[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Stretch openstack images updated to version 9.4.4-201805-7

Just released.


Updates in 2 source package(s), 4 binary package(s):

  Source linux, binaries: linux-image-4.9.0-6-amd64:amd64 linux-image-4.9.0-6-arm64:arm64  
  linux (4.9.88-1) stretch-security; urgency=high
    * New upstream stable update:
      - ext4: fix a race in the ext4 shutdown path
      - ext4: save error to disk in __ext4_grp_locked_error()
      - console/dummy: leave .con_font_get set to NULL
      - rtlwifi: rtl8821ae: Fix connection lost problem correctly
      - target/iscsi: avoid NULL dereference in CHAP auth error path
      - Btrfs: fix deadlock in run_delalloc_nocow
      - Btrfs: fix crash due to not cleaning up tree log block's dirty bits
      - Btrfs: fix extent state leak from tree log
      - Btrfs: fix unexpected -EEXIST when creating new inode
      - ALSA: seq: Fix racy pool initializations (CVE-2018-7566)
      - ocfs2: try a blocking lock before return AOP_TRUNCATED_PAGE
      - [s390] s390: fix handling of -1 in set{,fs}[gu]id16 syscalls
      - [x86] x86/entry/64/compat: Clear registers for compat syscalls, to
        reduce speculation attack surface (hardening for Spectre)
      - [x86] x86/speculation: Update Speculation Control microcode blacklist
      - [x86] x86/speculation: Correct Speculation Control microcode blacklist
      - [x86] KVM/x86: Reduce retpoline performance impact in
        slot_handle_level_range(), by always inlining iterator helper methods
      - [x86] X86/nVMX: Properly set spec_ctrl and pred_cmd before merging MSRs
      - vfs: don't do RCU lookup of empty pathnames
      - media: r820t: fix r820t_write_reg for KASAN
      - cfg80211: check dev_set_name() return value
      - xfrm: skip policies marked as dead while rehashing
      - mm,vmscan: Make unregister_shrinker() no-op if register_shrinker()
      - xfrm: Fix stack-out-of-bounds read on socket policy lookup.
      - xfrm: check id proto in validate_tmpl()
      - sctp: set frag_point in sctp_setsockopt_maxseg correctly
      - drm: Require __GFP_NOFAIL for the legacy drm_modeset_lock_all
      - selinux: ensure the context is NUL terminated in
      - [x86] KVM: x86: fix escape of guest dr6 to the host
      - netfilter: x_tables: fix int overflow in xt_alloc_table_info()
      - netfilter: x_tables: avoid out-of-bounds reads in
      - netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in
      - netfilter: on sockopt() acquire sock lock only in the required scope
      - netfilter: xt_cgroup: initialize info->priv in cgroup_mt_check_v1()
      - netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert
      - crypto: hash - prevent using keyed hashes without setting key
      - [arm*] ARM: dts: Fix omap4 hang with GPS connected to USB by using
      - sctp: only update outstanding_bytes for transmitted queue when doing
      - net_sched: red: Avoid devision by zero
      - net_sched: red: Avoid illegal values
      - btrfs: Fix possible off-by-one in btrfs_search_path_in_tree
      - 509: fix printing uninitialized stack memory when OID is empty
      - dmaengine: at_hdmac: fix potential NULL pointer dereference in
      - clk: fix a panic error caused by accessing NULL pointer
