apticron report [Sat, 14 Jul 2018 22:38:32 +0200] ======================================================================== apticron has detected that some packages need upgrading on: quigon.federez.net [ 160.228.155.65 ] The following packages are currently pending an upgrade: apache2 2.4.25-3+deb9u5 apache2-bin 2.4.25-3+deb9u5 apache2-data 2.4.25-3+deb9u5 apache2-utils 2.4.25-3+deb9u5 base-files 9.9+deb9u5 ca-certificates 20161130+nmu1+deb9u1 clamav 0.100.0+dfsg-0+deb9u2 clamav-base 0.100.0+dfsg-0+deb9u2 clamav-daemon 0.100.0+dfsg-0+deb9u2 clamav-freshclam 0.100.0+dfsg-0+deb9u2 clamdscan 0.100.0+dfsg-0+deb9u2 dpkg 1.18.25 dpkg-dev 1.18.25 file 1:5.30-1+deb9u2 ghostscript 9.20~dfsg-3.2+deb9u2 imagemagick 8:6.9.7.4+dfsg-11+deb9u5 imagemagick-6-common 8:6.9.7.4+dfsg-11+deb9u5 imagemagick-6.q16 8:6.9.7.4+dfsg-11+deb9u5 ldap-utils 2.4.44+dfsg-5+deb9u2 libclamav7 0.100.0+dfsg-0+deb9u2 libcups2 2.2.1-8+deb9u2 libcupsimage2 2.2.1-8+deb9u2 libdpkg-perl 1.18.25 libgs9 9.20~dfsg-3.2+deb9u2 libgs9-common 9.20~dfsg-3.2+deb9u2 libldap-2.4-2 2.4.44+dfsg-5+deb9u2 libldap-common 2.4.44+dfsg-5+deb9u2 libmagic1 1:5.30-1+deb9u2 libmagickcore-6.q16-3 8:6.9.7.4+dfsg-11+deb9u5 libmagickcore-6.q16-3-extra 8:6.9.7.4+dfsg-11+deb9u5 libmagickwand-6.q16-3 8:6.9.7.4+dfsg-11+deb9u5 libmagic-mgc 1:5.30-1+deb9u2 libnss-ldapd 0.9.7-2+deb9u1 libpam-ldapd 0.9.7-2+deb9u1 libpam-systemd 232-25+deb9u4 libsystemd0 232-25+deb9u4 libudev1 232-25+deb9u4 libxapian30 1.4.3-2+deb9u1 linux-image-4.9.0-7-amd64 4.9.110-1 linux-image-amd64 4.9+80+deb9u5 linux-libc-dev 4.9.110-1 nslcd 0.9.7-2+deb9u1 nslcd-utils 0.9.7-2+deb9u1 patch 2.7.5-1+deb9u1 shared-mime-info 1.8-1+deb9u1 systemd 232-25+deb9u4 systemd-sysv 232-25+deb9u4 udev 232-25+deb9u4 ======================================================================== Package Details: apt-listchanges : Lecture des fichiers de modifications (« changelog »)... apt-listchanges : nouveautés ---------------------------- --- Nouveautés pour apache2 (apache2 apache2-bin apache2-data apache2-utils) --- apache2 (2.4.25-3+deb9u5) stretch; urgency=medium * This package upgrades mod_http2 to the version from apache2 2.4.33. This fixes a lot of bugs and some security issues, but it also removes the support for using HTTP/2 when running with mpm_prefork. HTTP/2 support is only provided when running with mpm_event or mpm_worker. -- Stefan Fritsch &lt;sf(a)debian.org&gt; Sat, 02 Jun 2018 09:51:46 +0200 apt-listchanges : journaux des modifications (« changelogs ») ------------------------------------------------------------- --- Modifications pour file (file libmagic1 libmagic-mgc) --- file (1:5.30-1+deb9u2) stable; urgency=high * Avoid reading past the end of buffer. Closes: #901351 [CVE-2018-10360] -- Christoph Biedl &lt;debian.axhn(a)manchmal.in-ulm.de&gt; Mon, 11 Jun 2018 23:16:09 +0200 --- Modifications pour apache2 (apache2 apache2-bin apache2-data apache2-utils) --- apache2 (2.4.25-3+deb9u5) stretch; urgency=medium * Upgrade mod_http and mod_proxy_http2 to the versions from 2.4.33. This fixes - CVE-2018-1302: mod_http2: Potential crash w/ mod_http2 - Segfaults in mod_http2 (Closes: #873945) - mod_http2 issue with option "Indexes" and directive "HeaderName" (Closes: #850947) Unfortunately, this also removes support for http2 when running on mpm_prefork. * mod_http2: Avoid high memory usage with large files, causing crashes on 32bit archs. Closes: #897218 * Make the apache-htcacheclean init script actually look into /etc/default/apache-htcacheclean for its config. Closes: #898563 -- Stefan Fritsch &lt;sf(a)debian.org&gt; Sat, 02 Jun 2018 10:01:13 +0200 --- Modifications pour base-files --- base-files (9.9+deb9u5) stretch; urgency=medium * Change /etc/debian_version to 9.5, for Debian 9.5 point release. -- Santiago Vila &lt;sanvila(a)debian.org&gt; Tue, 26 Jun 2018 14:03:08 +0200 --- Modifications pour ca-certificates --- ca-certificates (20161130+nmu1+deb9u1) stretch; urgency=medium * debian/ca-certificates.postinst: Prevent postinst failure on read-only /usr/local. Closes: #843722 * debian/control: Remove Christian Perrier from uploaders at his request. Closes: #894070 * mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority bundle to version 2.22. Closes: #858064 The following certificate authorities were added (+): + "AC RAIZ FNMT-RCM" + "Amazon Root CA 1" + "Amazon Root CA 2" + "Amazon Root CA 3" + "Amazon Root CA 4" + "D-TRUST Root CA 3 2013" + "GDCA TrustAUTH R5 ROOT" + "LuxTrust Global Root 2" + "SSL.com EV Root Certification Authority ECC" + "SSL.com EV Root Certification Authority RSA R2" + "SSL.com Root Certification Authority ECC" + "SSL.com Root Certification Authority RSA" + "Symantec Class 1 Public Primary Certification Authority - G4" + "Symantec Class 1 Public Primary Certification Authority - G6" + "Symantec Class 2 Public Primary Certification Authority - G4" + "Symantec Class 2 Public Primary Certification Authority - G6" + "TrustCor ECA-1" + "TrustCor RootCert CA-1" + "TrustCor RootCert CA-2" + "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1" The following certificate authorities were removed (-): - "ACEDICOM Root" - "AddTrust Public Services Root" - "AddTrust Qualified Certificates Root" - "ApplicationCA - Japanese Government" - "Buypass Class 2 CA 1" - "CA Disig Root R1" - "Certinomis - Autorité Racine" - "China Internet Network Information Center EV Certificates Root" - "CNNIC ROOT" - "Comodo Secure Services root" - "Comodo Trusted Services root" - "DST ACES CA X6" - "EBG Elektronik Sertifika Hizmet Saglayicisi" - "Equifax Secure CA" - "Equifax Secure eBusiness CA 1" - "Equifax Secure Global eBusiness CA" - "GeoTrust Global CA 2" - "IGC/A" - "Juur-SK" - "Microsec e-Szigno Root CA" - "PSCProcert" - "Root CA Generalitat Valenciana" - "RSA Security 2048 v3" - "Security Communication EV RootCA1" - "S-TRUST Authentication and Encryption Root CA 2005 PN" - "Swisscom Root CA 1" - "Swisscom Root EV CA 2" - "TUBITAK UEKAE Kok Sertifika Hizmet Saglayicisi - Surum 3" - "TURKTRUST Certificate Services Provider Root 2007" - "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6" - "UTN USERFirst Hardware Root CA" - "Verisign Class 1 Public Primary Certification Authority" - "Verisign Class 2 Public Primary Certification Authority - G2" - "Verisign Class 3 Public Primary Certification Authority" - "WellsSecure Public Root Certificate Authority" -- Michael Shuler &lt;michael(a)pbandjelly.org&gt; Sat, 07 Jul 2018 01:08:40 +0200 --- Modifications pour clamav (clamav clamav-base clamav-daemon clamav-freshclam clamdscan libclamav7) --- clamav (0.100.0+dfsg-0+deb9u2) stretch; urgency=medium * Don't fail on recently removed config options (Closes: #902290). -- Sebastian Andrzej Siewior &lt;sebastian(a)breakpoint.cc&gt; Wed, 04 Jul 2018 23:14:43 +0200 clamav (0.100.0+dfsg-0+deb9u1) stretch; urgency=medium [ Sebastian Andrzej Siewior ] * New upstream release. - remove various documentation files including Changelog from the file list because they are no longer included in upstream archive. - update symbol file * Don't replace config file with sample config after debconf gets disabled (in milter and daemon (Closes: #870253). * Add bytecode.c(l|v)d to log clamav-freshclam.logcheck.ignore.server. Patch by Václav Ovsík &lt;vaclav.ovsik(a)gmail.com&gt; (Closes: #868766). * Disable the freshclam service if changed to `manual' mode so it does not start again after system reboot with systemd (Closes: #881780). * Drop "demime = *" from Debian.README for clamav, this option is deprecated and will be removed from exim (Closes: #881634). * Point Vcs-* tags to salsa. [ Scott Kitterman ] * Update README.Debian to describe how to disable apparmor for clamav-daemon and clamav-freshclam (Closes: #884707) -- Sebastian Andrzej Siewior &lt;sebastian(a)breakpoint.cc&gt; Wed, 25 Apr 2018 21:59:49 +0200 --- Modifications pour dpkg (dpkg dpkg-dev libdpkg-perl) --- dpkg (1.18.25) stretch; urgency=medium [ Guillem Jover ] * Parse start-stop-daemon usernames and groupnames starting with digits in -u and -c correctly. Reported by Bodo Eggert &lt;7eggert(a)online.de&gt;de>. * Always use the binary version for the .buildinfo filename in dpkg-genbuildinfo. Reported by Raphaël Hertzog &lt;hertzog(a)debian.org&gt;rg>. Closes: #869236 * Fix integer overflow in deb(5) format version parser. Closes: #868356 * Fix directory traversal with dpkg-deb --raw-extract, by guaranteeing that the DEBIAN pathname does not exist. Closes: #879982 Reported by Jakub Wilk &lt;jwilk(a)jwilk.net&gt;et>. * Do not try to recompute hashes for the .dsc file when signing binary-only builds in dpkg-buildpackage. Reported by Ximin Luo &lt;infinity0(a)debian.org&gt;rg>. * Architecture support: - Add support for riscv64 CPU. Closes: #822914 Thanks to Manuel A. Fernandez Montecelo &lt;mafm(a)debian.org&gt; * Perl modules: - Do not normalize args past a passthrough stop word in Dpkg::Getopt. Some commands pass some arguments through to another command, and those must not be normalized as that might break their invocation. Reported by Helmut Grohne &lt;helmut(a)subdivi.de&gt;de>. * Documentation: - Update buildinfo information in dpkg-buildpackage man page to match the current implementation. - Use correct name for archname validator value in dpkg(1) man page. Reported by Niels Thykier &lt;niels(a)thykier.netnet. - Update git URLs for move away from alioth.debian.org. * Packaging: - Add versioned Build-Depends on tar, due to the --clamp-mtime option being used in Dpkg::Source::Archive which is used by dpkg-source, used by the test suite. Closes: #877330 [ Updated programs translations ] * Dutch (Frans Spiesschaert). * German (Sven Joachim). * Italian (Pietro Battiston, Milo Casagrande). * Portuguese (Miguel Figueiredo). * Simplified Chinese (Zhou Mo, Boyuan Yang). * Spanish (Javier Fernandez-Sanguino). * Turkish (Mert Dirik). [ Updated man pages translations ] * Dutch (Frans Spiesschaert). * German (Helge Kreutzmann). -- Guillem Jover &lt;guillem(a)debian.org&gt; Tue, 26 Jun 2018 12:28:08 +0200 --- Modifications pour ghostscript (ghostscript libgs9 libgs9-common) --- ghostscript (9.20~dfsg-3.2+deb9u2) stretch; urgency=medium * Non-maintainer upload. * Segfault with fuzzing file in gxht_thresh_image_init * Buffer overflow in fill_threshold_buffer (CVE-2016-10317) (Closes: #860869) * pdfwrite - Guard against trying to output an infinite number (CVE-2018-10194) (Closes: #896069) -- Salvatore Bonaccorso &lt;carnil(a)debian.org&gt; Sun, 29 Apr 2018 10:58:15 +0200 --- Modifications pour imagemagick (imagemagick imagemagick-6-common imagemagick-6.q16 libmagickcore-6.q16-3 libmagickcore-6.q16-3-extra libmagickwand-6.q16-3) --- imagemagick (8:6.9.7.4+dfsg-11+deb9u5) stretch-security; urgency=medium * 0113-CVE-2018-12599 (Closes: #902727) * 0114-CVE-2018-11251 * 0115-CVE-2018-12600 (Closes: #902728) * 0116-CVE-2018-5248 (Closes: #886588) -- Moritz Mühlenhoff &lt;jmm(a)debian.org&gt; Fri, 13 Jul 2018 00:04:11 +0200 --- Modifications pour linux (linux-libc-dev) --- linux (4.9.110-1) stretch; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.108 - tpm: do not suspend/resume if power stays on - tpm: self test failure should not cause suspend to fail - mmap: introduce sane default mmap limits - mmap: relax file size limit for regular files - btrfs: define SUPER_FLAG_METADUMP_V2 - drm: set FMODE_UNSIGNED_OFFSET for drm files - bnx2x: use the right constant - dccp: don't free ccid2_hc_tx_sock struct in dccp_disconnect() - enic: set DMA mask to 47 bit - ip6mr: only set ip6mr_table from setsockopt when ip6mr_new_table succeeds - ipv4: remove warning in ip_recv_error - isdn: eicon: fix a missing-check bug - net/packet: refine check for priv area size - net: usb: cdc_mbim: add flag FLAG_SEND_ZLP - packet: fix reserve calculation - qed: Fix mask for physical address in ILT entry - sctp: not allow transport timeout value less than HZ/5 for hb_timer - team: use netdev_features_t instead of u32 - vhost: synchronize IOTLB message with dev cleanup - vrf: check the original netdevice for generating redirect - net/mlx4: Fix irq-unsafe spinlock usage - rtnetlink: validate attributes in do_setlink() - net: phy: broadcom: Fix bcm_write_exp() - net: metrics: add proper netlink validation - dm bufio: avoid false-positive Wmaybe-uninitialized warning - objtool: complete e390f9a port for v4.9.106 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.109 - [x86] fpu: Hard-disable lazy FPU mode - bonding: correctly update link status during mii-commit phase - bonding: fix active-backup transition - bonding: require speed/duplex only for 802.3ad, alb and tlb - nvme-pci: initialize queue memory before interrupts - af_key: Always verify length of provided sadb_key - [x86] crypto, x86/fpu: Remove X86_FEATURE_EAGER_FPU #ifdef from the crc32c code - nvmet: Move serial number from controller to subsystem - nvmet: don't report 0-bytes in serial number - nvmet: don't overwrite identify sn/fr with 0-bytes - gpio: No NULL owner - [x86] KVM: introduce linear_{read,write}_system - [x86] KVM: pass kvm_vcpu to kvm_read_guest_virt and kvm_write_guest_virt_system - usbip: vhci_sysfs: fix potential Spectre v1 (CVE-2017-5753) - [armhf] serial: samsung: fix maxburst parameter for DMA transactions - [armhf] serial: 8250: omap: Fix idling of clocks for unused uarts - [x86] vmw_balloon: fixing double free when batching mode is off - [armhf,arm64] tty: pl011: Avoid spuriously stuck-off interrupts - [x86] kvm: use correct privilege level for sgdt/sidt/fxsave/fxrstor access (CVE-2018-10853) - [powerpc*] crypto: vmx - Remove overly verbose printk from AES init routines - [armhf] crypto: omap-sham - fix memleak https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.110 - xfrm6: avoid potential infinite loop in _decode_session6() - netfilter: ebtables: handle string from userspace with care - ipvs: fix buffer overflow with sync daemon and service - iwlwifi: pcie: compare with number of IRQs requested for, not number of CPUs - atm: zatm: fix memcmp casting - [x86] platform: asus-wmi: Fix NULL pointer dereference - Revert "Btrfs: fix scrub to repair raid6 corruption" - tcp: do not overshoot window_clamp in tcp_rcv_space_adjust() - Btrfs: make raid6 rebuild retry more - [armhf] usb: musb: fix remote wakeup racing with suspend - bonding: re-evaluate force_primary when the primary slave name changes - ipv6: allow PMTU exceptions to local routes - net/sched: act_simple: fix parsing of TCA_DEF_DATA - tcp: verify the checksum of the first data segment in a new connection - ext4: fix hole length detection in ext4_ind_map_blocks() - ext4: update mtime in ext4_punch_hole even if no blocks are released - ext4: fix fencepost error in check for inode count overflow during resize - driver core: Don't ignore class_dir_create_and_add() failure. - Btrfs: fix clone vs chattr NODATASUM race - Btrfs: fix memory and mount leak in btrfs_ioctl_rm_dev_v2() - btrfs: scrub: Don't use inode pages for device replace - ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream() - smb3: on reconnect set PreviousSessionId field - cpufreq: Fix new policy initialization during limits updates via sysfs - libata: zpodd: make arrays cdb static, reduces object code size - libata: zpodd: small read overflow in eject_tray() - libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk - [x86] HID: intel_ish-hid: ipc: register more pm callbacks to support hibernation - vhost: fix info leak due to uninitialized memory (CVE-2018-1118) - fs/binfmt_misc.c: do not allow offset overflow [ Ben Hutchings ] * netfilter: xt_hashlimit: Fix integer divide round to zero. (Closes: #872907) * [arm64,powerpc*,x86] drm/ast: Add support for new chips and boards (Closes: #860900): - drm/ast: const'ify mode setting tables - drm/ast: Remove spurrious include - drm/ast: Fix calculation of MCLK - drm/ast: Base support for AST2500 - drm/ast: Fixed vram size incorrect issue on POWER - drm/ast: Factor mmc_test code in POST code - drm/ast: Rename ast_init_dram_2300 to ast_post_chip_2300 - drm/ast: POST code for the new AST2500 * ext4: add corruption check in ext4_xattr_set_entry() (CVE-2018-10879) * ext4: always verify the magic number in xattr blocks (CVE-2018-10879) * ext4: always check block group bounds in ext4_init_block_bitmap() (CVE-2018-10878) * ext4: make sure bitmaps and the inode table don't overlap with bg descriptors (CVE-2018-10878) * ext4: only look at the bg_flags field if it is valid (CVE-2018-10876) * ext4: verify the depth of extent tree in ext4_find_extent() (CVE-2018-10877) * ext4: