Changelog
linux (4.9.110-1) stretch; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.108
- tpm: do not suspend/resume if power stays on
- tpm: self test failure should not cause suspend to fail
- mmap: introduce sane default mmap limits
- mmap: relax file size limit for regular files
- btrfs: define SUPER_FLAG_METADUMP_V2
- drm: set FMODE_UNSIGNED_OFFSET for drm files
- bnx2x: use the right constant
- dccp: don't free ccid2_hc_tx_sock struct in dccp_disconnect()
- enic: set DMA mask to 47 bit
- ip6mr: only set ip6mr_table from setsockopt when ip6mr_new_table succeeds
- ipv4: remove warning in ip_recv_error
- isdn: eicon: fix a missing-check bug
- net/packet: refine check for priv area size
- net: usb: cdc_mbim: add flag FLAG_SEND_ZLP
- packet: fix reserve calculation
- qed: Fix mask for physical address in ILT entry
- sctp: not allow transport timeout value less than HZ/5 for hb_timer
- team: use netdev_features_t instead of u32
- vhost: synchronize IOTLB message with dev cleanup
- vrf: check the original netdevice for generating redirect
- net/mlx4: Fix irq-unsafe spinlock usage
- rtnetlink: validate attributes in do_setlink()
- net: phy: broadcom: Fix bcm_write_exp()
- net: metrics: add proper netlink validation
- dm bufio: avoid false-positive Wmaybe-uninitialized warning
- objtool: complete e390f9a port for v4.9.106
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.109
- [x86] fpu: Hard-disable lazy FPU mode
- bonding: correctly update link status during mii-commit phase
- bonding: fix active-backup transition
- bonding: require speed/duplex only for 802.3ad, alb and tlb
- nvme-pci: initialize queue memory before interrupts
- af_key: Always verify length of provided sadb_key
- [x86] crypto, x86/fpu: Remove X86_FEATURE_EAGER_FPU #ifdef from the
crc32c code
- nvmet: Move serial number from controller to subsystem
- nvmet: don't report 0-bytes in serial number
- nvmet: don't overwrite identify sn/fr with 0-bytes
- gpio: No NULL owner
- [x86] KVM: introduce linear_{read,write}_system
- [x86] KVM: pass kvm_vcpu to kvm_read_guest_virt and
kvm_write_guest_virt_system
- usbip: vhci_sysfs: fix potential Spectre v1 (CVE-2017-5753)
- [armhf] serial: samsung: fix maxburst parameter for DMA transactions
- [armhf] serial: 8250: omap: Fix idling of clocks for unused uarts
- [x86] vmw_balloon: fixing double free when batching mode is off
- [armhf,arm64] tty: pl011: Avoid spuriously stuck-off interrupts
- [x86] kvm: use correct privilege level for sgdt/sidt/fxsave/fxrstor
access (CVE-2018-10853)
- [powerpc*] crypto: vmx - Remove overly verbose printk from AES init
routines
- [armhf] crypto: omap-sham - fix memleak
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.110
- xfrm6: avoid potential infinite loop in _decode_session6()
- netfilter: ebtables: handle string from userspace with care
- ipvs: fix buffer overflow with sync daemon and service
- iwlwifi: pcie: compare with number of IRQs requested for, not number of
CPUs
- atm: zatm: fix memcmp casting
- [x86] platform: asus-wmi: Fix NULL pointer dereference
- Revert "Btrfs: fix scrub to repair raid6 corruption"
- tcp: do not overshoot window_clamp in tcp_rcv_space_adjust()
- Btrfs: make raid6 rebuild retry more
- [armhf] usb: musb: fix remote wakeup racing with suspend
- bonding: re-evaluate force_primary when the primary slave name changes
- ipv6: allow PMTU exceptions to local routes
- net/sched: act_simple: fix parsing of TCA_DEF_DATA
- tcp: verify the checksum of the first data segment in a new connection
- ext4: fix hole length detection in ext4_ind_map_blocks()
- ext4: update mtime in ext4_punch_hole even if no blocks are released
- ext4: fix fencepost error in check for inode count overflow during resize
- driver core: Don't ignore class_dir_create_and_add() failure.
- Btrfs: fix clone vs chattr NODATASUM race
- Btrfs: fix memory and mount leak in btrfs_ioctl_rm_dev_v2()
- btrfs: scrub: Don't use inode pages for device replace
- ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream()
- smb3: on reconnect set PreviousSessionId field
- cpufreq: Fix new policy initialization during limits updates via sysfs
- libata: zpodd: make arrays cdb static, reduces object code size
- libata: zpodd: small read overflow in eject_tray()
- libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk
- [x86] HID: intel_ish-hid: ipc: register more pm callbacks to support
hibernation
- vhost: fix info leak due to uninitialized memory (CVE-2018-1118)
- fs/binfmt_misc.c: do not allow offset overflow
[ Ben Hutchings ]
* netfilter: xt_hashlimit: Fix integer divide round to zero.
(Closes: #872907)
* [arm64,powerpc*,x86] drm/ast: Add support for new chips and boards
(Closes: #860900):
- drm/ast: const'ify mode setting tables
- drm/ast: Remove spurrious include
- drm/ast: Fix calculation of MCLK
- drm/ast: Base support for AST2500
- drm/ast: Fixed vram size incorrect issue on POWER
- drm/ast: Factor mmc_test code in POST code
- drm/ast: Rename ast_init_dram_2300 to ast_post_chip_2300
- drm/ast: POST code for the new AST2500
* ext4: add corruption check in ext4_xattr_set_entry() (CVE-2018-10879)
* ext4: always verify the magic number in xattr blocks (CVE-2018-10879)
* ext4: always check block group bounds in ext4_init_block_bitmap()
(CVE-2018-10878)
* ext4: make sure bitmaps and the inode table don't overlap with bg
descriptors (CVE-2018-10878)
* ext4: only look at the bg_flags field if it is valid (CVE-2018-10876)
* ext4: verify the depth of extent tree in ext4_find_extent()
(CVE-2018-10877)
* ext4: clear i_data in ext4_inode_info when removing inline data
(CVE-2018-10881)
* ext4: never move the system.data xattr out of the inode body
(CVE-2018-10880)
* jbd2: don't mark block as modified if the handle is out of credits
(CVE-2018-10883)
* ext4: avoid running out of journal credits when appending to an inline file
(CVE-2018-10883)
* ext4: add more inode number paranoia checks (CVE-2018-10882)
* sr: pass down correctly sized SCSI sense buffer (CVE-2018-11506)
* nvme: Ignore ABI changes
* tpm: Ignore ABI changes
[ Romain Perier ]
* jfs: Fix inconsistency between memory allocation and ea_buf->max_size
(CVE-2018-12233)
-- Ben Hutchings <email address hidden> Thu, 05 Jul 2018 02:29:30 +0100