← Back to team overview

group.of.nepali.translators team mailing list archive

[Bug 1892822] Re: Xenial update: 4.4.233 upstream stable release

 

This bug was fixed in the package linux - 4.4.0-190.220

---------------
linux (4.4.0-190.220) xenial; urgency=medium

  * xenial/linux: 4.4.0-190.220 -proposed tracker (LP: #1893431)

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

  *  [Hyper-V] VSS and File Copy daemons intermittently fails to start
    (LP: #1891224)
    - [Packaging] Bind hv_vss_daemon startup to hv_vss device
    - [Packaging] bind hv_fcopy_daemon startup to hv_fcopy device

  * CVE-2019-20811
    - net-sysfs: call dev_hold if kobject_init_and_add success

  * CVE-2020-0067
    - f2fs: fix to avoid memory leakage in f2fs_listxattr

  * CVE-2019-9453
    - f2fs: fix to avoid accessing xattr across the boundary

  * Xenial update: 4.4.233 upstream stable release (LP: #1892822)
    - media: rc: prevent memory leak in cx23888_ir_probe
    - ath9k_htc: release allocated buffer if timed out
    - ath9k: release allocated buffer if timed out
    - nfs: Move call to security_inode_listsecurity into nfs_listxattr
    - PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge
    - drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl()
    - drm: hold gem reference until object is no longer accessed
    - f2fs: check memory boundary by insane namelen
    - f2fs: check if file namelen exceeds max value
    - ARM: 8986/1: hw_breakpoint: Don't invoke overflow handler on uaccess
      watchpoints
    - fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.
    - rds: Prevent kernel-infoleak in rds_notify_queue_get()
    - net/x25: Fix x25_neigh refcnt leak when x25 disconnect
    - net/x25: Fix null-ptr-deref in x25_disconnect
    - sh: Fix validation of system call number
    - net: lan78xx: add missing endpoint sanity check
    - net: lan78xx: fix transfer-buffer memory leak
    - mlxsw: core: Increase scope of RCU read-side critical section
    - mac80211: mesh: Free ie data when leaving mesh
    - nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame
    - net: ethernet: ravb: exit if re-initialization fails in tx timeout
    - Revert "i2c: cadence: Fix the hold bit setting"
    - xen-netfront: fix potential deadlock in xennet_remove()
    - x86/i8259: Use printk_deferred() to prevent deadlock
    - random32: update the net random state on interrupt and activity
    - ARM: percpu.h: fix build error
    - random: fix circular include dependency on arm64 after addition of percpu.h
    - random32: remove net_rand_state from the latent entropy gcc plugin
    - random32: move the pseudo-random 32-bit definitions to prandom.h
    - ext4: fix direct I/O read error
    - USB: serial: qcserial: add EM7305 QDL product ID
    - ALSA: seq: oss: Serialize ioctls
    - Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
    - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt()
    - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt()
    - vgacon: Fix for missing check in scrollback handling
    - mtd: properly check all write ioctls for permissions
    - net/9p: validate fds in p9_fd_open
    - drm/nouveau/fbcon: fix module unload when fbcon init has failed for some
      reason
    - cfg80211: check vendor command doit pointer before use
    - igb: reinit_locked() should be called with rtnl_lock
    - atm: fix atm_dev refcnt leaks in atmtcp_remove_persistent
    - tools lib traceevent: Fix memory leak in process_dynamic_array_len
    - binder: Prevent context manager from incrementing ref 0
    - ipv4: Silence suspicious RCU usage warning
    - ipv6: fix memory leaks on IPV6_ADDRFORM path
    - Revert "vxlan: fix tos value before xmit"
    - net: lan78xx: replace bogus endpoint lookup
    - usb: hso: check for return value in hso_serial_common_create()
    - vxlan: Ensure FDB dump is performed under RCU
    - Smack: fix use-after-free in smk_write_relabel_self()
    - tracepoint: Mark __tracepoint_string's __used
    - udp: drop corrupt packets earlier to avoid data corruption
    - gpio: fix oops resulting from calling of_get_named_gpio(NULL, ...)
    - EDAC: Fix reference count leaks
    - m68k: mac: Don't send IOP message until channel is idle
    - m68k: mac: Fix IOP status/control register writes
    - ARM: at91: pm: add missing put_device() call in at91_pm_sram_init()
    - ARM: socfpga: PM: add missing put_device() call in
      socfpga_setup_ocram_self_refresh()
    - drm/tilcdc: fix leak & null ref in panel_connector_get_modes
    - Bluetooth: add a mutex lock to avoid UAF in do_enale_set
    - fs/btrfs: Add cond_resched() for try_release_extent_mapping() stalls
    - drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync
    - video: fbdev: neofb: fix memory leak in neo_scan_monitor()
    - drm/nouveau: fix multiple instances of reference count leaks