clear i_data in ext4_inode_info when removing inline data (CVE-2018-10881) * ext4: never move the system.data xattr out of the inode body (CVE-2018-10880) * jbd2: don't mark block as modified if the handle is out of credits (CVE-2018-10883) * ext4: avoid running out of journal credits when appending to an inline file (CVE-2018-10883) * ext4: add more inode number paranoia checks (CVE-2018-10882) * sr: pass down correctly sized SCSI sense buffer (CVE-2018-11506) * nvme: Ignore ABI changes * tpm: Ignore ABI changes [ Romain Perier ] * jfs: Fix inconsistency between memory allocation and ea_buf->max_size (CVE-2018-12233) -- Ben Hutchings &lt;ben(a)decadent.org.uk&gt; Thu, 05 Jul 2018 02:29:30 +0100 linux (4.9.107-1) stretch; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.89 - drm: qxl: Don't alloc fbdev if emulation is not supported - selinux: check for address length in selinux_socket_bind() - [x86] x86/mm: Make mmap(MAP_32BIT) work correctly - perf sort: Fix segfault with basic block 'cycles' sort dimension - [x86] x86/mce: Handle broadcasted MCE gracefully with kexec - ath10k: fix fetching channel during potential radar detection - usb: misc: lvs: fix race condition in disconnect handling - zd1211rw: fix NULL-deref at probe - batman-adv: handle race condition for claims between gateways - [x86] x86/boot/32: Defer resyncing initial_page_table until per-cpu is set up - media: i2c/soc_camera: fix ov6650 sensor getting wrong clock - timers, sched_clock: Update timeout for clock wrap - sched: act_csum: don't mangle TCP and UDP GSO packets - PCI: hv: Properly handle PCI bus remove - PCI: hv: Lock PCI bus on device eject - i40e/i40evf: Fix use after free in Rx cleanup path - scsi: be2iscsi: Check tag in beiscsi_mccq_compl_wait - mm: Fix false-positive VM_BUG_ON() in page_cache_{get,add}_speculative() - f2fs: relax node version check for victim data in gc - drm/ttm: never add BO that failed to validate to the LRU list - powerpc/mm/hugetlb: Filter out hugepage size not supported by page table layout - NFC: nfcmrvl: double free on error path - [powerpc*] powerpc: Avoid taking a data miss on every userspace instruction miss - printk: Correctly handle preemption in console_unlock() - drm: rcar-du: Handle event when disabling CRTCs - apparmor: Make path_max parameter readonly - iommu/iova: Fix underflow bug in __alloc_and_insert_iova_range - kvm: nVMX: Disallow userspace-injected exceptions in guest mode - [mips*] MIPS: BPF: Quit clobbering callee saved registers in JIT code. - [mips*] MIPS: BPF: Fix multiple problems in JIT skb access helpers. - [mips*] MIPS: r2-on-r6-emu: Fix BLEZL and BGTZL identification - [mips*] MIPS: r2-on-r6-emu: Clear BLTZALL and BGEZALL debugfs counters - v4l: vsp1: Prevent multiple streamon race commencing pipeline early - regulator: isl9305: fix array size - md/raid6: Fix anomily when recovering a single device in RAID6. - [powerpc*] powerpc/nohash: Fix use of mmu_has_feature() in setup_initial_memory_limit() - usb: dwc2: Make sure we disconnect the gadget state - [arm*] drivers/perf: arm_pmu: handle no platform_device - [x86] kprobes/x86: Set kprobes pages read-only - Bluetooth: Avoid bt_accept_unlink() double unlinking - Bluetooth: 6lowpan: fix delay work init in add_peer_chan() - wil6210: fix memory access violation in wil_memcpy_from/toio_32 - sched: Stop switched_to_rt() from sending IPIs to offline CPUs - sched: Stop resched_cpu() from sending IPIs to offline CPUs - mwifiex: cfg80211: do not change virtual interface during scan processing - media: cpia2: Fix a couple off by one bugs - drm/amdkfd: Fix memory leaks in kfd topology - [i386] x86/boot/32: Fix UP boot on Quark and possibly other platforms - [i386] x86/vm86/32: Fix POPF emulation - [i386] x86/speculation, objtool: Annotate indirect calls/jumps for objtool on 32-bit kernels - [x86] x86/speculation: Remove Skylake C2 from Speculation Control microcode blacklist - [x86] x86/mm: Fix vmalloc_fault to use pXd_large - ALSA: pcm: Fix UAF in snd_pcm_oss_get_formats() - ALSA: seq: Fix possible UAF in snd_seq_check_queue() - fs: Teach path_connected to handle nfs filesystems with multiple roots. - lock_parent() needs to recheck if dentry got __dentry_kill'ed under it - btrfs: alloc_chunk: fix DUP stripe size handling - btrfs: Fix use-after-free when cleaning up fs_devs with a single stale device https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.90 - tpm: fix potential buffer overruns caused by bit glitches on the bus - SMB3: Validate negotiate request must always be signed - CIFS: Enable encryption during session setup phase (CVE-2018-1066) - ath: Fix updating radar flags for coutry code India - mwifiex: don't leak 'chan_stats' on reset - [x86] x86/reboot: Turn off KVM when halting a CPU - IB/ipoib: Fix deadlock between ipoib_stop and mcast join flow - HSI: ssi_protocol: double free in ssip_pn_xmit() - IB/mlx4: Take write semaphore when changing the vma struct - IB/mlx4: Change vma from shared to private - IB/mlx5: Take write semaphore when changing the vma struct - IB/mlx5: Change vma from shared to private - ibmvnic: Disable irq prior to close - netfilter: xt_CT: fix refcnt leak on error path - tipc: check return value of nlmsg_new - wan: pc300too: abort path on failure - qlcnic: fix unchecked return value - infiniband/uverbs: Fix integer overflows - pNFS: Fix use after free issues in pnfs_do_read() - xprtrdma: Cancel refresh worker during buffer shutdown - NFS: don't try to cross a mountpount when there isn't one there. - mt7601u: check return value of alloc_skb - libertas: check return value of alloc_workqueue - rndis_wlan: add return value validation - Btrfs: fix incorrect space accounting after failure to insert inline extent - Btrfs: send, fix file hole not being preserved due to inline extent - Btrfs: fix extent map leak during fallocate error path - mac80211: don't parse encrypted management frames in ieee80211_frame_acked - mtip32xx: use runtime tag to initialize command header - [x86] x86/KASLR: Fix kexec kernel boot crash when KASLR randomization fails - mac80211: Fix possible sband related NULL pointer de-reference - netfilter: x_tables: unlock on error in xt_find_table_lock() - IB/hfi1: Fix softlockup issue - ipmi/watchdog: fix wdog hang on panic waiting for ipmi response - drm/amdgpu: fix gpu reset crash - qed: Unlock on error in qed_vf_pf_acquire() - bnx2x: Align RX buffers - [ppc*] power: supply: isp1704: Fix unchecked return value of devm_kzalloc - [ppc*] power: supply: pda_power: move from timer to delayed_work - md/raid10: skip spare disk as 'first' disk - ACPI / power: Delay turning off unused power resources after suspend - tcm_fileio: Prevent information leak for short reads - video: fbdev: udlfb: Fix buffer on stack - sm501fb: don't return zero on failure path in sm501fb_start() - pNFS: Fix a deadlock when coalescing writes and returning the layout - net: hns: fix ethtool_get_strings overflow in hns driver - cifs: small underflow in cnvrtDosUnixTm() - ath10k: fix out of bounds access to local buffer - block/mq: Cure cpu hotplug lock inversion - Bluetooth: btqcomsmd: Fix skb double free corruption - media: c8sectpfe: fix potential NULL pointer dereference in c8sectpfe_timer_interrupt - drm/msm: fix leak in failed get_pages - RDMA/iwpm: Fix uninitialized error code in iwpm_send_mapinfo() - rtlwifi: rtl_pci: Fix the bug when inactiveps is enabled. - media: bt8xx: Fix err 'bt878_probe()' - dmaengine: zynqmp_dma: Fix race condition in the probe - drm/tilcdc: ensure nonatomic iowrite64 is not used - mmc: avoid removing non-removable hosts during suspend - IB/ipoib: Avoid memory leak if the SA returns a different DGID - RDMA/cma: Use correct size when writing netlink stats - iommu/vt-d: clean up pr_irq if request_threaded_irq fails - RDMA/ocrdma: Fix permissions for OCRDMA_RESET_STATS - IB/mlx5: Fix out-of-bounds read in create_raw_packet_qp_rq - RDMA/ucma: Fix access to non-initialized CM_ID object https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.91 - libata: fix length validation of ATAPI-relayed SCSI commands - libata: Apply NOLPM quirk to Crucial MX100 512GB SSDs - libata: disable LPM for Crucial BX100 SSD 500GB drive - libata: Enable queued TRIM for Samsung SSD 860 - libata: