de Souza Cascardo <cascardo@xxxxxxxxxxxxx> Fri, 19 May
2017 11:52:40 -0300
** Changed in: linux-raspi2 (Ubuntu Xenial)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-0605
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1683505
Title:
enable CONFIG_CPU_SW_DOMAIN_PAN for raspi2/raspi3
Status in linux-raspi2 package in Ubuntu:
New
Status in linux-raspi2 source package in Xenial:
Fix Released
Status in linux-raspi2 source package in Yakkety:
New
Status in linux-raspi2 source package in Zesty:
New
Bug description:
Kees Cook is requesting the following be enabled for our Raspi2/3
enabled kernel:
config CPU_SW_DOMAIN_PAN
bool "Enable use of CPU domains to implement privileged no-access"
depends on MMU && !ARM_LPAE
default y
help
Increase kernel security by ensuring that normal kernel accesses
are unable to access userspace addresses. This can help prevent
use-after-free bugs becoming an exploitable privilege escalation
by ensuring that magic values (such as LIST_POISON) will always
fault when dereferenced.
CPUs with low-vector mappings use a best-efforts implementation.
Their lower 1MB needs to remain accessible for the vectors, but
the remainder of userspace will become appropriately inaccessible.
Similarly, Kees noted that all the configs from ubuntu's 4.8 new
defaults seem to be missing for raspi2/3. e.g.:
CONFIG_HARDENED_USERCOPY=y
CONFIG_SLAB_FREELIST_RANDOM=y
CONFIG_DEBUG_LIST=y
CONFIG_DEBUG_CREDENTIALS=y
Kees also noted that it may ust be armhf/arm64 issue with the
config.common.ubuntu being out of sync because fixing that solved his
missing configs.
I suspect what actually needs to happen is a full config review
comparison for our linux-raspi2 kernel.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-raspi2/+bug/1683505/+subscriptions