      - xfrm: Fix stack-out-of-bounds with misconfigured transport mode
      - drm/armada: fix leak of crtc structure
      - [x86] mm/early_ioremap: Fix boot hang with earlyprintk=efi,keep
      - [x86] x86/mm/kmmio: Fix mmiotrace for page unaligned addresses
      - hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close
      - [powerpc*] powerpc/64s: Fix conversion of slb_miss_common to use
      - [powerpc*] powerpc/64s: Simple RFI macro conversions
      - [powerpc*] powerpc/64s: Improve RFI L1-D cache flush fallback
      - crypto: talitos - fix Kernel Oops on hashing an empty file
      - ALSA: hda/ca0132 - fix possible NULL pointer use
      - [x86] KVM: async_pf: Fix #DF due to inject "Page not Present" and "Page
        Ready" exceptions simultaneously
      - crypto: s5p-sss - Fix kernel Oops in AES-ECB mode
      - netfilter: drop outermost socket lock in getsockopt()
      - X.509: fix BUG_ON() when hash algorithm is unsupported
      - PKCS#7: fix certificate chain verification
      - RDMA/uverbs: Protect from command mask overflow
      - iio: buffer: check if a buffer has been set up when poll is called
      - iio: adis_lib: Initialize trigger before requesting interrupt
      - irqchip/gic-v3: Use wmb() instead of smb_wmb() in gic_raise_softirq()
      - ohci-hcd: Fix race condition caused by ohci_urb_enqueue() and
      - usb: ohci: Proper handling of ed_rm_list to handle race condition
        between usb_kill_urb() and finish_unlinks()
      - ]arm64] arm64: Disable unhandled signal log messages by default
      - Revert "usb: musb: host: don't start next rx urb if current one failed"
      - X.509: fix NULL dereference when restricting key with unsupported_sig
      - mm: avoid spurious 'bad pmd' warning messages
      - [x86] x86/entry/64: Clear extra registers beyond syscall arguments, to
        reduce speculation attack surface
      - i2c: designware: must wait for enable
      - f2fs: fix a bug caused by NULL extent tree (CVE-2017-18193)
      - mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM
      - mtd: nand: brcmnand: Zero bitflip is not an error
      - [arm*] ARM: 8731/1: Fix csum_partial_copy_from_user() stack mismatch
      - sget(): handle failures of register_shrinker()
      - drm/nouveau/pci: do a msi rearm on init
      - mac80211_hwsim: Fix a possible sleep-in-atomic bug in hwsim_get_radio_nl
      - tipc: error path leak fixes in tipc_enable_bearer()
      - tipc: fix tipc_mon_delete() oops in tipc_enable_bearer() error path
      - tg3: Add workaround to restrict 5762 MRRS to 2048
      - tg3: Enable PHY reset in MTU change path for 5720
      - bnx2x: Improve reliability in case of nested PCI errors
      - IB/mlx5: Fix mlx5_ib_alloc_mr error flow
      - genirq: Guard handle_bad_irq log messages
      - IB/mlx4: Fix mlx4_ib_alloc_mr error flow
      - IB/ipoib: Fix race condition in neigh creation
      - xfs: quota: fix missed destroy of qi_tree_lock
      - xfs: quota: check result of register_shrinker()
      - macvlan: Fix one possible double free
      - e1000: fix disabling already-disabled warning
      - drm/ttm: check the return value of kzalloc
      - nl80211: Check for the required netlink attribute presence
      - bnxt_en: Fix the 'Invalid VF' id check in bnxt_vf_ndo_prep routine.