Apply NOLPM quirk to Crucial M500 480 and 960GB SSDs - libata: Make Crucial BX100 500GB LPM quirk apply to all firmware versions - libata: Modify quirks for MX100 to limit NCQ_TRIM quirk to MU01 version - nfsd: remove blocked locks on client teardown - mm/vmalloc: add interfaces to free unmapped page table - drm: udl: Properly check framebuffer mmap offsets (CVE-2018-8781) - mtd: nand: fsl_ifc: Fix eccstat array overflow for IFC ver >= 2.0.0 - staging: ncpfs: memory corruption in ncp_read_kernel() (CVE-2018-8822) - can: cc770: Fix use after free in cc770_tx_interrupt() - kvm/x86: fix icebp instruction handling (CVE-2018-1087) - [x86] x86/entry/64: Don't use IST entry for #BP stack (CVE-2018-8897) - bpf: skip unnecessary capability check https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.92 - scsi: sg: don't return bogus Sg_requests - net sched actions: return explicit error when tunnel_key mode is not specified - ppp: avoid loop in xmit recursion detection code - sch_netem: fix skb leak in netem_enqueue() - ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event() - net: Fix hlist corruptions in inet_evict_bucket() - dccp: check sk for closed state in dccp_sendmsg() (CVE-2018-1130) - ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option() - l2tp: do not accept arbitrary sockets - net: ethernet: arc: Fix a potential memory leak if an optional regulator is deferred - netlink: avoid a double skb free in genlmsg_mcast() - team: Fix double free in error path - soc/fsl/qbman: fix issue in qman_delete_cgr_safe() - net: hns: Fix a skb used after free bug https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.93 - mtd: jedec_probe: Fix crash in jedec_read_mfr() - ALSA: pcm: potential uninitialized return values - perf/hwbp: Simplify the perf-hwbp code, fix documentation (CVE-2018-1000199) - kprobes/x86: Fix to set RWX bits correctly before releasing trampoline - arm64: avoid overflow in VA_START and PAGE_OFFSET - xfrm_user: uncoditionally validate esn replay attribute struct - RDMA/ucma: Check AF family prior resolving address - RDMA/ucma: Fix use-after-free access in ucma_close - RDMA/ucma: Ensure that CM_ID exists prior to access it - RDMA/ucma: Check that device is connected prior to access it - RDMA/ucma: Check that device exists prior to accessing it - RDMA/ucma: Introduce safer rdma_addr_size() variants - net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms() - xfrm: Refuse to insert 32 bit userspace socket policies on 64 bit systems - netfilter: bridge: ebt_among: add more missing match size checks - Bluetooth: Fix missing encryption refresh on Security Request - scsi: virtio_scsi: always read VPD pages for multiqueue too - usb: dwc2: Improve gadget state disconnection handling - [arm64] arm64: mm: Use non-global mappings for kernel space - [arm64] arm64: mm: Move ASID from TTBR0 to TTBR1 - [arm64] arm64: mm: Allocate ASIDs in pairs - [arm64] arm64: mm: Add arm64_kernel_unmapped_at_el0 helper - [arm64] arm64: mm: Invalidate both kernel and user ASIDs when performing TLBI - [arm64] arm64: factor out entry stack manipulation - module: extend 'rodata=off' boot cmdline parameter to module mappings - [arm64] entry: Add exception trampoline page for exceptions from EL0 - [arm64] mm: Map entry trampoline into trampoline and kernel page tables - [arm64] entry: Explicitly pass exception level to kernel_ventry macro - [arm64] entry: Hook up entry trampoline to exception vectors - [arm64] tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks - [arm64] entry: Add fake CPU feature for unmapping the kernel at EL0 - [arm64] kaslr: Put kernel vectors address in separate data page - [arm64] use RET instruction for exiting the trampoline - [arm64] Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0 - [arm64] Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry - [arm64] Take into account ID_AA64PFR0_EL1.CSV3 - [arm64] Allow checking of a CPU-local erratum - [arm64] capabilities: Handle duplicate entries for a capability - [arm64] cputype: Add MIDR values for Cavium ThunderX2 CPUs - [arm64] Turn on KPTI only on CPUs that need it - [arm64] kpti: Make use of nG dependent on arm64_kernel_unmapped_at_el0() - [arm64] kpti: Add ->enable callback to remap swapper using nG mappings - [arm64] Force KPTI to be disabled on Cavium ThunderX - [arm64] entry: Reword comment about post_ttbr_update_workaround - [arm64] idmap: Use "awx" flags for .idmap.text .pushsection directives - media: usbtv: prevent double free in error case (CVE-2017-17975) - crypto: ahash - Fix early termination in hash walk - crypto: x86/cast5-avx - fix ECB encryption when long sg follows short one - net: hns: Fix ethtool private flags (CVE-2017-18222) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.94 - [x86] x86/asm: Don't use RBP as a temporary register in csum_partial_copy_generic() - IB/srpt: Avoid that aborting a command triggers a kernel warning - af_key: Fix slab-out-of-bounds in pfkey_compile_policy. - bna: Avoid reading past end of buffer - qlge: Avoid reading past end of buffer - ubi: fastmap: Fix slab corruption - drivers/misc/vmw_vmci/vmci_queue_pair.c: fix a couple integer overflow tests - perf/callchain: Force USER_DS when invoking perf_callchain_user() - Input: elan_i2c - check if device is there before really probing - KVM: PPC: Book3S PR: Check copy_to/from_user return values - [arm64] arm64: perf: Ignore exclude_hv when kernel is running in HYP - [arm] KVM: arm: Restore banked registers and physical timer access on hyp_panic() - [arm64] KVM: arm64: Restore host physical timer access on hyp_panic() - usb: dwc3: keystone: check return value - ata: libahci: properly propagate return value of platform_get_irq() - ipmr: vrf: Find VIFs using the actual device - uio: fix incorrect memory leak cleanup - net: x25: fix one potential use-after-free issue - USB: ene_usb6250: fix SCSI residue overwriting - net/wan/fsl_ucc_hdlc: fix unitialized variable warnings - net/wan/fsl_ucc_hdlc: fix incorrect memory allocation - mlxsw: spectrum: Avoid possible NULL pointer dereference - scsi: csiostor: fix use after free in csio_hw_use_fwconfig() - [powerpc*] powerpc/mm: Fix virt_addr_valid() etc. on 64-bit hash - ath5k: fix memory leak on buf on failed eeprom read - ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors - md-cluster: fix potential lock issue in add_new_disk - ray_cs: Avoid reading past end of buffer - net/wan/fsl_ucc_hdlc: fix muram allocation error - perf/core: Fix error handling in perf_event_alloc() - selinux: do not check open permission on sockets - block: fix an error code in add_partition() - libceph: NULL deref on crush_decode() error path - perf report: Fix off-by-one for non-activation frames - netfilter: ctnetlink: fix incorrect nf_ct_put during hash resize - scsi: bnx2fc: fix race condition in bnx2fc_get_host_stats() - fix race in drivers/char/random.c:get_reg() - ext4: fix off-by-one on max nr_pages in ext4_find_unwritten_pgoff() - tcp: better validation of received ack sequences - net: llc: add lock_sock in llc_ui_bind to avoid a race condition - drm/msm: Take the mutex before calling msm_gem_new_impl - thermal: power_allocator: fix one race condition issue for thermal_instances list - VFS: close race between getcwd() and d_move() - PM / devfreq: Fix potential NULL pointer dereference in governor_store - media: videobuf2-core: don't go out of the buffer range - blk-mq: fix race between updating nr_hw_queues and switching io sched - wl1251: check return from call to wl1251_acx_arp_ip_filter - hdlcdrv: Fix divide by zero in hdlcdrv_ioctl - [x86] x86/efi: Disable runtime services on kexec kernel if booted with efi=old_map - ovl: filter trusted xattr for non-admin - dmaengine: imx-sdma: Handle return value of clk_prepare_enable - backlight: Report error on failure - [arm64] arm64: futex: Fix undefined behaviour with FUTEX_OP_OPARG_SHIFT usage - net: freescale: fix potential null pointer dereference - KVM: SVM: do not zero out segment attributes if segment is unusable or not present - clk: scpi: fix return type of __scpi_dvfs_round_rate - drm/amdkfd: NULL dereference involving create_process() - qlcnic: Fix a sleep-in-atomic bug in qlcnic_82xx_hw_write_wx_2M and qlcnic_82xx_hw_read_wx_2M - [arm64] arm64: kernel: restrict /dev/mem read() calls to linear region - mISDN: Fix a sleep-in-atomic bug - RDMA/iw_cxgb4: Avoid touch after free error in ARP failure handlers - RDMA/hfi1: fix array termination by appending NULL to attr array - bio-integrity: Do not allocate integrity context for bio w/o data - skbuff: return -EMSGSIZE in skb_to_sgvec to prevent overflow - macsec: check return value of skb_to_sgvec always - e1000e: fix race condition around skb_tstamp_tx() - igb: fix race condition with PTP_TX_IN_PROGRESS bits - cx25840: fix unchecked return values - mceusb: sporadic RX truncation corruption fix - nvme: fix hang in remove path - KVM: nVMX: Update vmcs12->guest_linear_address on nested VM-exit - crypto: omap-sham - buffer handling fixes for hashing later - crypto: omap-sham - fix closing of hash with separate finalize call - net: ena: fix race condition between submit and completion admin command - [s390x] s390/dasd: fix hanging safe offline - drm/vc4: Fix resource leak in 'vc4_get_hang_state_ioctl()' in error handling path - scsi: libsas: fix memory leak in sas_smp_get_phy_events() (CVE-2018-7757) - blk-mq: fix kernel oops in blk_mq_tag_idle() - ipv6: the entire IPv6 header chain must fit the first fragment - net: fix possible out-of-bound read in skb_network_protocol() - net/ipv6: Fix route leaking between VRFs - net/ipv6: Increment OUTxxx counters after netfilter hook - netlink: make sure nladdr has correct size in netlink_connect() - net/sched: fix NULL dereference in the error path of tcf_bpf_init() - pptp: remove a buggy dst release in pptp_connect() - r8169: fix setting driver_data after register_netdev - sctp: do not leak kernel memory to user space - sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6 - net: fool proof dev_valid_name() - ip_tunnel: better validate user provided tunnel names - ipv6: sit: better validate user provided tunnel names - ip6_gre: better validate user provided tunnel names - ip6_tunnel: better validate user provided tunnel names - vti6: better validate user provided tunnel names - net/sched: fix NULL dereference in the error path of tunnel_key_init() - net/sched: fix NULL dereference on the error path of tcf_skbmod_init() - vhost: validate log when IOTLB is enabled - vhost_net: add missing lock nesting notation - net/mlx4_core: Fix memory leak while delete slave's resources - vrf: Fix use after free and double free in vrf_finish_output https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.95 - media: v4l2-compat-ioctl32: don't oops on overlay - parisc: Fix out of array access in match_pci_device() - perf intel-pt: Fix overlap detection to identify consecutive buffers correctly - perf intel-pt: Fix timestamp following overflow - perf/core: Fix use-after-free in uprobe_perf_close() - [arm64] arm64: barrier: Add CSDB macros to control data-value prediction - [arm64] arm64: Implement array_index_mask_nospec() - [arm64] arm64: move TASK_* definitions to <asm/processor.h> - [arm64] arm64: Make USER_DS an inclusive limit - [arm64] arm64: Use pointer masking to limit uaccess speculation - [arm64] arm64: entry: Ensure branch through syscall table is bounded under speculation - [arm64] arm64: uaccess: Prevent speculative use of the current addr_limit - [arm64] arm64: uaccess: Don't bother eliding access_ok checks in __{get, put}_user - [arm64] arm64: uaccess: Mask __user pointers for __arch_{clear, copy_*}_user - [arm64] arm64: cpufeature: __this_cpu_has_cap() shouldn't stop early - [arm64] arm64: Run enable method for errata work arounds on late CPUs - [arm64] arm64: cpufeature: Pass capability structure to ->enable callback - [arm64] arm64: Factor out TTBR0_EL1 post-update workaround into a specific asm macro - [arm64] arm64: Move post_ttbr_update_workaround to C code - [arm64] arm64: Add skeleton to harden the branch predictor against aliasing attacks - [arm64] arm64: Move BP hardening to check_and_switch_context - [arm64] arm64: KVM: Use per-CPU vector when BP hardening is enabled - [arm64] arm64: entry: Apply BP hardening for high-priority synchronous exceptions - [arm64] arm64: entry: Apply BP hardening for suspicious interrupts from EL0 - [arm64] arm64: cputype: Add missing MIDR values for Cortex-A72 and Cortex-A75 - [arm64] arm64: cpu_errata: Allow an erratum to be match for all revisions of a core - [arm64] arm64: Implement branch predictor hardening for affected Cortex-A CPUs - [arm64] arm64: Branch predictor hardening for Cavium ThunderX2 - [arm64] arm64: KVM: Increment PC after handling an SMC trap - [arm64] arm/arm64: KVM: Consolidate the PSCI include files - [arm64] arm/arm64: KVM: Add PSCI_VERSION helper - [arm64] arm/arm64: KVM: Add smccc accessors to PSCI code - [arm64] arm/arm64: KVM: Implement PSCI 1.0 support - [arm64] arm/arm64: KVM: Advertise SMCCC v1.1 - [arm64] arm64: KVM: Make PSCI_VERSION a fast path - [arm64] arm/arm64: KVM: Turn kvm_psci_version into a static inline - [arm64] arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support - [arm64] arm64: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling - [arm64] firmware/psci: Expose PSCI conduit - [arm64] firmware/psci: Expose SMCCC version through psci_ops - [arm64] arm/arm64: smccc: Make function identifiers an unsigned quantity - [arm64] arm/arm64: smccc: Implement SMCCC v1.1 inline primitive - [arm64] arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support - [arm64] arm64: Kill PSCI_GET_VERSION as a variant-2 workaround - block/loop: fix deadlock after loop_set_status - rtl8187: Fix NULL pointer dereference in priv->conf_mutex - hwmon: (ina2xx) Fix access to uninitialized mutex - slip: Check if rstate is initialized before uncompressing - [arm64] arm64: futex: Mask __user pointers prior to dereference https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.96 - tty: make n_tty_read() always abort if hangup is in progress - ubifs: Check ubifs_wbuf_sync() return code - ubi: Fix error for write access - resource: fix integer overflow at reallocation - ipc/shm: fix use-after-free of shm file via remap_file_pages() - usb: musb: gadget: misplaced out of bounds check - xen-netfront: Fix hang on device removal - regmap: Fix reversed bounds check in regmap_raw_write() - USB: gadget: f_midi: fixing a possible double-free in f_midi - USB:fix USB3 devices behind USB3 hubs not resuming at hibernate thaw - smb3: Fix root directory when server returns inode number of zero - HID: i2c-hid: fix size check and type usage - random: use a tighter cap in credit_entropy_bits_safe() - ext4: fail ext4_iget for root directory if unallocated (CVE-2018-1092) - RDMA/rxe: Fix an out-of-bounds read - ALSA: pcm: Fix UAF at PCM release via PCM timer access - dmaengine: at_xdmac: fix rare residue corruption - libnvdimm, namespace: use a safe lookup for dimm device name - iommu/vt-d: Fix a potential memory leak - mmc: jz4740: Fix race condition in IRQ mask update - pwm: rcar: Fix a condition to prevent mismatch value setting to duty - thermal: imx: Fix race condition in imx_thermal_probe() - ext4: don't allow r/w mounts if metadata blocks overlap the superblock - drm/amdgpu: Fix always_valid bos multiple LRU insertions. - drm/amdgpu: Fix PCIe lane width calculation - drm/rockchip: Clear all interrupts before requesting the IRQ - drm/radeon: Fix PCIe lane width calculation - ALSA: line6: Use correct endpoint type for midi output - ALSA: rawmidi: Fix missing input substream checks in compat ioctls - ALSA: hda - New VIA controller suppor no-snoop path - random: fix crng_ready() test (CVE-2018-1108) - random: crng_reseed() should lock the crng instance that it is modifying - random: add new ioctl RNDRESEEDCRNG - HID: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device - MIPS: uaccess: Add micromips clobbers to bzero invocation - MIPS: memset.S: EVA & fault support for small_memset - MIPS: memset.S: Fix return of __clear_user from Lpartial_fixup - MIPS: memset.S: Fix clobber of v1 in last_fixup - [powerpc*] powerpc/eeh: Fix enabling bridge MMIO windows - [powerpc*] powerpc/lib: Fix off-by-one in alternate feature patching - udf: Fix leak of UTF-16 surrogates into encoded strings - jffs2_kill_sb(): deal with failed allocations - hypfs_kill_super(): deal with failed allocations - orangefs_kill_sb(): deal