-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 23 Sep 2021 22:35:21 +0200 Source: linux-signed-arm64 Architecture: source Version: 5.10.46+5 Distribution: bullseye-security Urgency: high Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Changes: linux-signed-arm64 (5.10.46+5) bullseye-security; urgency=high . * Sign kernel from linux 5.10.46-5 . * virtio_console: Assure used length from device is limited (CVE-2021-38160) * NFSv4: Initialise connection to the server in nfs4_alloc_client() (CVE-2021-38199) * tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop. (CVE-2021-3679) * [poewrpc*] KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow (CVE-2021-37576) * ovl: prevent private clone if bind mount is not allowed (CVE-2021-3732) * [x86] KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653) * [x86] KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656) * bpf: Fix integer overflow involving bucket_size (CVE-2021-38166) * ath: Use safer key clearing with key cache entries (CVE-2020-3702) * ath9k: Clear key cache explicitly on disabling hardware (CVE-2020-3702) * ath: Export ath_hw_keysetmac() (CVE-2020-3702) * ath: Modify ath_key_delete() to not need full key entry (CVE-2020-3702) * ath9k: Postpone key cache entry deletion for TXQ frames reference it (CVE-2020-3702) * btrfs: fix NULL pointer dereference when deleting device by invalid id (CVE-2021-3739) * net: qrtr: fix another OOB Read in qrtr_endpoint_post (CVE-2021-3743) * vt_kdsetmode: extend console locking (CVE-2021-3753) * ext4: fix race writing to an inline_data file while its xattrs are changing (CVE-2021-40490) * dccp: don't duplicate ccid when cloning dccp sock (CVE-2020-16119) * io_uring: ensure symmetry in handling iter types in loop_rw_iter() (CVE-2021-41073) * netfilter: nftables: avoid potential overflows on 32bit arches * netfilter: nf_tables: initialize set before expression setup (Closes: #993978) * netfilter: nftables: clone set element expression template * bnx2x: Fix enabling network interfaces without VFs (Closes: #993948) Checksums-Sha1: 536f1c270de64fee58359724fa35395a965f61ea 7240 linux-signed-arm64_5.10.46+5.dsc 486eb9e7cd32b94260b389c699a90b7e50839553 2412472 linux-signed-arm64_5.10.46+5.tar.xz Checksums-Sha256: 47800c6a704e1ca1b3ef216ed3f472ba4e01779288ea39b562412367e63c4474 7240 linux-signed-arm64_5.10.46+5.dsc c8100e8a68ff995faa2a9d47a006d88b8f14d908063f7426afce69225c2d3149 2412472 linux-signed-arm64_5.10.46+5.tar.xz Files: 6844fd033c105d91cd0fcd8ac823c1c1 7240 kernel optional linux-signed-arm64_5.10.46+5.dsc e7bc45ce6cbb2143cf375b7d9506ae26 2412472 kernel optional linux-signed-arm64_5.10.46+5.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEfKFfvHEI+gkU+E+di0FRiLdONzYFAmFNsa4ACgkQi0FRiLdO NzbdTxAAqncCz98WijcEVj7C2QR8e0Lyaa/BfD0jyPORzVflNEhFxP0NUsctqtvb Y7amGxRybGdaz9VhuNLgRZDrJEp45XvonEj12PTuO82Pcx2bb5SnG5/Vf99+InHz HcrENGIlfkzUpKegJiQIRYdzf8dnhQ4LIy784d9lOyAYu+BkGRLrjvkjDOq7c9N2 989lQeJAZayvSdLXVbKLi9eB3AsvgwPcg/qa0oVoGWDf4TXQOAByIbD2p5pp7GQz wXBj4ZSa8Jsyv/tWF1rVORfifygqmLTt09/fjIjV3vl9oq2Ssn9z4AyLpU53pe0W ijqCyV9ryEwG1n7DhNRfg/poJMuhyaG76Hoq6wwphG6Ci8t2WJtzNQlPtepqvdT3 /q1F4S0Cl5WCiTh6mXchlUUT3LB+LGaQM/pvy9Ak+k2ulkH80Df58PJaJCCLlNdn MU92wAo2XWogvtJDz//bUgwtkg8fZyw2crue9PLBT/v/kDh9lmLritGe2hVXH+qb 3PNVzX0qAVD0B/T4T9oimyDOCe0BMLbBDe6IYpJrwbnmdqUt08CpY3VjNz3WnF/2 ukvI2cy85VR338p7IqU0omJyxZkmXO04aScKIP30MFwvxDap0LItb+gPjPP6sj1Q Zw1ygqzbhbdm1KrvXZmlSP7VSSc0gcTyAAhd16Sbil5VfIIX4j4= =jOp4 -----END PGP SIGNATURE-----