Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Changed-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
* fixed changelog user name
* adapt wording of nic driver change message to the one from
the release originally removing them
* removed duplicate 'Ubuntu' text
This reverts commit 7beee5f3eb.
While they repositories of those drivers state that the in kernel one
should be used, as they are newer, it seems they do not provide the
same functionallity. So revert to the out of tree drivers for now.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
CVE-2017-1000364 (rather bugfix for the original CVE fix):
* mm/mmap.c: expand_downwards: don't require the gap if !vm_prev
* mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack
CVE-2017-1000365: fs/exec.c: account for argv/envp pointers
CVE-2017-10810: drm/virtio: don't leak bo on drm_gem_object_init
failure
CVE-2017-7482: rxrpc: Fix several cases where a padded len isn't
checked in ticket decode
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
CVE-2014-9900: net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol()
CVE-2017-7346: drm/vmwgfx: limit the number of mip levels in vmw_gb_surface_define_ioctl()
CVE-2017-9605: drm/vmwgfx: Make sure backup_handle is always valid
CVE-2017-1000380:
* ALSA: timer: Fix race between read and ioctl
* ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
CVE-2017-8890: dccp/tcp: do not inherit mc_list from parent
CVE-2017-9074: ipv6: Prevent overrun when parsing v6 header options
CVE-2017-9075: sctp: do not inherit ipv6_{mc|ac|fl}_list from parent
CVE-2017-9076/CVE-2017-9077: ipv6/dccp: do not inherit ipv6_mc_list from parent
CVE-2017-9242: ipv6: fix out of bound writes in __ip6_append_data()
Patches and rationale by Seth Forshee[1]:
My testing shows that the "POWER9: Additional power9
patches" patches are responsible, two of them in particular:
- mm: introduce page_vma_mapped_walk()
- mm, ksm: convert write_protect_page() to use page_vma_mapped_walk()
These patches don't appear to be included for any
functionality they provide, but rather to make "mm/ksm:
handle protnone saved writes when making page write protect"
a clean cherry pick instead of a backport. But the backport
isn't that difficult, so as far as I can tell we can do away
with the other two patches.
1: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1674838/comments/108