with allocation failures - rpc_pipefs: fix double-dput() - Don't leak MNT_INTERNAL away from internal mounts - autofs: mount point create should honour passed in mode - mm/filemap.c: fix NULL pointer in page_cache_tree_insert() - fanotify: fix logic of events on child - writeback: safer lock nesting - block/mq: fix potential deadlock during cpu hotplug https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.97 - cifs: do not allow creating sockets except with SMB1 posix exensions - [x86] x86/tsc: Prevent 32bit truncation in calc_hpet_ref() - drm/vc4: Fix memory leak during BO teardown - drm/i915: Fix LSPCON TMDS output buffer enabling from low-power state - power: supply: bq2415x: check for NULL acpi_id to avoid null pointer dereference - OF: Prevent unaligned access in of_alias_scan() - jbd2: fix use after free in kjournald2() - perf: Return proper values for user stack errors - RDMA/mlx5: Fix NULL dereference while accessing XRC_TGT QPs - mac80211_hwsim: fix use-after-free bug in hwsim_exit_net - [s390] s390: introduce CPU alternatives - [s390] s390: enable CPU alternatives unconditionally - [s390] KVM: s390: wire up bpb feature - [s390] s390: scrub registers on kernel entry and KVM exit - [s390] s390: add optimized array_index_mask_nospec - [s390] s390/alternative: use a copy of the facility bit mask - [s390] s390: add options to change branch prediction behaviour for the kernel - [s390] s390: run user space and KVM guests with modified branch prediction - [s390] s390: introduce execute-trampolines for branches - [s390] KVM: s390: force bp isolation for VSIE - [s390] s390: Replace IS_ENABLED(EXPOLINE_*) with IS_ENABLED(CONFIG_EXPOLINE_*) - [s390] s390: do not bypass BPENTER for interrupt system calls - [s390] s390/entry.S: fix spurious zeroing of r0 - [s390] s390: move nobp parameter functions to nospec-branch.c - [s390] s390: add automatic detection of the spectre defense - [s390] s390: report spectre mitigation via syslog - [s390] s390: add sysfs attributes for spectre - [s390] s390: correct nospec auto detection init order - [s390] s390: correct module section names for expoline code revert - KEYS: DNS: limit the length of option strings - l2tp: check sockaddr length in pppol2tp_connect() - net: validate attribute sizes in neigh_dump_table() - llc: delete timers synchronously in llc_sk_free() - tcp: don't read out-of-bounds opsize - packet: fix bitfield update race - pppoe: check sockaddr length in pppoe_connect() - vlan: Fix reading memory beyond skb->tail in skb_vlan_tagged_multi - sctp: do not check port in sctp_inet6_cmp_addr - llc: hold llc_sap before release_sock() - llc: fix NULL pointer deref for SOCK_ZAPPED - net: fix deadlock while clearing neighbor proxy table - net: af_packet: fix race in PACKET_{R|T}X_RING - cdrom: information leak in cdrom_ioctl_media_changed() (CVE-2018-10940) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.98 - ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS - ext4: set h_journal if there is a failure starting a reserved handle - ext4: add validity checks for bitmap block numbers (CVE-2018-1093) - ext4: fix bitmap position validation - random: set up the NUMA crng instances after the CRNG is fully initialized - random: fix possible sleeping allocation from irq context - random: rate limit unseeded randomness warnings - usbip: usbip_event: fix to not print kernel pointer address - usbip: usbip_host: fix to hold parent lock for device_attach() calls - usbip: vhci_hcd: Fix usb device and sockfd leaks - virtio_console: free buffers after reset - drm/virtio: fix vq wait_event condition - tty: Don't call panic() at tty_ldisc_init() - tty: Use __GFP_NOFAIL for tty_ldisc_get() - ALSA: dice: fix error path to destroy initialized stream data - ALSA: opl3: Hardening for potential Spectre v1 - ALSA: asihpi: Hardening for potential Spectre v1 - ALSA: hdspm: Hardening for potential Spectre v1 - ALSA: rme9652: Hardening for potential Spectre v1 - ALSA: control: Hardening for potential Spectre v1 - ALSA: seq: oss: Fix unbalanced use lock for synth MIDI device - ALSA: seq: oss: Hardening for potential Spectre v1 - ALSA: hda: Hardening for potential Spectre v1 - ALSA: hda/realtek - Add some fixes for ALC233 - mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase block. - mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug. - mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase block. - kobject: don't use WARN for registration failures - PCI: aardvark: Fix PCIe Max Read Request Size setting - ARM: amba: Fix race condition with driver_override - ARM: amba: Don't read past the end of sysfs "driver_override" buffer - crypto: drbg - set freed buffers to NULL - libceph: un-backoff on tick when we have a authenticated session - libceph: reschedule a tick in finish_hunting() - libceph: validate con->state at the top of try_write() - [powerpc*] cpufreq: powernv: Fix hardlockup due to synchronous smp_call in timer interrupt - [powerpc*] powerpc/eeh: Fix race with driver un/bind https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.99 - perf/core: Fix the perf_cpu_time_max_percent check (CVE-2018-18255) - ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger() - Input: leds - fix out of bound access - xfs: prevent creating negative-sized file via INSERT_RANGE - RDMA/cxgb4: release hw resources on device removal - RDMA/mlx5: Protect from shift operand overflow - IB/mlx5: Use unlimited rate when static rate is not supported - IB/hfi1: Fix NULL pointer dereference when invalid num_vls is used - drm/vmwgfx: Fix a buffer object leak - drm/bridge: vga-dac: Fix edid memory leak - usb: musb: host: fix potential NULL pointer dereference - usb: musb: trace: fix NULL pointer dereference in musb_g_tx() - platform/x86: asus-wireless: Fix NULL pointer dereference https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.100 - ipvs: fix rtnl_lock lockups caused by start_sync_thread - crypto: af_alg - fix possible uninit-value in alg_bind() - netlink: fix uninit-value in netlink_sendmsg - net: fix rtnh_ok() - net: initialize skb->peeked when cloning - net: fix uninit-value in __hw_addr_add_ex() - dccp: initialize ireq->ir_mark - soreuseport: initialise timewait reuseport field - tcp: fix TCP_REPAIR_QUEUE bound checking - bdi: Fix oops in wb_workfn() - [powerpc*] KVM: PPC: Book3S HV: Fix trap number return from __kvmppc_vcore_entry - f2fs: fix a dead loop in f2fs_fiemap() (CVE-2018-18257) - arm64: Add work around for Arm Cortex-A55 Erratum 1024718 - gpioib: do not free unrequested descriptors - rfkill: gpio: fix memory leak in probe error path - net: atm: Fix potential Spectre v1 - atm: zatm: Fix potential Spectre v1 - tracing/uprobe_event: Fix strncpy corner case - [x86] perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_* - [x86] perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr - [x86] perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver - perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[] - [x86] perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.101 - ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg - llc: better deal with too small mtu - net: ethernet: sun: niu set correct packet size in skb - net: ethernet: ti: cpsw: fix packet leaking in dual_mac mode - net/mlx4_en: Verify coalescing parameters are in range - net_sched: fq: take care of throttled flows before reuse - tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent(). - futex: Remove duplicated code and fix undefined behaviour - proc: do not access cmdline nor environ from file-backed areas (CVE-2018-1120) - kernel/exit.c: avoid undefined behaviour when calling wait4() (CVE-2018-10087) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.102 - usbip: usbip_host: fix NULL-ptr deref and use-after-free errors (CVE-2018-5814) - [arm*] KVM: arm/arm64: VGIC/ITS: protect kvm_read_guest() calls with SRCU lock - [powerpc*] powerpc/powernv: Fix NVRAM sleep in invalid context when crashing - s390: remove indirect branch from do_softirq_own_stack - efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode - Btrfs: fix xattr loss after power failure - btrfs: fix crash when trying to resume balance without the resume flag - [x86] x86/amd: don't set X86_BUG_SYSRET_SS_ATTRS when