Accepted linux 3.16.72-1 (all source) into oldoldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 13 Aug 2019 19:44:18 +0100
Binary: linux-doc-3.16 linux-manual-3.16 linux-source-3.16 linux-support-3.16.0-10
Source: linux
Architecture: all source
Version: 3.16.72-1
Distribution: jessie-security
Urgency: high
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Ben Hutchings <ben@decadent.org.uk>
Description:
linux-doc-3.16 - Linux kernel specific documentation for version 3.16
linux-manual-3.16 - Linux kernel API manual pages for version 3.16
linux-source-3.16 - Linux kernel source for version 3.16 with Debian patches
linux-support-3.16.0-10 - Support files for Linux 3.16
Changes:
linux (3.16.72-1) jessie-security; urgency=high
.
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.71
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.72
- ipv6: check sk sk_type and protocol early in ip_mroute_set/getsockopt
(CVE-2017-18509)
- xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink
- Staging: iio: meter: fixed typo
- iio: Use kmalloc_array() in iio_scan_mask_set()
- iio: Fix scan mask selection
- perf/core: Restore mmap record type correctly
- ext4: fix data corruption caused by unaligned direct AIO
- ext4: add missing brelse() in add_new_gdb_meta_bg()
- xfrm6_tunnel: Fix potential panic when unloading xfrm6_tunnel module
- IB/mlx4: Fix race condition between catas error reset and aliasguid flows
- staging: speakup_soft: Fix alternate speech with other synths
- netfilter: bridge: set skb transport_header before entering
NF_INET_PRE_ROUTING
- udf: Fix crash on IO error during truncate
- sctp: get sctphdr by offset in sctp_compute_cksum
- NFS: fix mount/umount race in nlmclnt.
- [armhf] imx6q: cpuidle: fix bug that CPU might not wake up at expected
time
- USB: serial: ftdi_sio: add additional NovaTech products
- device_cgroup: fix RCU imbalance in error case
- net-sysfs: call dev_hold if kobject_init_and_add success
- tcp: do not use ipv6 header for ipv4 flow
- dccp: do not use ipv6 header for ipv4 flow
- [i386] 3c515: fix integer overflow warning
- [armhf] dts: pfla02: increase phy reset duration
- USB: serial: mos7720: fix mos_parport refcount imbalance on error path
- staging: rtl8712: uninitialized memory in read_bbreg_hdl()
- ALSA: rawmidi: Fix potential Spectre v1 vulnerability (CVE-2017-5753)
- ALSA: seq: oss: Fix Spectre v1 vulnerability (CVE-2017-5753)
- [x86] iommu/vt-d: Check capability before disabling protected memory
- futex: Ensure that futex address is aligned in handle_futex_death()
- ALSA: pcm: Fix possible OOB access in PCM oss plugins
- xhci: Don't let USB3 ports stuck in polling state prevent suspend
- batman-adv: Reduce claim hash refcnt only for removed entry
- batman-adv: Reduce tt_local hash refcnt only for removed entry
- batman-adv: Reduce tt_global hash refcnt only for removed entry
- ALSA: pcm: Don't suspend stream in unrecoverable PCM state
- net: phy: don't clear BMCR in genphy_soft_reset
- USB: serial: cp210x: add new device id
- afs: Fix StoreData op marshalling
- KVM: Reject device ioctls from processes other than the VM's creator
- [x86] kvm: IA32_ARCH_CAPABILITIES is always supported
- [x86] KVM: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts
- fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links
- iio: core: fix a possible circular locking dependency
- dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors
- dccp: Fix memleak in __feat_register_sp
- xfrm4: Fix header checks in _decode_session4.
- xfrm4: Reload skb header pointers after calling pskb_may_pull.
- xfrm4: Fix uninitialized memory read in _decode_session4
- sched/fair: Do not re-read ->h_load_next during hierarchical load
calculation
- btrfs: prop: fix vanished compression property after failed set
- btrfs: correctly validate compression type
- dm: disable DISCARD if the underlying storage no longer supports it
- mtd: cfi: fix deadloop in cfi_cmdset_0002.c do_write_buffer
- xen: Prevent buffer overflow in privcmd ioctl
- ALSA: seq: Fix OOB-reads from strlcpy
- PCI: Add function 1 DMA alias quirk for Marvell 9170 SATA controller
- sunrpc: don't mark uninitialised items as VALID.
