UBUNTU 16.04 ELS: kernel released
A new Ubuntu 16.04 kernel within ELS is now available for download from our production repository.
CHANGELOG
ubuntu16_04-els.amd64
- ELSCVE-1024: CVE-2021-40490: ext4: fix race writing to an inline_data file while its xattrs are changing
- ELSCVE-1810: CVE-2020-36322: fuse: fix bad inode
- ELSCVE-561: CVE-2021-33034: Bluetooth: verify AMP hci_chan before amp_destroy
- ELSCVE-557: CVE-2021-29650: netfilter: x_tables: Use correct memory barriers.
- ELSCVE-541: CVE-2021-28964: btrfs: fix race when cloning extent buffer during rewind of an old root
- ELSCVE-505: CVE-2021-32399: bluetooth: eliminate the potential race condition when removing the HCI controller
- ELSCVE-477: CVE-2021-31916: dm ioctl: fix out of bounds array access when no devices
- ELSCVE-433: CVE-2021-33033: cipso,calipso: resolve a number of problems with the DOI refcounts
- ELSCVE-533: CVE-2021-20292: drm/ttm/nouveau: don’t call tt destroy callback on alloc
- ELSCVE-577: CVE-2021-3612: Input: joydev – prevent potential write out of bounds in ioctl
- ELSCVE-489: CVE-2021-37576: KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow
- ELSCVE-707: CVE-2021-38160: virtio_console: Assure used length from device is limited
- ELSCVE-545: CVE-2021-28972: PCI: rpadlpar: Fix potential drc_name corruption in store functions
- ELSCVE-813: CVE-2020-25672: nfc: fix memory leak in llcp_sock_connect()
- ELSCVE-826: CVE-2020-25671: nfc: fix refcount leak in llcp_sock_connect()
- ELSCVE-827: CVE-2020-25670: nfc: fix refcount leak in llcp_sock_bind()
- mac80211: fix use-after-free in CCMP/GCMP RX
- mac80211: fix memory corruption in EAPOL handling
- mac80211: drop multicast fragments
- mac80211: extend protection against mixed key and fragment cache attacks
- mac80211: do not accept/forward invalid EAPOL frames
- mac80211: prevent attacks on TKIP/WEP as well
- mac80211: check defrag PN against current frame
- mac80211: add fragment cache to sta_info
- mac80211: drop A-MSDUs on old ciphers
- ELSCVE-836: CVE-2020-24587: CVE-2020-24586: mac80211: prevent mixed key and fragment cache attacks
- ELSCVE-836: CVE-2020-26147: mac80211: assure all fragments are encrypted
- ELSCVE-679: CVE-2021-3564: Bluetooth: fix the erroneous flush_work() order
UPDATE COMMAND
apt-get update
apt-get install linux-image-unsigned-4.4.0- 211-generic
apt-get install linux-image-unsigned-4 .4.0-211-lowlatency