running under Xen - btrfs: fix reading stale metadata blocks after degraded raid1 mounts - [x86] x86/nospec: Simplify alternative_msr_write() - [x86] x86/bugs: Concentrate bug detection into a separate function - [x86] x86/bugs: Concentrate bug reporting into a separate function - [x86] x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - [x86] x86/bugs, KVM: Support the combination of guest and host IBRS - [x86] x86/bugs: Expose /sys/../spec_store_bypass - [x86] x86/cpufeatures: Add X86_FEATURE_RDS - [x86] x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - [x86] x86/bugs/intel: Set proper CPU features and setup RDS - [x86] x86/bugs: Whitelist allowed SPEC_CTRL MSR values - [x86] x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - [x86] x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - prctl: Add speculation control prctls - [x86] process: Optimize TIF checks in __switch_to_xtra() - [x86] process: Correct and optimize TIF_BLOCKSTEP switch - [x86] process: Optimize TIF_NOTSC switch - [x86] x86/process: Allow runtime control of Speculative Store Bypass (CVE-2018-3639) - [x86] x86/speculation: Add prctl for Speculative Store Bypass mitigation - nospec: Allow getting/setting on non-current task - proc: Provide details on speculation flaw mitigations - seccomp: Enable speculation flaw mitigations - [x86] x86/bugs: Make boot modes __ro_after_init - prctl: Add force disable speculation - seccomp: Use PR_SPEC_FORCE_DISABLE - seccomp: Add filter flag to opt-out of SSB mitigation - seccomp: Move speculation migitation control to arch code - [x86] x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - KVM: SVM: Move spec control call after restore of GS - [x86] x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP - [x86] x86/cpu/AMD: Fix erratum 1076 (CPB bit) - [x86] x86/speculation: Add virtualized speculative store bypass disable support https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.103 - net: test tailroom before appending to linear skb - packet: in packet_snd start writing at link layer allocation - sock_diag: fix use-after-free read in __sk_free - ext2: fix a block leak - [s390x] s390/crc32-vx: use expoline for indirect branches - [s390x] s390/lib: use expoline for indirect branches - [s390x] s390/ftrace: use expoline for indirect branches - [s390x] s390/kernel: use expoline for indirect branches - [s390x] s390: extend expoline to BC instructions - [s390x] s390: use expoline thunks in the BPF JIT - scsi: libsas: defer ata device eh commands to libata (CVE-2018-10021) - scsi: sg: allocate with __GFP_ZERO in sg_build_indirect() (CVE-2018-1000204) - scsi: zfcp: fix infinite iteration on ERP ready list - cfg80211: limit wiphy names to 128 bytes - [x86] x86/kexec: Avoid double free_page() upon do_kexec_load() failure - usb: gadget: core: Fix use-after-free of usb_request - usb: cdc_acm: prevent race at write to acm while system resumes - USB: OHCI: Fix NULL dereference in HCDs using HCD_LOCAL_MEM - usb: gadget: ffs: Execute copy_to_user() with USER_DS set - usb: gadget: udc: change comparison to bitshift when dealing with a mask - media: em28xx: USB bulk packet size fix - scsi: fas216: fix sense buffer initialization - scsi: sym53c8xx_2: iterator underflow in sym_getsync() - scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo() - scsi: qla2xxx: Avoid triggering undefined behavior in qla2x00_mbx_completion() - scsi: aacraid: fix shutdown crash when init fails - scsi: aacraid: Insure command thread is not recursively stopped - scsi: lpfc: Fix soft lockup in lpfc worker thread during LIP testing - media: dmxdev: fix error code for invalid ioctls - media: s3c-camif: fix out-of-bounds array access - media: cx25821: prevent out-of-bounds read on array card - serial: xuartps: Fix out-of-bounds access through DT alias - serial: samsung: Fix out-of-bounds access through serial port index - serial: mxs-auart: Fix out-of-bounds access through serial port index - serial: imx: Fix out-of-bounds access through serial port index - serial: fsl_lpuart: Fix out-of-bounds access through DT alias - serial: arc_uart: Fix out-of-bounds access through DT alias - rtc: hctosys: Ensure system time doesn't overflow time_t - rtc: tx4939: avoid unintended sign extension on a 24 bit shift https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.104 - [mips] MIPS: c-r4k: Fix data corruption related to cache coherence - affs_lookup(): close a race with affs_remove_link() - aio: fix io_destroy(2) vs. lookup_ioctx() race - do d_instantiate/unlock_new_inode combinations safely - libata: Blacklist some Sandisk SSDs for NCQ - libata: blacklist Micron 500IT SSD with MU01 firmware - IB/hfi1: Use after free race condition in send context error path - Revert "ipc/shm: Fix shmat mmap nil-page protection" - ipc/shm: fix shmat() nil address after round-down when remapping - kernel/sys.c: fix potential Spectre v1 issue - kernel/signal.c: avoid undefined behaviour in kill_something_info (CVE-2018-10124) - KVM/VMX: Expose SSBD properly to guests - firewire-ohci: work around oversized DMA reads on JMicron controllers - i40iw: Zero-out consumer key on allocate stag for FMR - iommu/vt-d: Use domain instead of cache fetching - mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl() (CVE-2018-8087) - btrfs: Fix out of bounds access in btrfs_search_slot - Btrfs: fix scrub to repair raid6 corruption - HID: roccat: prevent an out of bounds read in kovaplus_profile_activated() - jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path - RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure - gianfar: prevent integer wrapping in the rx handler - tcp_nv: fix potential integer overflow in tcpnv_acked - kvm: Map PFN-type memory regions as writable (if possible) - mm/mempolicy: fix the check of nodemask from user - mm/mempolicy: add nodes_empty check in SYSC_migrate_pages - mm: pin address_space before dereferencing it while isolating an LRU page - mm/fadvise: discard partial page if endbyte is also EOF - drm/nouveau/pmu/fuc: don't use movw directly anymore - netfilter: ipv6: nf_defrag: Kill frag queue on RFC2460 failure - [x86] x86/power: Fix swsusp_arch_resume prototype - firmware: dmi_scan: Fix handling of empty DMI strings - xen-netfront: Fix race between device setup and open - xen/grant-table: Use put_page instead of free_page - RDS: IB: Fix null pointer issue - [arm64] arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics - bcache: fix for allocator and register thread race - bcache: fix for data collapse after re-attaching an attached device - bcache: return attach error when no cache set exist - [x86] vfs/proc/kcore, x86/mm/kcore: Fix SMAP fault when dumping vsyscall user page - ptr_ring: prevent integer overflow when calculating size - [arm] ARM: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt - iwlwifi: mvm: fix security bug in PN checking - rxrpc: Work around usercopy check - mac80211: fix a possible leak of station stats - mac80211: fix calling sleeping function in atomic context - md raid10: fix NULL deference in handle_write_completed() - locking/xchg/alpha: Add unconditional memory barrier to cmpxchg() - md: raid5: avoid string overflow warning - kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE - PKCS#7: fix direct verification of SignerInfo signature - locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs - macvlan: fix use-after-free in macvlan_common_newlink() - md: fix a potential deadlock of raid5/raid10 reshape - md/raid1: fix NULL pointer dereference - ceph: fix dentry leak when failing to init debugfs - [arm] ARM: orion5x: Revert commit 4904dbda41c8. closes: #892057 - dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3 - bcache: fix kcrashes with fio in RAID5 backend dev - RDMA/qedr: Fix kernel panic when running fio over NFSoRDMA - RDMA/qedr: Fix iWARP write and send with immediate - IB/mlx4: Fix corruption of RoCEv2 IPv4 GIDs - fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper(). (CVE-2018-6412) - fsl/fman: avoid sleeping in atomic context while adding an address - net: qcom/emac: Use proper free methods during TX - net: smsc911x: Fix unload crash when link is up - IB/core: Fix possible crash to access NULL netdev - batman-adv: fix header size check in