[ANNOUNCE] Release v4.19.225-cip65 and v4.4.296-cip67


Nobuhiro Iwamatsu
 

Hi all,

CIP kernel team has released Linux kernel v4.19.225-cip65 and v4.4.296-cip67.
The linux-4.19.y-cip tree has been updated base version from v4.19.222 to v4.19.225, and the linux-4.4.y-cip
tree has been updated base version from v4.4.294 to v4.4.296.

The 4.4.y tree has a newer release, but we will release it based on the old v4.4.296 for release of cip-rt tree.

You can get this release via the git tree at:

v4.19.225-cip65:
repository:
https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git
branch:
linux-4.19.y-cip
commit hash:
def5c8e4375baf1ae9c6421ce39f5cad2f3f2052
Fixed CVEs:
- CVE-2021-44733: tee: handle lookup of shm with reference count 0
- CVE-2021-45095: phonet: refcount leak in pep_sock_accep
- CVE-2021-4155: xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate
added commits:
CIP: Bump version suffix to -cip65 after merge from stable

v4.4.296-cip67:
repository:
https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git
branch:
linux-4.4.y-cip
commit hash:
e113342a55e6846ad90c659a1b44d16f604e4b36
Fixed CVEs:
- CVE-2021-39685: USB: gadget: detect too-big endpoint 0 requests
- CVE-2021-28715: xen/netback: don't queue unlimited number of packages
- CVE-2021-28713: xen/console: harden hvc_xen against event channel storms
- CVE-2021-28712: xen/netfront: harden netfront against event channel storms
- CVE-2021-28711: xen/blkfront: harden blkfront against event channel storms
added commits:
CIP: Bump version suffix to -cip67 after merge from stable

Best regards,
Nobuhiro