-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 23 Sep 2021 22:35:21 +0200 Source: linux-signed-i386 Architecture: source Version: 5.10.46+5 Distribution: bullseye-security Urgency: high Maintainer: Debian Kernel Team Changed-By: Salvatore Bonaccorso Changes: linux-signed-i386 (5.10.46+5) bullseye-security; urgency=high . * Sign kernel from linux 5.10.46-5 . * virtio_console: Assure used length from device is limited (CVE-2021-38160) * NFSv4: Initialise connection to the server in nfs4_alloc_client() (CVE-2021-38199) * tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop. (CVE-2021-3679) * [poewrpc*] KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow (CVE-2021-37576) * ovl: prevent private clone if bind mount is not allowed (CVE-2021-3732) * [x86] KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653) * [x86] KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656) * bpf: Fix integer overflow involving bucket_size (CVE-2021-38166) * ath: Use safer key clearing with key cache entries (CVE-2020-3702) * ath9k: Clear key cache explicitly on disabling hardware (CVE-2020-3702) * ath: Export ath_hw_keysetmac() (CVE-2020-3702) * ath: Modify ath_key_delete() to not need full key entry (CVE-2020-3702) * ath9k: Postpone key cache entry deletion for TXQ frames reference it (CVE-2020-3702) * btrfs: fix NULL pointer dereference when deleting device by invalid id (CVE-2021-3739) * net: qrtr: fix another OOB Read in qrtr_endpoint_post (CVE-2021-3743) * vt_kdsetmode: extend console locking (CVE-2021-3753) * ext4: fix race writing to an inline_data file while its xattrs are changing (CVE-2021-40490) * dccp: don't duplicate ccid when cloning dccp sock (CVE-2020-16119) * io_uring: ensure symmetry in handling iter types in loop_rw_iter() (CVE-2021-41073) * netfilter: nftables: avoid potential overflows on 32bit arches * netfilter: nf_tables: initialize set before expression setup (Closes: #993978) * netfilter: nftables: clone set element expression template * bnx2x: Fix enabling network interfaces without VFs (Closes: #993948) Checksums-Sha1: ae4895e3afd0f1b229bbd964ab446e427bbefd06 14039 linux-signed-i386_5.10.46+5.dsc 7e1929a27512453663279adcdd080e60ab68e035 3614376 linux-signed-i386_5.10.46+5.tar.xz Checksums-Sha256: a5bb926fa9d60afacc5d7e8476f93c4891d468f02d7c34335a52594f58a3c2dd 14039 linux-signed-i386_5.10.46+5.dsc 87d05a0986762895b2f00b73c49f3552c50debc70f9f27cbf14f29268d62c89a 3614376 linux-signed-i386_5.10.46+5.tar.xz Files: a1b5a2e569dd7841a696d56dc3680327 14039 kernel optional linux-signed-i386_5.10.46+5.dsc ac67d33e514dd2948f08b1db309939d7 3614376 kernel optional linux-signed-i386_5.10.46+5.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEfKFfvHEI+gkU+E+di0FRiLdONzYFAmFN2d0ACgkQi0FRiLdO NzaPuA/9H5Y8ecmFRkze5QoSsFRNxRHDkAKoUAQ5N+Ho64URtSxonXBTl53PGAnm A1xUpp/9oPImyKhqQ5UcMHUv8eLDHoth3JUROUl5BVTxmVHl5uGS/XZ6jCidnuoF F1ozSQih7kqpSrzlE+Mg32sOl00v9eEj8469HinzMMnRADCQrHlPz7EzdKjFCbUW h8MRXVXAY63jwQKAJMXWDuQkwCr2ulXVRA/GLA8+vHxO5uZ4FM71duNEy2dASgEI NnvaeSZystThfsKOyCU5fGAstA/AzaIzAXDC3BpywN90iKL7TZHadj3q6zpRY0B/ MDPCwOnbEuja4kxu6XxL7eDJPaRRrJySqpGF6b0tu6c8AzzSwFuQAckHrQMUI1lR 7CReGYMhcGyiP7Sm/y65+ao4WCh45mOa2eLPsqEm9N9QlNrWKmhv3+YEiESuCEK2 wONUXNqJmnR5Eqjwnda7JhxpPk735YgAKe8dIFEs9kNa0R8wX7mHdsBY9FWzdkTM WZdH5H43xYi5wijOcElHjsoJad9vifl1x2luxNXlSGqjjdptR7O9xVxRQZYLUDDI yc3sYu0uoJjBcdjFfj4vWiDAZtVLP4sBvBDDe8V2gtzO/3NR3ODk/PCY/pVbtHUp NbJa4gKgIcbzEA5IhGdMFNWJSl8m78gkJyjOfFOS7Lav8e0Tjtw= =gCVe -----END PGP SIGNATURE-----