- lib/string.c: implement a basic bcmp
- ACPICA: Namespace: remove address node from global list after method
termination
- block: do not leak memory in bio_copy_user_iov()
- net: bridge: multicast: use rcu to access port list from
br_multicast_start_querier
- [x86] iommu/amd: Set exclusion range correctly
- rt2x00: do not increment sequence number while re-transmitting
- vxge: fix return of a free'd memblock on a failed dma mapping
- [x86] speculation: Prevent deadlock on ssb_state::lock
- USB: core: Fix unterminated string returned by usb_string()
- [x86] staging: comedi: vmk80xx: Fix use of uninitialized semaphore
- [x86] staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf
- kvm: mmu: Fix overflow on kvm mmu page limit calculation
- cifs: fix handle leak in smb2_query_symlink()
- CIFS: keep FileInfo handle live during oplock break
- sched/fair: Limit sched_cfs_period_timer() loop to avoid hard lockup
- ALSA: core: Fix card races between register and disconnect
- tipc: set sysctl_tipc_rmem and named_timeout right range
- [x86] kprobes: Verify stack frame on kretprobe
- kprobes: Mark ftrace mcount handler functions nokprobe
- [x86] kprobes: Avoid kretprobe recursion bug
- USB: core: Fix bug caused by duplicate interface PM usage counter
- team: fix possible recursive locking when add slaves
- netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON
- mac80211: don't attempt to rename ERR_PTR() debugfs dirs
- ceph: ensure d_name stability in ceph_dentry_hash()
- cifs: do not attempt cifs operation on smb2+ rename error
- net/rose: fix unbound loop in rose_loopback_timer()
- USB: yurex: Fix protection fault after device removal
- USB: w1 ds2490: Fix bug caused by improper use of altsetting array
- usb: usbip: fix isoc packet num validation in get_pipe
- sched/numa: Fix a possible divide-by-zero
- l2tp: use rcu_dereference_sk_user_data() in l2tp_udp_encap_recv()
- trace: Fix preempt_enable_no_resched() abuse
- fs/proc/proc_sysctl.c: Fix a NULL pointer dereference
- slip: make slhc_free() silently accept an error pointer
- ipv6: invert flowlabel sharing check in process and user mode
- ipv6/flowlabel: wait rcu grace period before put_pid()
- l2ip: fix possible use-after-free
- packet: in recvmsg msg_name return at least sizeof sockaddr_ll
- packet: validate msg_namelen in send directly
- ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour
- [amd64] Add mitigation for Spectre v1 swapgs (CVE-2019-1125):
+ cpufeatures: Renumber feature word 7
+ asm/entry: Disentangle error_entry/exit gsbase/ebx/usermode code
+ entry: Really create an error-entry-from-usermode code path
+ entry: Fix context tracking state warning when load_gs_index fails
+ speculation: Prepare entry code for Spectre v1 swapgs mitigations
+ speculation: Enable Spectre v1 swapgs mitigations
+ entry: Use JMP instead of JMPQ
+ speculation/swapgs: Exclude ATOMs from speculation through SWAPGS
- vhost-net: set packet weight of tx polling to 2 * vq size
- vhost_net: use packet weight for rx handler, too
- vhost_net: introduce vhost_exceeds_weight()
- vhost: introduce vhost_exceeds_weight()
- vhost_net: fix possible infinite loop (CVE-2019-3900)
- vhost: scsi: add weight support (CVE-2019-3900)
- Bluetooth: hci_uart: check for missing tty operations (CVE-2019-10207)
- Input: gtco - bounds check collection indent level (CVE-2019-13631)
- floppy: fix div-by-zero in setup_format_params (CVE-2019-14284)
- floppy: fix out-of-bounds read in next_valid_format
- floppy: fix invalid pointer dereference in drive_name
- floppy: fix out-of-bounds read in copy_buffer (CVE-2019-14283)
- proc: meminfo: estimate available memory more conservatively
- mm/page_alloc.c: calculate 'available' memory in a separate function
- xen: let alloc_xenballooned_pages() fail if not enough memory free
- Revert "inet: update the IP ID generation algorithm to higher standards."
- ipv6: Select fragment id during UFO segmentation if not set.
- Revert "drivers/net, ipv6: Select IPv6 fragment idents for virtio UFO
packets"
- ipv6: Fix fragment id assignment on LE arches.
- ipv6: Make __ipv6_select_ident static
- ipv6: call ipv6_proxy_select_ident instead of ipv6_select_ident in
udp6_ufo_fragment
- ipv4: hash net ptr into fragmentation bucket selection
- ipv4: ip_tunnel: use net namespace from rtable not socket
- ipv6: hash net ptr into fragmentation bucket selection
- siphash: add cryptographically secure PRF
- inet: switch IP ID generator to siphash (CVE-2019-10638)
- netfilter: ctnetlink: don't use conntrack/expect object addresses as id
- scsi: libsas: fix a race condition when smp task timeout (CVE-2018-20836)
.
