Package "linux-headers-5.3.0-24-generic"

  linux-hwe-edge (5.0.0-20.21~18.04.1) bionic; urgency=medium

  * linux-hwe-edge: 5.0.0-20.21~18.04.1 -proposed tracker (LP: #1833930)

  [ Ubuntu: 5.0.0-20.21 ]

  * linux: 5.0.0-20.21 -proposed tracker (LP: #1833934)
  * CVE-2019-11479
    - SAUCE: tcp: add tcp_min_snd_mss sysctl
    - SAUCE: tcp: enforce tcp_min_snd_mss in tcp_mtu_probing()
  * Remote denial of service (resource exhaustion) caused by TCP SACK scoreboard
    manipulation (LP: #1831638) // CVE-2019-11478
    - tcp: refine memory limit test in tcp_fragment()

 -- Khalid Elmously <email address hidden> Wed, 26 Jun 2019 03:11:10 -0400

  linux-hwe-edge (5.0.0-19.20~18.04.1) bionic; urgency=medium

  [ Ubuntu: 5.0.0-19.20 ]

  * CVE-2019-12817
    - SAUCE: powerpc/mm/64s/hash: Reallocate context ids on fork

 -- Kleber Sacilotto de Souza <email address hidden> Thu, 20 Jun 2019 12:25:00 +0200

  linux-hwe-edge (5.0.0-17.18~18.04.1) bionic; urgency=medium

  [ Ubuntu: 5.0.0-17.18 ]

  * Remote denial of service (resource exhaustion) caused by TCP SACK scoreboard
    manipulation (LP: #1831638)
    - SAUCE: tcp: tcp_fragment() should apply sane memory limits
  * Remote denial of service (system crash) caused by integer overflow in TCP
    SACK handling (LP: #1831637)
    - SAUCE: tcp: limit payload size of sacked skbs

 -- Stefan Bader <email address hidden> Wed, 05 Jun 2019 14:29:25 +0200

  linux-hwe-edge (5.0.0-16.17~18.04.1) bionic; urgency=medium

  * linux-hwe-edge: 5.0.0-16.17~18.04.1 -proposed tracker (LP: #1829171)

  * Disco update: 5.0.8 upstream stable release (LP: #1828415)
    - [Packaging] remove n_r3964 from built modules list

  [ Ubuntu: 5.0.0-16.17 ]

