Patch "packet: fix tp_reserve race in packet_set_ring" was skipped because it is already applied for CVE-2017-1000111.
Skipped a whole bunch of changes, namely: * revert "net: account for current skb length when deciding about UFO" * revert "ipv4: Should use consistent conditional judgement for ip fragment in __ip_append_data and ip_finish_output" * udp: consistently apply ufo or fragmentation * ipv4: Should use consistent conditional judgement for ip fragment in __ip_append_data and ip_finish_output * net: account for current skb length when deciding about UFO I checked the resulting files net/ipv4/udp.c, net/ipv4/ip_output.c, and net/ipv6/ip6_output.c from the 4.4.y tree and our Xenial tree. And overall there is only one difference in the ip*_ouput.c files which come from applying "udp: avoid ufo handling on IP payload compression packets" and "ipv6: Don't use ufo handling on later transformed packets" which I picked as additional patches to be part of CVE-2017-1000112. And those still look like fixes to valid issues (though probably not directly related to the CVE). So I would suggest we stay at what we got right now. ** Description changed: + SRU Justification - SRU Justification + Impact: + The upstream process for stable tree updates is quite similar + in scope to the Ubuntu SRU process, e.g., each patch has to + demonstrably fix a bug, and each patch is vetted by upstream + by originating either directly from a mainline/stable Linux tree or + a minimally backported form of that patch. The 4.4.82 upstream stable + patch set is now available. It should be included in the Ubuntu + kernel as well. - Impact: - The upstream process for stable tree updates is quite similar - in scope to the Ubuntu SRU process, e.g., each patch has to - demonstrably fix a bug, and each patch is vetted by upstream - by originating either directly from a mainline/stable Linux tree or - a minimally backported form of that patch. The 4.4.82 upstream stable - patch set is now available. It should be included in the Ubuntu - kernel as well. + git://git.kernel.org/ - git://git.kernel.org/ + TEST CASE: TBD - TEST CASE: TBD - - The following patches from the 4.4.82 stable release shall be - applied: + The following patches from the 4.4.82 stable release shall be applied: + * tcp: avoid setting cwnd to invalid ssthresh after cwnd reduction states + * net: fix keepalive code vs TCP_FASTOPEN_CONNECT + * bpf, s390: fix jit branch offset related to ldimm64 + * net: sched: set xt_tgchk_param par.nft_compat as 0 in ipt_init_target + * tcp: fastopen: tcp_connect() must refresh the route + * net: avoid skb_warn_bad_offload false positives on UFO + * sparc64: Prevent perf from running during super critical sections + * KVM: arm/arm64: Handle hva aging while destroying the vm + * mm/mempool: avoid KASAN marking mempool poison checks as use-after-free + * Linux 4.4.82 ** CVE added: https://cve.mitre.org/cgi- bin/cvename.cgi?name=2017-1000111 ** CVE added: https://cve.mitre.org/cgi- bin/cvename.cgi?name=2017-1000112 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1711535 Title: Xenial update to 4.4.82 stable release Status in linux package in Ubuntu: New Status in linux source package in Xenial: New Bug description: SRU Justification Impact: The upstream process for stable tree updates is quite similar in scope to the Ubuntu SRU process, e.g., each patch has to demonstrably fix a bug, and each patch is vetted by upstream by originating either directly from a mainline/stable Linux tree or a minimally backported form of that patch. The 4.4.82 upstream stable patch set is now available. It should be included in the Ubuntu kernel as well. git://git.kernel.org/ TEST CASE: TBD The following patches from the 4.4.82 stable release shall be applied: * tcp: avoid setting cwnd to invalid ssthresh after cwnd reduction states * net: fix keepalive code vs TCP_FASTOPEN_CONNECT * bpf, s390: fix jit branch offset related to ldimm64 * net: sched: set xt_tgchk_param par.nft_compat as 0 in ipt_init_target * tcp: fastopen: tcp_connect() must refresh the route * net: avoid skb_warn_bad_offload false positives on UFO * sparc64: Prevent perf from running during super critical sections * KVM: arm/arm64: Handle hva aging while destroying the vm * mm/mempool: avoid KASAN marking mempool poison checks as use-after-free * Linux 4.4.82 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1711535/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