[ Ben Hutchings ]
* [amd64] Revert "cpufeatures: Renumber feature word 7" to avoid an ABI
change
* inet: Avoid ABI change for IP ID hash change
* vhost: Ignore ABI changes
* Partially revert "USB: core: Fix bug caused by duplicate interface …"
to avoid an ABI change
* tcp: Clear sk_send_head after purging the write queue
* kretprobe: Ignore ABI changes
* macvtap, tun: Avoid ABI change in 3.16.72
* siphash: implement HalfSipHash1-3 for hash tables (avoids build regression
for WireGuard)
Checksums-Sha1:
8342fee28dc821625e6102fba53752423db6edf3 143027 linux_3.16.72-1.dsc
e13b5789e904e6c306326744cb7ccce5ad4cc861 82064636 linux_3.16.72.orig.tar.xz
ea266af6812e628e01046efc3a4194a00d1b90ad 1850732 linux_3.16.72-1.debian.tar.xz
a271e33ad2efb9ca8a6ff3b422dc12359f7e4ee6 459446 linux-support-3.16.0-10_3.16.72-1_all.deb
af8bc9f3322a6ad9044dd21935714fc0cfee8f2b 8409288 linux-doc-3.16_3.16.72-1_all.deb
0968d6ab250c18df416b9b3401906e03b40a9c67 3818154 linux-manual-3.16_3.16.72-1_all.deb
7fd2a290281fab6c832f85589722c4102bb0f5ab 83912208 linux-source-3.16_3.16.72-1_all.deb
Checksums-Sha256:
06cf487bf6056bbd0dd74e8facd055821f2a42e6e636df559bf2baa5bb99b6eb 143027 linux_3.16.72-1.dsc
367ea4f50be1d6463d4da5a48b1eba395a8c26451f067e2bf15bed74cb539553 82064636 linux_3.16.72.orig.tar.xz
08ec4734dfff44994df50da306c6028dc02f768288a4a81408117a878935f373 1850732 linux_3.16.72-1.debian.tar.xz
31272af33c6805aab0409b347d24277e5fadbadf05535195ca157540d1938ab9 459446 linux-support-3.16.0-10_3.16.72-1_all.deb
38a20931e2b56bc1a3e8dd341404e26d8591d3ce6a5deb93a88cd6edf2e02624 8409288 linux-doc-3.16_3.16.72-1_all.deb
a7eebccf5e889dd54649afbe753c1a22b8f49e8b3a5244b3bf6d171b6b04db79 3818154 linux-manual-3.16_3.16.72-1_all.deb
cef604941f065b988eada478094784cff0b54e3a96bc4c600a495872cdaa404e 83912208 linux-source-3.16_3.16.72-1_all.deb
Files:
137244fb72435b99dba1a4393076bd92 143027 kernel optional linux_3.16.72-1.dsc
95891b771239e1aa658d9d47b3150380 82064636 kernel optional linux_3.16.72.orig.tar.xz
451ce71dc4c35437f39c94f0f01b04d9 1850732 kernel optional linux_3.16.72-1.debian.tar.xz
b021d5982fd23e668a2187e4c1cd8e14 459446 devel optional linux-support-3.16.0-10_3.16.72-1_all.deb
a2c5fc4b44cbed72d9f70ffef8a2e9c6 8409288 doc optional linux-doc-3.16_3.16.72-1_all.deb
92d21a8ba370f37bf8ea4f404f4f73ba 3818154 doc optional linux-manual-3.16_3.16.72-1_all.deb
81ab1724ccab26bd9a921bc734f38651 83912208 kernel optional linux-source-3.16_3.16.72-1_all.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAl1TE9EACgkQ57/I7JWG
EQmdgw/7B7EEwUXB1fDCatQX6QoG8ZIHiNfFjX4QLev1+ZhB5niPc+ha8htSFUJ5
4GOX4KaYkPmw7VDeOt5+gOkVOPAN8GRhyCINnhp6iEeGy0yd9m2pn/T5OxuQyVOo
41ToZlBlhLgeenHEmR75mE+67FQS3pg3XMyFu1//wwEVBZR7Im1LyrA+4kLfn6/r
MAv7vuZrUZcKyBHjfGQuOOIhQsZ7kGZ+gx5aqaaRJDoJdsHGng1bzgrpX1NkpMHW
Cbou9ndRGv7LC+uEfuxLVByDtyvEZsUqSiGkS1rSZJp0oKPF3Rtr9T7e6kJy2IIM
szSrHu8vtD57b+rTpi7duO/3WdIrBkMq8nz9v9TLBbNQJThcr+7GhIvDl3JvDlGd
VzzvWXpkPW6mwQp3vLjFZ7R3iTMsZdj/o+b9CTtD/yQvbNMf+HIzk5/l3nUT5MNF
p+GnD6dusSHGB3uQCWkza/0UTt/X6IFwKpNHfPCZS2dOWkJ1d52JP0yMqFPctx4O
M43qLOoUnMyOhv3hU50x/cIgBWqsl64tvG44kr23a1Ea8re6QC0qWrGV9fjTH7Yp
BQDSmCDtRn07tDuQYd0LJFrMf8iOntw8G8k8NO5icUadwyoyxeKYxOd1O5Fv9a+V
gQKuR56CYBGM7HWoLuhEx66dQcGER/FNveirtf0YU6HTL/aJXGo=
=S/TB
-----END PGP SIGNATURE-----