  * linux: 5.0.0-16.17 -proposed tracker (LP: #1829173)
  * shiftfs: lock security sensitive superblock flags (LP: #1827122)
    - SAUCE: shiftfs: lock down certain superblock flags
  * Please package libbpf (which is done out of the kernel src) in Debian [for
    19.10] (LP: #1826410)
    - SAUCE: tools -- fix add ability to disable libbfd
  * Disco update: 5.0.8 upstream stable release (LP: #1828415)
    - drm/i915/gvt: do not let pin count of shadow mm go negative
    - kbuild: pkg: use -f $(srctree)/Makefile to recurse to top Makefile
    - netfilter: nft_compat: use .release_ops and remove list of extension
    - netfilter: nf_tables: use-after-free in dynamic operations
    - netfilter: nf_tables: add missing ->release_ops() in error path of newrule()
    - hv_netvsc: Fix unwanted wakeup after tx_disable
    - ibmvnic: Fix completion structure initialization
    - ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type
    - ipv6: Fix dangling pointer when ipv6 fragment
    - ipv6: sit: reset ip header pointer in ipip6_rcv
    - kcm: switch order of device registration to fix a crash
    - net: ethtool: not call vzalloc for zero sized memory request
    - net-gro: Fix GRO flush when receiving a GSO packet.
    - net/mlx5: Decrease default mr cache size
    - netns: provide pure entropy for net_hash_mix()
    - net: rds: force to destroy connection if t_sock is NULL in
      rds_tcp_kill_sock().
    - net/sched: act_sample: fix divide by zero in the traffic path
    - net/sched: fix ->get helper of the matchall cls
    - qmi_wwan: add Olicard 600
    - r8169: disable ASPM again
    - sctp: initialize _pad of sockaddr_in before copying to user memory
    - tcp: Ensure DCTCP reacts to losses
    - tcp: fix a potential NULL pointer dereference in tcp_sk_exit
    - vrf: check accept_source_route on the original netdevice
    - net/mlx5e: Fix error handling when refreshing TIRs
    - net/mlx5e: Add a lock on tir list
    - nfp: validate the return code from dev_queue_xmit()
    - nfp: disable netpoll on representors
    - bnxt_en: Improve RX consumer index validity check.
    - bnxt_en: Reset device on RX buffer errors.
    - net: ip_gre: fix possible use-after-free in erspan_rcv
    - net: ip6_gre: fix possible use-after-free in ip6erspan_rcv
    - net: bridge: always clear mcast matching struct on reports and leaves
    - net: thunderx: fix NULL pointer dereference in nicvf_open/nicvf_stop
    - net: vrf: Fix ping failed when vrf mtu is set to 0
    - net: core: netif_receive_skb_list: unlist skb before passing to pt->func
    - r8169: disable default rx interrupt coalescing on RTL8168
    - net: mlx5: Add a missing check on idr_find, free buf
    - net/mlx5e: Update xoff formula
    - net/mlx5e: Update xon formula
    - kbuild: clang: choose GCC_TOOLCHAIN_DIR not on LD
    - lib/string.c: implement a basic bcmp
    - Revert "clk: meson: clean-up clock registration"
    - tty: mark Siemens R3964 line discipline as BROKEN
    - [Config]: remove CONFIG_R3964
    - [Config]: add CONFIG_LDISC_AUTOLOAD=y
    - tty: ldisc: add sysctl to prevent autoloading of ldiscs
    - hwmon: (w83773g) Select REGMAP_I2C to fix build error
    - hwmon: (occ) Fix power sensor indexing
    - SMB3: Allow persistent handle timeout to be configurable on mount
    - HID: logitech: Handle 0 scroll events for the m560
    - ACPICA: Clear status of GPEs before enabling them
    - ACPICA: Namespace: remove address node from global list after method
      termination
    - ALSA: seq: Fix OOB-reads from strlcpy
    - ALSA: hda/realtek: Enable headset MIC of Acer TravelMate B114-21 with ALC233
    - ALSA: hda/realtek - Add quirk for Tuxedo XC 1509
    - ALSA: xen-front: Do not use stream buffer size before it is set
    - mm/huge_memory.c: fix modifying of page protection by insert_pfn_pmd()
    - arm64: dts: rockchip: fix rk3328 sdmmc0 write errors
    - mmc: alcor: don't write data before command has completed
    - mmc: sdhci-omap: Don't finish_mrq() on a command error during tuning
    - parisc: Detect QEMU earlier in boot process
    - parisc: regs_return_value() should return gpr28
    - parisc: also set iaoq_b in instruction_pointer_set()
    - alarmtimer: Return correct remaining time
    - drm/i915/gvt: do not deliver a workload if its creation fails
    - drm/sun4i: DW HDMI: Lower max. supported rate for H6
    - drm/udl: add a release method and delay modeset teardown
    - kvm: svm: fix potential get_num_contig_pages overflow
    - include/linux/bitrev.h: fix constant bitrev
    - mm: writeback: use exact memcg dirty counts
    - ASoC: intel: Fix crash at suspend/resume after failed codec registration
    - ASoC: fsl_esai: fix channel swap issue when stream starts
    - Btrfs: do not allow trimming when a fs is mounted with the nologreplay
      option
    - btrfs: prop: fix zstd compression parameter validation
    - btrfs: prop: fix vanished compression property after failed set
    - riscv: Fix syscall_get_arguments() and syscall_set_arguments()
    - block: Revert v5.0 blk_mq_request_issue_directly() changes
    - block: do not leak memory in bio_copy_user_iov()
    - block: fix the return errno for direct IO
    - genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent()
    - genirq: Initialize request_mutex if CONFIG_SPARSE_IRQ=n
    - virtio: Honour 'may_reduce_num' in vring_create_virtqueue
    - ARM: OMAP1: ams-delta: Fix broken GPIO ID allocation
    - ARM: dts: rockchip: fix rk3288 cpu opp node reference
    - ARM: dts: am335x-evmsk: Correct the regulators for the audio codec
    - ARM: dts: am335x-evm: Correct the regulators for the audio codec
    - ARM: dts: rockchip: Fix SD card detection on rk3288-t

  linux-hwe-edge (5.0.0-15.16~18.04.1) bionic; urgency=medium

  [ Ubuntu: 5.0.0-15.16 ]

  * CVE-2019-11683
    - udp: fix GRO reception in case of length mismatch
    - udp: fix GRO packet of death
  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
    - x86/msr-index: Cleanup bit defines
    - x86/speculation: Consolidate CPU whitelists
    - x86/speculation/mds: Add basic bug infrastructure for MDS
    - x86/speculation/mds: Add BUG_MSBDS_ONLY
    - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests
    - x86/speculation/mds: Add mds_clear_cpu_buffers()
    - x86/speculation/mds: Clear CPU buffers on exit to user
    - x86/kvm/vmx: Add MDS protection when L1D Flush is not active
    - x86/speculation/mds: Conditionally clear CPU buffers on idle entry
    - x86/speculation/mds: Add mitigation control for MDS
    - x86/speculation/mds: Add sysfs reporting for MDS
    - x86/speculation/mds: Add mitigation mode VMWERV
    - Documentation: Move L1TF to separate directory
    - Documentation: Add MDS vulnerability documentation
    - x86/speculation/mds: Add mds=full,nosmt cmdline option
    - x86/speculation: Move arch_smt_update() call to after mitigation decisions
    - x86/speculation/mds: Add SMT warning message
    - x86/speculation/mds: Fix comment
    - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
    - x86/speculation/mds: Add 'mitigations=' support for MDS
  * CVE-2017-5715 // CVE-2017-5753
    - s390/speculation: Support 'mitigations=' cmdline option
  * CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754 // CVE-2018-3639
    - powerpc/speculation: Support 'mitigations=' cmdline option
  * CVE-2017-5715 // CVE-2017-5754 // CVE-2018-3620 // CVE-2018-3639 //
    CVE-2018-3646
    - cpu/speculation: Add 'mitigations=' cmdline option
    - x86/speculation: Support 'mitigations=' cmdline option
  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log