    - drm/debugfs: fix plain echo to connector "force" attribute
    - mm/mmap.c: Add cond_resched() for exit_mmap() CPU stalls
    - brcmfmac: To fix Bss Info flag definition Bug
    - iwlegacy: Check the return value of pcie_capability_read_*()
    - usb: gadget: net2280: fix memory leak on probe error handling paths
    - bdc: Fix bug causing crash after multiple disconnects
    - dyndbg: fix a BUG_ON in ddebug_describe_flags
    - bcache: fix super block seq numbers comparision in register_cache_set()
    - ACPICA: Do not increment operation_region reference counts for field units
    - agp/intel: Fix a memory leak on module initialisation failure
    - video: fbdev: sm712fb: fix an issue about iounmap for a wrong address
    - console: newport_con: fix an issue about leak related system resources
    - iio: improve IIO_CONCENTRATION channel type description
    - leds: lm355x: avoid enum conversion warning
    - media: omap3isp: Add missed v4l2_ctrl_handler_free() for
      preview_init_entities()
    - scsi: cumana_2: Fix different dev_id between request_irq() and free_irq()
    - drm/radeon: fix array out-of-bounds read and write issues
    - scsi: powertec: Fix different dev_id between request_irq() and free_irq()
    - scsi: eesox: Fix different dev_id between request_irq() and free_irq()
    - media: firewire: Using uninitialized values in node_probe()
    - media: exynos4-is: Add missed check for pinctrl_lookup_state()
    - drm: panel: simple: Fix bpc for LG LB070WV8 panel
    - mwifiex: Prevent memory corruption handling keys
    - powerpc/vdso: Fix vdso cpu truncation
    - PCI/ASPM: Add missing newline in sysfs 'policy'
    - usb: dwc2: Fix error path in gadget registration
    - scsi: mesh: Fix panic after host or bus reset
    - Smack: fix another vsscanf out of bounds
    - Smack: prevent underflow in smk_set_cipso()
    - power: supply: check if calc_soc succeeded in pm860x_init_battery
    - s390/qeth: don't process empty bridge port events
    - wl1251: fix always return 0 error
    - net: spider_net: Fix the size used in a 'dma_free_coherent()' call
    - dlm: Fix kobject memleak
    - pinctrl-single: fix pcs_parse_pinconf() return value
    - drivers/net/wan/lapbether: Added needed_headroom and a skb->len check
    - net/nfc/rawsock.c: add CAP_NET_RAW check.
    - net: Set fput_needed iff FDPUT_FPUT is set
    - ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support
    - ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109
    - ALSA: usb-audio: add quirk for Pioneer DDJ-RB
    - crypto: qat - fix double free in qat_uclo_create_batch_init_list
    - fs/minix: check return value of sb_getblk()
    - fs/minix: don't allow getting deleted inodes
    - fs/minix: reject too-large maximum file size
    - ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109
    - 9p: Fix memory leak in v9fs_mount
    - parisc: mask out enable and reserved bits from sba imask
    - ARM: 8992/1: Fix unwind_frame for clang-built kernels
    - xen/balloon: fix accounting in alloc_xenballooned_pages error path
    - xen/balloon: make the balloon wait interruptible
    - PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context()
    - btrfs: only search for left_info if there is no right_info in
      try_merge_free_space
    - btrfs: fix memory leaks after failure to lookup checksums during inode
      logging
    - powerpc: Fix circular dependency between percpu.h and mmu.h
    - net: ethernet: stmmac: Disable hardware multicast filter
    - net: stmmac: dwmac1000: provide multicast filter fallback
    - md/raid5: Fix Force reconstruct-write io stuck in degraded raid5
    - bcache: allocate meta data pages as compound pages
    - mac80211: fix misplaced while instead of if
    - MIPS: CPU#0 is not hotpluggable
    - ext2: fix missing percpu_counter_inc
    - ocfs2: change slot number type s16 to u16
    - kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler
    - pseries: Fix 64 bit logical memory block panic
    - USB: serial: ftdi_sio: make process-packet buffer unsigned
    - USB: serial: ftdi_sio: clean up receive processing
    - iommu/omap: Check for failure of a call to omap_iommu_dump_ctx
    - iommu/vt-d: Enforce PASID devTLB field mask
    - i2c: rcar: slave: only send STOP event when we have been addressed
    - clk: clk-atlas6: fix return value check in atlas6_clk_init()
    - Input: sentelic - fix error return when fsp_reg_write fails
    - drm/vmwgfx: Fix two list_for_each loop exit tests
    - nfs: Fix getxattr kernel panic and memory overflow
    - fs/ufs: avoid potential u32 multiplication overflow
    - mfd: dln2: Run event handler loop under spinlock
    - ALSA: echoaudio: Fix potential Oops in snd_echo_resume()
    - sh: landisk: Add missing initialization of sh_io_port_base
    - ipv6: check skb->protocol before lookup for nexthop
    - Linux 4.4.233

