-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 23 Sep 2021 22:35:21 +0200 Source: linux-signed-amd64 Architecture: source Version: 5.10.46+5 Distribution: bullseye-security Urgency: high Maintainer: Debian Kernel Team Changed-By: Salvatore Bonaccorso Changes: linux-signed-amd64 (5.10.46+5) bullseye-security; urgency=high . * Sign kernel from linux 5.10.46-5 . * virtio_console: Assure used length from device is limited (CVE-2021-38160) * NFSv4: Initialise connection to the server in nfs4_alloc_client() (CVE-2021-38199) * tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop. (CVE-2021-3679) * [poewrpc*] KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow (CVE-2021-37576) * ovl: prevent private clone if bind mount is not allowed (CVE-2021-3732) * [x86] KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653) * [x86] KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656) * bpf: Fix integer overflow involving bucket_size (CVE-2021-38166) * ath: Use safer key clearing with key cache entries (CVE-2020-3702) * ath9k: Clear key cache explicitly on disabling hardware (CVE-2020-3702) * ath: Export ath_hw_keysetmac() (CVE-2020-3702) * ath: Modify ath_key_delete() to not need full key entry (CVE-2020-3702) * ath9k: Postpone key cache entry deletion for TXQ frames reference it (CVE-2020-3702) * btrfs: fix NULL pointer dereference when deleting device by invalid id (CVE-2021-3739) * net: qrtr: fix another OOB Read in qrtr_endpoint_post (CVE-2021-3743) * vt_kdsetmode: extend console locking (CVE-2021-3753) * ext4: fix race writing to an inline_data file while its xattrs are changing (CVE-2021-40490) * dccp: don't duplicate ccid when cloning dccp sock (CVE-2020-16119) * io_uring: ensure symmetry in handling iter types in loop_rw_iter() (CVE-2021-41073) * netfilter: nftables: avoid potential overflows on 32bit arches * netfilter: nf_tables: initialize set before expression setup (Closes: #993978) * netfilter: nftables: clone set element expression template * bnx2x: Fix enabling network interfaces without VFs (Closes: #993948) Checksums-Sha1: 0eb9229fa7a5960e919a3ea30310d687a4529883 8487 linux-signed-amd64_5.10.46+5.dsc f04c2cc8c438f5c98aec08ff7828ebd81409b4ec 2669588 linux-signed-amd64_5.10.46+5.tar.xz Checksums-Sha256: afd6d13a81f77cbebd06950da2681691b2448c6c786bf62dcbc873be1e17cd15 8487 linux-signed-amd64_5.10.46+5.dsc aaae7da86340328c26f91e2d8bf666482c0f849377018de626270a6b8a3e884c 2669588 linux-signed-amd64_5.10.46+5.tar.xz Files: cb82678b96fe8d437ee2a3000ddb0a69 8487 kernel optional linux-signed-amd64_5.10.46+5.dsc 9e90d336c87477ea55b21c1ce225dd48 2669588 kernel optional linux-signed-amd64_5.10.46+5.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEfKFfvHEI+gkU+E+di0FRiLdONzYFAmFNl9MACgkQi0FRiLdO NzZ6PQ//VGWa3t0tB6AanoiOaNtYchz8cy7ydeATBIyk/OfuiQN7RCr31Q3J6o9M ykV4znxgtal1pCEo1mZUZYdNqpDNI/23MUhENL2kAphwQV2c+yRX4sI6Y7TZVuQR WpNU+v3JVwaZXSySIPdfKPxjgJrizL6cmJQHpLJIYLUX6Tp/T+5wSQp9PgWlcO/y OXGbjD9+T2Pu1K5O+1lY2Wduvgu/1p9CoGKvVX5Yv0qVKJiXHGig4znROAxoIsuP q47yCU/B00FGcN7SSd+7AXh2Vil6FXxeWxjnwPjWTSNQsYqTSmd9KplGAbn/iE4m MLb9+gsWe5aIb4zSCtdpXTq89MOkCbvSPqtx9cYP5lfLX7Qg0GZ3WCy8RaFvG+eR TKISGYqvBMeGi1mOrw3qgoOOCfXVpq5GWWz9SDyYBSG7+F2b6d9q29ToPc/6WdmR 9y/je7QNSawaJ/VO1UhIgl70GVNid8VbQTW8sWiSUWLNs8WZYhhdvkCfhPXjUH+n 0yegzrdsKl/I92CDxSdjZovrUc/VcULGzzeM8s7+qauStCnahvLkkHpFGo4/rakj UZfOodOI8xmPg/O+orMkVGPx+0Pe45fTlkNtpIjvur7Vjx/ZNzlR3YyBdTrI4L3R kdYU8ysuPf0pmFa62fip5Vf+JwPT9J3/fLDdVROuVJJASo0soRE= =d015 -----END PGP SIGNATURE-----