batadv_dbg_arp() - batman-adv: Fix skbuff rcsum on packet reroute - vti4: Don't count header length twice on tunnel setup - vti4: Don't override MTU passed on link creation via IFLA_MTU - brcmfmac: Fix check for ISO3166 code - mm/mempolicy.c: avoid use uninitialized preferred_node - mm, thp: do not cause memcg oom for thp - [x86] x86/mm: Do not forbid _PAGE_RW before init for __ro_after_init - fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl table - swap: divide-by-zero when zero length swap file on ssd - mm: fix races between address_space dereference and free in page_evicatable - Btrfs: fix NULL pointer dereference in log_dir_items - btrfs: Fix possible softlock on single core machines - xen/acpi: off by one in read_acpi_id() - ACPI: acpi_pad: Fix memory leak in power saving threads - [powerpc*] powerpc/perf: Prevent kernel address leak to userspace via BHRB buffer - [powerpc*] powerpc/perf: Fix kernel address leak via sampling registers - net/mlx5: Protect from command bit overflow - ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk) - ipmi_ssif: Fix kernel panic at msg_done_handler - [powerpc*] powerpc: Add missing prototype for arch_irq_work_raise() - f2fs: fix to check extent cache in f2fs_drop_extent_tree - dmaengine: pl330: fix a race condition in case of threaded irqs - audit: return on memory error to avoid null pointer dereference - netlabel: If PF_INET6, check sk_buff ip header version https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.105 - Revert "vti4: Don't override MTU passed on link creation via IFLA_MTU" https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.106 - x86/xen: Add unwind hint annotations to xen_setup_gdt https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.107 - [arm64] arm64: lse: Add early clobbers to some input/output asm operands - [powerpc*] powerpc/64s: Clear PCR on boot - xfs: detect agfl count corruption and reset agfl - tracing: Fix crash when freeing instances with event triggers - selinux: KASAN: slab-out-of-bounds in xattr_getsecurity - tcp: avoid integer overflows in tcp_rcv_space_adjust() - [arm64] arm64: Add hypervisor safe helper for checking constant capabilities - [powerpc*] powerpc/rfi-flush: Move out of HARDLOCKUP_DETECTOR #ifdef - [powerpc*] powerpc/pseries: Support firmware disable of RFI flush - [powerpc*] powerpc/powernv: Support firmware disable of RFI flush - [powerpc*] powerpc/rfi-flush: Always enable fallback flush on pseries - [powerpc*] powerpc/rfi-flush: Differentiate enabled and patched flush types - [powerpc*] powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration - [powerpc*] powerpc: Add security feature flags for Spectre/Meltdown - [powerpc*] powerpc/pseries: Set or clear security feature flags - [powerpc*] powerpc/powernv: Set or clear security feature flags - [powerpc*] powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() - [powerpc*] powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() - [powerpc*] powerpc/64s: Wire up cpu_show_spectre_v1() - [powerpc*] powerpc/64s: Wire up cpu_show_spectre_v2() - [powerpc*] powerpc/pseries: Fix clearing of security feature flags - [powerpc*] powerpc: Move default security feature flags - [powerpc*] powerpc/pseries: Restore default security feature flags on setup - [powerpc*] powerpc/64s: Fix section mismatch warnings from setup_rfi_flush() - [powerpc*] powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit - net/mlx4_en: fix potential use-after-free with dma_unmap_page - iio:kfifo_buf: check for uint overflow - mm: fix the NULL mapping case in __isolate_lru_page() - serial: pl011: add console matching function [ Steve McIntyre ] * Backports for Qualcomm Centriq machines. Closes: #896775 - [arm64] Backport support for Qualcomm Centriq onboard emac NIC - [arm64] Backport workaround for erratum E1041 [ Romain Perier ] * [armhf] MFD: Enable MFD_TPS65217 (Closes: #897590) [ Salvatore Bonaccorso ] * nfsd: increase DRC cache limit (Closes: #898137) [ Yves-Alexis Perez ] * [rt] Update patchset to 4.9.98-rt76 - don't apply "drivers/net: Use disable_irq_nosync() in 8139too" since it's already included upstream - removed "rtmutex: Fix PI chain order integrity" - fs/aio: simple simple work * Bump ABI to 7 - remove all ignored ABI changes since ABI 6 - remove all patches reverting ABI changes since ABI 6 * [rt] "fs/dcache: disable preemption on i_dir_seq's write side" edited for fuzz after 4.9.106. [ Ben Hutchings ] * random: Make getranndom() ready earlier (see #897599) -- Ben Hutchings &lt;ben(a)decadent.org.uk&gt; Wed, 13 Jun 2018 04:48:46 +0100 --- Modifications pour linux-latest (linux-image-amd64) --- linux-latest (80+deb9u5) stretch; urgency=medium * Update to 4.9.0-7 -- Ben Hutchings &lt;ben(a)decadent.org.uk&gt; Thu, 14 Jun 2018 15:07:03 +0100 --- Modifications pour nss-pam-ldapd (libnss-ldapd libpam-ldapd nslcd nslcd-utils) --- nss-pam-ldapd (0.9.7-2+deb9u1) stretch; urgency=medium * Non-maintainer upload. * Increase size of hostname buffer. This increases the host name buffer to support host names (that include FQDNs) to 255 characters and removes the reliance on HOST_NAME_MAX and _POSIX_HOST_NAME_MAX which may be smaller in some situations. (Closes: #890508) -- Salvatore Bonaccorso &lt;carnil(a)debian.org&gt; Thu, 08 Mar 2018 14:11:25 +0100 --- Modifications pour openldap (ldap-utils libldap-2.4-2 libldap-common) --- openldap (2.4.44+dfsg-5+deb9u2) stretch; urgency=medium * Import upstream patch to fix an out-of-sync issue with delta-syncrepl replication in multi-master environments, resulting from changes losing tracking information and being applied multiple times. (ITS#8444) (Closes: #877166) * Really fix upgrades when the config contains backslash-escaped special characters. The previous fix was incomplete and didn't fully fix upgrades involving a database reload. (Closes: #864719) -- Ryan Tandy &lt;ryan(a)nardis.ca&gt; Tue, 22 May 2018 21:25:19 -0700 --- Modifications pour patch --- patch (2.7.5-1+deb9u1) stretch; urgency=medium * Fix CVE-2018-1000156: arbitrary command execution in ed-style patches (closes: #894993). -- Laszlo Boszormenyi (GCS) &lt;gcs(a)debian.org&gt; Mon, 16 Apr 2018 20:48:43 +0000 --- Modifications pour shared-mime-info --- shared-mime-info (1.8-1+deb9u1) stretch; urgency=medium * Non-maintainer upload. * Switch dpkg trigger to noawait. Closes: #864953. -- Adrian Bunk &lt;bunk(a)debian.org&gt; Wed, 14 Mar 2018 20:01:56 +0200 --- Modifications pour systemd (libpam-systemd libsystemd0 libudev1 systemd systemd-sysv udev) --- systemd (232-25+deb9u4) stretch; urgency=medium * core/load-fragment: Add RemoveIPC= Allow RemoveIPC= to be set in the unit file not only via D-Bus. (Closes: #892829) * nspawn: Add missing -E to getopt_long. The -E alias for --setenv in systemd-nspawn was not working as documented. This commit fixes that by adding -E to getopt_long. (Closes: #895798) * login: Respect --no-wall when cancelling a shutdown request (Closes: #897938) -- Michael Biebl &lt;biebl(a)debian.org&gt; Wed, 13 Jun 2018 22:20:36 +0200 --- Modifications pour xapian-core (libxapian30) --- xapian-core (1.4.3-2+deb9u1) stretch; urgency=medium * Fix MSet::snippet() to escape HTML in all cases (CVE-2018-499). New patch: cve-2018-0499-mset-snippet-escaping.patch (Closes: #902886) -- Olly Betts &lt;olly(a)survex.com&gt; Fri, 06 Jul 2018 09:52:48 +1200 --- Modifications pour cups (libcups2 libcupsimage2) --- cups (2.2.1-8+deb9u2) stretch-security; urgency=low * CVE-2018-6553: Fix AppArmor cupsd sandbox bypass due to use of hard links * Backport upstream fixes for: - CVE-2018-4180 Local Privilege Escalation to Root in dnssd Backend (CUPS_SERVERBIN) - CVE-2018-4181 Limited Local File Reads as Root via cupsd.conf Include Directive - CVE-2018-4182 cups-exec Sandbox Bypass Due to Insecure Error Handling - CVE-2018-4183 cups-exec Sandbox Bypass Due to Profile Misconfiguration - CVE-2017-15400: Restrict IPP Everywhere filters to only list supported PDLs to fix CRLF and Code Injection in Printer Zeroconfig -- Didier Raboud &lt;odyx(a)debian.org&gt; Wed, 11 Jul 2018 11:29:27 +0200 ======================================================================== You can perform the upgrade by issuing the command: apt-get dist-upgrade as root on quigon.federez.net -- apticron