      - xen-netfront: enable device after manual module load
      - mdio-sun4i: Fix a memory leak
      - xen/gntdev: Fix off-by-one error when unmapping with holes
      - xen/gntdev: Fix partial gntdev_mmap() cleanup
      - sctp: make use of pre-calculated len
      - net: gianfar_ptp: move set_fipers() to spinlock protecting area
      - [x86] tpm: st33zp24: fix potential buffer overruns caused by bit
        glitches on the bus
      - [x86] tpm_i2c_infineon: fix potential buffer overruns caused by bit
        glitches on the bus
      - [x86] tpm_i2c_nuvoton: fix potential buffer overruns caused by bit
        glitches on the bus
      - [x86] tpm_tis: fix potential buffer overruns caused by bit glitches on
        the bus
      - [x86] tpm: constify transmit data pointers
      - [x86] tpm-dev-common: Reject too short writes
      - ALSA: usb-audio: Add a quirck for B&W PX headphones
      - ALSA: hda: Add a power_save blacklist
      - ALSA: hda - Fix pincfg at resume on Lenovo T470 dock
      - timers: Forward timer base before migrating timers
      - [hppa] parisc: Fix ordering of cache and TLB flushes
      - dax: fix vma_is_fsdax() helper
      - [x86] xen: Zero MSR_IA32_SPEC_CTRL before suspend
      - [x86] platform/intel-mid: Handle Intel Edison reboot correctly
      - media: m88ds3103: don't call a non-initalized function
      - nospec: Allow index argument to have const-qualified type
      - [armel,armhf] mvebu: Fix broken PL310_ERRATA_753970 selects
      - KVM: mmu: Fix overlap between public and private memslots
      - [x86] KVM: Remove indirect MSR op calls from SPEC_CTRL
      - [x86] KVM/VMX: Optimize vmx_vcpu_run() and svm_vcpu_run() by marking the
        RDMSR path as unlikely()
      - PCI/ASPM: Deal with missing root ports in link state handling
      - dm io: fix duplicate bio completion due to missing ref count
      - [armhf] dts: LogicPD SOM-LV: Fix I2C1 pinmux
      - [armhf] dts: LogicPD Torpedo: Fix I2C1 pinmux
      - [x86] mm: Give each mm TLB flush generation a unique ID
      - [x86] speculation: Use Indirect Branch Prediction Barrier in context
      - md: only allow remove_and_add_spares when no sync_thread running.
      - netlink: put module reference if dump start fails
      - [x86] apic/vector: Handle legacy irq data correctly
      - bridge: check brport attr show in brport_show
      - fib_semantics: Don't match route with mismatching tclassid
      - hdlc_ppp: carrier detect ok, don't turn off negotiation
      - ipv6 sit: work around bogus gcc-8 -Wrestrict warning
      - net: fix race on decreasing number of TX queues
      - net: ipv4: don't allow setting net.ipv4.route.min_pmtu below 68
      - netlink: ensure to loop over all netns in genlmsg_multicast_allns()
      - ppp: prevent unregistered channels from connecting to PPP units
      - udplite: fix partial checksum initialization
      - sctp: fix dst refcnt leak in sctp_v4_get_dst
      - net: phy: fix phy_start to consider PHY_IGNORE_INTERRUPT
      - tcp: Honor the eor bit in tcp_mtu_probe
      - rxrpc: Fix send in rxrpc_send_data_packet()
      - tcp_bbr: better deal with suboptimal GSO
      - sctp: fix dst refcnt leak in sctp_v6_get_dst()
      - [s390x] qeth: fix underestimated count of buffer elements
      - [s390x] qeth: fix SETIP command handling
      - [s390x] qeth: fix overestimated count of buffer elements
      - [s390x] qeth: fix IP removal on offline cards
      - [s390x] qeth: fix double-free on IP add/remove race
      - [s390x] qeth: fix IP address lookup for L3 devices
      - [s390x] qeth: fix IPA command submission race
      - sctp: verify size of a new chunk in _sctp_make_chunk() (CVE-2018-5803)
      - net: mpls: Pull common label check into helper
      - mpls, nospec: Sanitize array index in mpls_label_ok()
      - bpf: fix wrong exposure of map_flags into fdinfo for lpm
      - bpf: fix mlock precharge on arraymaps
      - bpf, x64: implement retpoline for tail call
      - bpf, arm64: fix out of bounds access in tail call
      - btrfs: preserve i_mode if __btrfs_set_acl() fails
      - RDMA/ucma: Limit possible option size
      - RDMA/ucma: Check that user doesn't overflow QP state