 -- Stefan Bader <stefan.bader@xxxxxxxxxxxxx>  Sat, 29 Aug 2020 00:39:55
+0200

** Changed in: linux (Ubuntu Xenial)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-20811

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-9453

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-0067

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1892822

Title:
  Xenial update: 4.4.233 upstream stable release

Status in linux package in Ubuntu:
  Confirmed
Status in linux source package in Xenial:
  Fix Released

Bug description:
  SRU Justification

      Impact:
         The upstream process for stable tree updates is quite similar
         in scope to the Ubuntu SRU process, e.g., each patch has to
         demonstrably fix a bug, and each patch is vetted by upstream
         by originating either directly from a mainline/stable Linux tree or
         a minimally backported form of that patch. The following upstream
         stable patches should be included in the Ubuntu kernel:

         4.4.233 upstream stable release
         from git://git.kernel.org/

  
  * xfs: don't call xfs_da_shrink_inode with NULL bp
  * net: phy: mdio-bcm-unimac: fix potential NULL dereference in unimac_mdio_probe()
  * media: rc: prevent memory leak in cx23888_ir_probe
  * ath9k_htc: release allocated buffer if timed out
  * ath9k: release allocated buffer if timed out
  * nfs: Move call to security_inode_listsecurity into nfs_listxattr
  * PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge
  * drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl()
  * drm: hold gem reference until object is no longer accessed
  * f2fs: check memory boundary by insane namelen
  * f2fs: check if file namelen exceeds max value
  * ARM: 8986/1: hw_breakpoint: Don't invoke overflow handler on uaccess watchpoints
  * fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.
  * rds: Prevent kernel-infoleak in rds_notify_queue_get()
  * net/x25: Fix x25_neigh refcnt leak when x25 disconnect
  * net/x25: Fix null-ptr-deref in x25_disconnect
  * sh: Fix validation of system call number
  * net: lan78xx: add missing endpoint sanity check
  * net: lan78xx: fix transfer-buffer memory leak
  * mlxsw: core: Increase scope of RCU read-side critical section
  * mac80211: mesh: Free ie data when leaving mesh
  * nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame
  * net: ethernet: ravb: exit if re-initialization fails in tx timeout
  * Revert "i2c: cadence: Fix the hold bit setting"
  * xen-netfront: fix potential deadlock in xennet_remove()
  * x86/i8259: Use printk_deferred() to prevent deadlock
  * random32: update the net random state on interrupt and activity
  * ARM: percpu.h: fix build error
  * random: fix circular include dependency on arm64 after addition of percpu.h
  * random32: remove net_rand_state from the latent entropy gcc plugin
  * random32: move the pseudo-random 32-bit definitions to prandom.h
  * ext4: fix direct I/O read error
  * USB: serial: qcserial: add EM7305 QDL product ID
  * ALSA: seq: oss: Serialize ioctls
  * Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
  * Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt()
  * Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt()
  * vgacon: Fix for missing check in scrollback handling
  * mtd: properly check all write ioctls for permissions
  * net/9p: validate fds in p9_fd_open
  * drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason
  * cfg80211: check vendor command doit pointer before use
  * igb: reinit_locked() should be called with rtnl_lock
  * atm: fix atm_dev refcnt leaks in atmtcp_remove_persistent
  * tools lib traceevent: Fix memory leak in process_dynamic_array_len
  * binder: Prevent context manager from incrementing ref 0
  * ipv4: Silence suspicious RCU usage warning
  * ipv6: fix memory leaks on IPV6_ADDRFORM path
  * Revert "vxlan: fix tos value before xmit"
  * net: lan78xx: replace bogus endpoint lookup
  * usb: hso: check for return value in hso_serial_common_create()
  * vxlan: Ensure FDB dump is performed under RCU
  * Smack: fix use-after-free in smk_write_relabel_self()
  * tracepoint: Mark __tracepoint_string's __used
  * udp: drop corrupt packets earlier to avoid data corruption
  * gpio: fix oops resulting from calling of_get_named_gpio(NULL, ...)
  * EDAC: Fix reference count leaks
  * m68k: mac: Don't send IOP message until channel is idle
  * m68k: mac: Fix IOP status/control register writes
  * ARM: at91: pm: add missing put_device() call in at91_pm_sram_init()
  * ARM: socfpga: PM: add missing put_device() call in socfpga_setup_ocram_self_refresh()
  * drm/tilcdc: fix leak & null ref in panel_connector_get_modes
  * Bluetooth: add a mutex lock to avoid UAF in do_enale_set
  * fs/btrfs: Add cond_resched() for try_release_extent_mapping() stalls
  * drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync
  * video: fbdev: neofb: fix memory leak in neo_scan_monitor()
  * drm/nouveau: fix multiple instances of reference count leaks
  * drm/debugfs: fix plain echo to connector "force" attribute
  * mm/mmap.c: Add cond_resched() for exit_mmap() CPU stalls
  * brcmfmac: To fix Bss Info flag definition Bug
  * iwlegacy: Check the return value of pcie_capability_read_*()
  * usb: gadget: net2280: fix memory leak on probe error handling paths
  * bdc: Fix bug causing crash after multiple disconnects
  * dyndbg: fix a BUG_ON in ddebug_describe_flags
  * bcache: fix super block seq numbers comparision in register_cache_set()
  * ACPICA: Do not increment operation_region reference counts for field units
  * agp/intel: Fix a memory leak on module initialisation failure
  * video: fbdev: sm712fb: fix an issue about iounmap for a wrong address
  * console: newport_con: fix an issue about leak related system resources
  * iio: improve IIO_CONCENTRATION channel type description
  * leds: lm355x: avoid enum conversion warning
  * media: omap3isp: Add missed v4l2_ctrl_handler_free() for preview_init_entities()
  * scsi: cumana_2: Fix different dev_id between request_irq() and free_irq()
  * cxl: Fix kobject memleak
  * drm/radeon: fix array out-of-bounds read and write issues
  * scsi: powertec: Fix different dev_id between request_irq() and free_irq()
  * scsi: eesox: Fix different dev_id between request_irq() and free_irq()
  * media: firewire: Using uninitialized values in node_probe()
  * media: exynos4-is: Add missed check for pinctrl_lookup_state()
  * drm: panel: simple: Fix bpc for LG LB070WV8 panel
  * mwifiex: Prevent memory corruption handling keys