      - RDMA/mlx5: Fix integer overflow while resizing CQ
      - [x86] drm/i915: Try EDID bitbanging on HDMI after failed read
      - scsi: qla2xxx: Fix NULL pointer crash due to active timer for ABTS
      - [x86] drm/i915: Always call to intel_display_set_init_power() in
      - workqueue: Allow retrieval of current task's work struct
      - drm: Allow determining if current task is output poll worker
      - drm/nouveau: Fix deadlock on runtime suspend
      - drm/radeon: Fix deadlock on runtime suspend
      - drm/amdgpu: Fix deadlock on runtime suspend
      - drm/amdgpu: Notify sbios device ready before send request
      - drm/radeon: fix KV harvesting
      - drm/amdgpu: fix KV harvesting
      - drm/amdgpu:Correct max uvd handles
      - drm/amdgpu:Always save uvd vcpu_bo in VM Mode
      - [mips*/octeon] irq: Check for null return on kzalloc allocation
      - loop: Fix lost writes caused by missing flag
      - virtio_ring: fix num_free handling in error case
      - [s390x] KVM: fix memory overwrites when not using SCA entries
      - kbuild: Handle builtin dtb file names containing hyphens
      - IB/mlx5: Fix incorrect size of klms in the memory region
      - bcache: fix crashes in duplicate cache device register
      - bcache: don't attach backing with duplicate UUID
      - [x86] MCE: Serialize sysfs changes (CVE-2018-7995)
      - perf tools: Fix trigger class trigger_on()
      - [x86] spectre_v2: Don't check microcode versions when running under
      - ALSA: hda/realtek: Limit mic boost on T480
      - ALSA: hda/realtek - Fix dock line-out volume on Dell Precision 7520
      - ALSA: hda/realtek - Make dock sound work on ThinkPad L570
      - ALSA: seq: Don't allow resizing pool in use
      - ALSA: seq: More protection for concurrent write and ioctl races
      - ALSA: hda: add dock and led support for HP EliteBook 820 G3
      - ALSA: hda: add dock and led support for HP ProBook 640 G2
      - nospec: Kill array_index_nospec_mask_check()
      - nospec: Include <asm/barrier.h> dependency
      - Revert "x86/retpoline: Simplify vmexit_fill_RSB()"
      - [x86] speculation: Use IBRS if available before calling into firmware
      - [x86] retpoline: Support retpoline builds with Clang
      - [x86] speculation, objtool: Annotate indirect calls/jumps for objtool
      - [x86] boot, objtool: Annotate indirect jump in secondary_startup_64()
      - [x86] speculation: Move firmware_restrict_branch_speculation_*() from C
        to CPP
      - [x86] paravirt, objtool: Annotate indirect calls
      - watchdog: hpwdt: SMBIOS check
      - watchdog: hpwdt: Check source of NMI
      - watchdog: hpwdt: fix unused variable warning
      - watchdog: hpwdt: Remove legacy NMI sourcing.
      - [armhf] omap2: hide omap3_save_secure_ram on non-OMAP3 builds
      - Input: tca8418_keypad - remove double read of key event register
      - tc358743: fix register i2c_rd/wr function fix
      - netfilter: add back stackpointer size checks (CVE-2018-1065)
      - netfilter: x_tables: fix missing timer initialization in xt_LED
      - netfilter: nat: cope with negative port range
      - netfilter: IDLETIMER: be syzkaller friendly
      - netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets
      - netfilter: bridge: ebt_among: add missing match size checks
      - netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt
      - netfilter: x_tables: pass xt_counters struct instead of packet counter
      - netfilter: x_tables: pass xt_counters struct to counter allocator
      - netfilter: x_tables: pack percpu counter allocations
      - ext4: inplace xattr block update fails to deduplicate blocks
      - ubi: Fix race condition between ubi volume creation and udev
      - scsi: qla2xxx: Replace fcport alloc with qla2x00_alloc_fcport
      - NFS: Fix an incorrect type in struct nfs_direct_req
      - NFS: Fix unstable write completion
      - [x86] module: Detect and skip invalid relocations
      - [x86] Treat R_X86_64_PLT32 as R_X86_64_PC32
      - serial: sh-sci: prevent lockup on full TTY buffers
      - tty/serial: atmel: add new version check for usart
      - uas: fix comparison for error code
      - [x86] staging: comedi: fix comedi_nsamples_left.