  * powerpc/vdso: Fix vdso cpu truncation
  * PCI/ASPM: Add missing newline in sysfs 'policy'
  * usb: dwc2: Fix error path in gadget registration
  * scsi: mesh: Fix panic after host or bus reset
  * Smack: fix another vsscanf out of bounds
  * Smack: prevent underflow in smk_set_cipso()
  * power: supply: check if calc_soc succeeded in pm860x_init_battery
  * s390/qeth: don't process empty bridge port events
  * wl1251: fix always return 0 error
  * net: spider_net: Fix the size used in a 'dma_free_coherent()' call
  * dlm: Fix kobject memleak
  * pinctrl-single: fix pcs_parse_pinconf() return value
  * drivers/net/wan/lapbether: Added needed_headroom and a skb->len check
  * net/nfc/rawsock.c: add CAP_NET_RAW check.
  * net: Set fput_needed iff FDPUT_FPUT is set
  * ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support
  * ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109
  * ALSA: usb-audio: add quirk for Pioneer DDJ-RB
  * crypto: qat - fix double free in qat_uclo_create_batch_init_list
  * fs/minix: check return value of sb_getblk()
  * fs/minix: don't allow getting deleted inodes
  * fs/minix: reject too-large maximum file size
  * ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109
  * 9p: Fix memory leak in v9fs_mount
  * parisc: mask out enable and reserved bits from sba imask
  * ARM: 8992/1: Fix unwind_frame for clang-built kernels
  * xen/balloon: fix accounting in alloc_xenballooned_pages error path
  * xen/balloon: make the balloon wait interruptible
  * PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context()
  * btrfs: only search for left_info if there is no right_info in try_merge_free_space
  * btrfs: fix memory leaks after failure to lookup checksums during inode logging
  * powerpc: Fix circular dependency between percpu.h and mmu.h
  * net: ethernet: stmmac: Disable hardware multicast filter
  * net: stmmac: dwmac1000: provide multicast filter fallback
  * md/raid5: Fix Force reconstruct-write io stuck in degraded raid5
  * bcache: allocate meta data pages as compound pages
  * mac80211: fix misplaced while instead of if
  * MIPS: CPU#0 is not hotpluggable
  * ext2: fix missing percpu_counter_inc
  * ocfs2: change slot number type s16 to u16
  * kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler
  * pseries: Fix 64 bit logical memory block panic
  * USB: serial: ftdi_sio: make process-packet buffer unsigned
  * USB: serial: ftdi_sio: clean up receive processing
  * iommu/omap: Check for failure of a call to omap_iommu_dump_ctx
  * iommu/vt-d: Enforce PASID devTLB field mask
  * i2c: rcar: slave: only send STOP event when we have been addressed
  * clk: clk-atlas6: fix return value check in atlas6_clk_init()
  * Input: sentelic - fix error return when fsp_reg_write fails
  * drm/vmwgfx: Fix two list_for_each loop exit tests
  * nfs: Fix getxattr kernel panic and memory overflow
  * fs/ufs: avoid potential u32 multiplication overflow
  * mfd: dln2: Run event handler loop under spinlock
  * ALSA: echoaudio: Fix potential Oops in snd_echo_resume()
  * sh: landisk: Add missing initialization of sh_io_port_base
  * ipv6: check skb->protocol before lookup for nexthop
  * Linux 4.4.233

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1892822/+subscriptions


References