      - USB: storage: Add JMicron bridge 152d:2567 to unusual_devs.h
      - usbip: vudc: fix null pointer dereference on udc->lock
      - usb: quirks: add control message delay for 1b1c:1b20
      - usb: usbmon: Read text within supplied buffer size
      - usb: gadget: f_fs: Fix use-after-free in ffs_fs_kill_sb()
      - serial: 8250_pci: Add Brainboxes UC-260 4 port serial device
      - serial: core: mark port as initialized in autoconfig
      - earlycon: add reg-offset to physical address before mapping
      - PCI: dwc: Fix enumeration end when reaching root subordinate
    [Yves-Alexis Perez]
    * [powerpc*] drop RFI patches, now included upstream
    [ Salvatore Bonaccorso ]
    * [rt] Refresh 0001-timer-make-the-base-lock-raw.patch context
    * [rt] Update to 4.9.84-rt62
    * blkcg: fix double free of new_blkg in blkcg_init_queue (CVE-2018-7480)
    * CIFS: Enable encryption during session setup phase (CVE-2018-1066)
    * staging: ncpfs: memory corruption in ncp_read_kernel() (CVE-2018-8822)
    * [arm64] net: hns: Fix a skb used after free bug (CVE-2017-18218)
    * media: usbtv: prevent double free in error case (CVE-2017-17975)
    * [arm64] net: hns: fix ethtool_get_strings overflow in hns driver
    * [arm64] net: hns: Fix ethtool private flags (CVE-2017-18222)
    * scsi: libsas: fix memory leak in sas_smp_get_phy_events() (CVE-2018-7757)
    * ext4: add validity checks for bitmap block numbers (CVE-2018-1093)
    * ext4: fix bitmap position validation
    * ext4: fail ext4_iget for root directory if unallocated (CVE-2018-1092)
    * random: fix crng_ready() test (CVE-2018-1108)
    * random: set up the NUMA crng instances after the CRNG is fully initialized
    * random: crng_reseed() should lock the crng instance that it is modifying
    * random: fix possible sleeping allocation from irq context
    * perf/hwbp: Simplify the perf-hwbp code, fix documentation
    [ Ben Hutchings ]
    * [x86] Revert "x86/cpu: Rename cpu_data.x86_mask to cpu_data.x86_stepping"
      to avoid an ABI change
    * [x86] mm: Avoid ABI change for addition of ctx_id
    * [x86] cpu: Avoid ABI change in 4.9.83
    * crypto: hash: Avoid ABI change in 4.9.84
    * fs: Avoid ABI change in 4.9.85
    * [x86] nospec: Ignore ABI change for removal of __clear_rsb and __fill_rsb,
      previously exported for use by KVM
    * [x86] Ignore ABI change for cpu_tlbstate, apparently not used externally
    * jbd2: Ignore ABI changes
    * tpm_tis: Ignore ABI changes
    * ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent
    * ocfs2: ip_alloc_sem should be taken in ocfs2_get_block() (CVE-2017-18224)
    * f2fs: fix a panic caused by NULL flush_cmd_control (CVE-2017-18241)
    * f2fs: fix a dead loop in f2fs_fiemap() (CVE-2017-18257)
    * mm/hugetlb.c: don't call region_abort if region_chg fails
    * hugetlbfs: fix offset overflow in hugetlbfs mmap
    * hugetlbfs: check for pgoff value overflow (CVE-2018-7740)
    * mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl()
    * drm: udl: Properly check framebuffer mmap offsets (CVE-2018-8781)
    * xfs: set format back to extents if xfs_bmap_extents_to_btree
    * debian/lib/python/debian_linux/gencontrol.py: Allow uploads to *-security
      with a simple revision

  Source tzdata, binaries: tzdata:amd64 tzdata:arm64  
  tzdata (2018e-0+deb9u1) stretch; urgency=medium
    [ Aurelien Jarno ]
    * New upstream version, affecting the following future timestamp:
      - North Korea switches back to +09 on 2018-05-05.


Steve McIntyre, Cambridge, UK.                                steve@einval.com
"I've only once written 'SQL is my bitch' in a comment. But that code 
 is in use on a military site..." -- Simon Booth

Attachment: signature.asc
Description: PGP signature

Reply to: