UbuntuUpdates.org

Package "linux"

Name: linux

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Linux kernel buildinfo for version 3.13.0 on 32 bit x86 SMP
  • Linux kernel buildinfo for version 3.13.0 on 32 bit x86 SMP
  • Linux kernel version specific cloud tools for version 3.13.0
  • Linux kernel specific documentation for version 3.13.0

Latest version: 3.13.0-170.220
Release: trusty (14.04)
Level: security
Repository: main

Links



Other versions of "linux" in Trusty

Repository Area Version
base main 3.13.0-24.46
updates main 3.13.0-170.220
PPA: Canonical Kernel Team 3.13.0-91.138

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.13.0-170.220 2019-05-16 09:07:10 UTC

  linux (3.13.0-170.220) trusty; urgency=medium

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log

  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
    - KVM: x86: pass host_initiated to functions that read MSRs
    - KVM: x86: remove data variable from kvm_get_msr_common
    - x86/cpufeature: Move some of the scattered feature bits to x86_capability
    - x86/cpufeature: Cleanup get_cpu_cap()
    - x86/cpufeature: Use enum cpuid_leafs instead of magic numbers
    - KVM: x86: remove magic number with enum cpuid_leafs
    - SAUCE: KVM/VMX: Move spec_ctrl from kvm_vcpu_arch to vcpu_vmx
    - KVM: VMX: fixes for vmentry_l1d_flush module parameter
    - perf/x86/intel: Use Intel family macros for core perf events
    - SAUCE: perf/x86/uncore: Use Intel Model name macros
    - x86/speculation: Simplify the CPU bug detection logic
    - x86/cpu: Sanitize FAM6_ATOM naming
    - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID
    - bitops: avoid integer overflow in GENMASK(_ULL)
    - locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a
      new <linux/bits.h> file
    - tools include: Adopt linux/bits.h
    - x86/msr-index: Cleanup bit defines
    - x86/speculation: Consolidate CPU whitelists
    - x86/speculation/mds: Add basic bug infrastructure for MDS
    - x86/speculation/mds: Add BUG_MSBDS_ONLY
    - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests
    - x86/speculation/mds: Add mds_clear_cpu_buffers()
    - locking/static_keys: Provide DECLARE and well as DEFINE macros
    - include/linux/jump_label.h: expose the reference count
    - jump_label: Allow asm/jump_label.h to be included in assembly
    - jump_label: Allow jump labels to be used in assembly
    - x86/headers: Don't include asm/processor.h in asm/atomic.h
    - SAUCE: locking/static_key: Mimick the new static key API
    - x86/speculation/mds: Clear CPU buffers on exit to user
    - x86/kvm/vmx: Add MDS protection when L1D Flush is not active
    - x86/speculation/mds: Conditionally clear CPU buffers on idle entry
    - SAUCE: sched: Expose cpu_smt_mask()
    - SAUCE: jump_label: Introduce static_branch_{inc,dec}
    - SAUCE: sched/smt: Introduce sched_smt_{active,present}
    - SAUCE: Rename the Ubuntu-only spec_ctrl_mutex mutex
    - SAUCE: x86/speculation: Introduce arch_smt_update()
    - x86/speculation: Rework SMT state change
    - x86/speculation: Reorder the spec_v2 code
    - x86/speculation: Unify conditional spectre v2 print functions
    - x86/speculation/mds: Add mitigation control for MDS
    - x86/speculation/mds: Add sysfs reporting for MDS
    - x86/speculation/mds: Add mitigation mode VMWERV
    - Documentation: Move L1TF to separate directory
    - Documentation: Add MDS vulnerability documentation
    - x86/speculation/mds: Add mds=full,nosmt cmdline option
    - x86/speculation: Move arch_smt_update() call to after mitigation decisions
    - x86/speculation/mds: Add SMT warning message
    - x86/speculation/mds: Fix comment
    - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
    - x86/speculation/mds: Add 'mitigations=' support for MDS

  * CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754 // CVE-2018-3639
    - powerpc/speculation: Support 'mitigations=' cmdline option

  * CVE-2017-5715 // CVE-2017-5754 // CVE-2018-3620 // CVE-2018-3639 //
    CVE-2018-3646
    - cpu/speculation: Add 'mitigations=' cmdline option
    - x86/speculation: Support 'mitigations=' cmdline option

  * CVE-2017-5715
    - SAUCE: Fix 'check_fpu defined but not used' compiler warning on x86_64
    - SAUCE: x86/speculation: Cleanup IBRS and IBPB runtime control handling (v2)
    - SAUCE: KVM/x86: Expose IBRS to guests
    - SAUCE: x86/speculation: Use x86_spec_ctrl_base in entry/exit code

  * CVE-2017-5715 // CVE-2018-3639
    - SAUCE: KVM/x86: Use host_initiated when accessing MSRs

 -- Stefan Bader <email address hidden> Thu, 09 May 2019 12:14:14 +0200

Source diff to previous version
1786013 Packaging resync
CVE-2018-12126 MSBDS Microarchitectural Store Buffer Data Sampling
CVE-2018-12127 MLPDS Microarchitectural Load Port Data Sampling
CVE-2018-12130 MFBDS Microarchitectural Fill Buffer Data Sampling
CVE-2017-5715 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an at
CVE-2017-5753 Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker wi
CVE-2017-5754 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an at
CVE-2018-3639 Speculative Store Bypass
CVE-2018-3620 L1 Terminal Fault-OS/SMM Foreshadow-NG
CVE-2018-3646 L1 Terminal Fault-VMM

Version: 3.13.0-168.218 2019-04-02 12:23:01 UTC

  linux (3.13.0-168.218) trusty; urgency=medium

  * linux: 3.13.0-168.218 -proposed tracker (LP: #1819663)

  * CVE-2019-9213
    - mm: enforce min addr even if capable() in expand_downwards()

  * CVE-2019-3460
    - Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt

  * CVE-2017-1000410
    - Bluetooth: Prevent stack info leak from the EFS element.

  * ixgbe: Kernel Oops when attempting to disable spoofchk in a non-existing VF
    (LP: #1815501)
    - ixgbe: check for vfs outside of sriov_num_vfs before dereference

  * CVE-2018-19824
    - ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c

  * CVE-2019-3459
    - Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer

  * CVE-2019-7222
    - KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222)

  * CVE-2019-6974
    - kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974)

  * CVE-2017-18360
    - USB: serial: io_ti: fix div-by-zero in set_termios

 -- Stefan Bader <email address hidden> Thu, 14 Mar 2019 14:44:53 +0100

Source diff to previous version
1815501 ixgbe: Kernel Oops when attempting to disable spoofchk in a non-existing VF
CVE-2019-9213 In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to
CVE-2019-3460 Heap data infoleak in multiple locations including functionl2cap_parse_conf_rsp
CVE-2017-1000410 The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and Conf
CVE-2018-19824 In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with ze
CVE-2019-3459 Heap address infoleak in use of l2cap_get_conf_opt
CVE-2019-7222 KVM: x86: work around leak of uninitialized stack contents
CVE-2019-6974 In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading
CVE-2017-18360 In change_port_settings in drivers/usb/serial/io_ti.c in the Linux kernel before 4.11.3, local users could cause a denial of service by division-by-z

Version: 3.13.0-167.217 2019-03-15 17:06:21 UTC

  linux (3.13.0-167.217) trusty; urgency=medium

  * linux: 3.13.0-167.217 -proposed tracker (LP: #1819917)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync getabis
    - [Packaging] update helper scripts
    - [Packaging] resync retpoline extraction

  * linux-cloud-tools-common 3.13.0-166.216 in Trusty is missing contents of
    /usr/sbin (LP: #1819869)
    - Revert "UBUNTU: [Packaging] skip cloud tools packaging when not building
      package"

 -- Stefan Bader <email address hidden> Wed, 13 Mar 2019 15:46:51 +0100

Source diff to previous version
1786013 Packaging resync
1819869 linux-cloud-tools-common 3.13.0-166.216 in Trusty is missing contents of /usr/sbin

Version: 3.13.0-166.216 2019-03-12 20:06:54 UTC

  linux (3.13.0-166.216) trusty; urgency=medium

  * linux: 3.13.0-166.216 -proposed tracker (LP: #1814645)

  * linux-buildinfo: pull out ABI information into its own package
    (LP: #1806380)
    - [Packaging] limit preparation to linux-libc-dev in headers
    - [Packaging] commonise debhelper invocation
    - [Packaging] ABI -- accumulate abi information at the end of the build
    - [Packaging] buildinfo -- add basic build information
    - [Packaging] buildinfo -- add firmware information to the flavour ABI
    - [Packaging] buildinfo -- add compiler information to the flavour ABI
    - [Packaging] buildinfo -- add buildinfo support to getabis
    - [Config] buildinfo -- add retpoline version markers
    - [Packaging] getabis -- handle all known package combinations
    - [Packaging] getabis -- support parsing a simple version
    - [Packaging] autoreconstruct -- base tag is always primary mainline version

  * signing: only install a signed kernel (LP: #1764794)
    - [Debian] usbip tools packaging
    - [Debian] Don't fail if a symlink already exists
    - [Debian] perf -- build in the context of the full generated local headers
    - [Debian] basic hook support
    - [Debian] follow rename of DEB_BUILD_PROFILES
    - [Debian] standardise on stage1 for the bootstrap stage in line with debian
    - [Debian] set do_*_tools after stage1 or bootstrap is determined
    - [Debian] initscripts need installing when making the package
    - [Packaging] reconstruct -- automatically reconstruct against base tag
    - [Debian] add feature interlock with mainline builds
    - [Debian] Remove generated intermediate files on clean
    - [Packaging] prevent linux-*-tools-common from being produced from non linux
      packages
    - SAUCE: ubuntu: vbox -- elide the new symlinks and reconstruct on clean:
    - [Debian] Update to new signing key type and location
    - [Packaging] autoreconstruct -- generate extend-diff-ignore for links
    - [Packaging] reconstruct -- update when inserting final changes
    - [Packaging] update to Debian like control scripts
    - [Packaging] switch to triggers for postinst.d postrm.d handling
    - [Packaging] signing -- switch to raw-signing tarballs
    - [Packaging] signing -- switch to linux-image as signed when available
    - [Packaging] printenv -- add signing options
    - [Packaging] fix invocation of header postinst hooks
    - [Packaging] signing -- add support for signing Opal kernel binaries
    - [Debian] Use src_pkg_name when constructing udeb control files
    - [Debian] Dynamically determine linux udebs package name
    - [Packaging] handle both linux-lts* and linux-hwe* as backports
    - [Config] linux-source-* is in the primary linux namespace
    - [Packaging] lookup the upstream tag
    - [Packaging] switch up to debhelper 9
    - [Packaging] autopkgtest -- disable d-i when dropping flavours
    - [debian] support for ship_extras_package=false
    - [Debian] do_common_tools should always be on
    - [debian] do not force do_tools_common
    - [Packaging] skip cloud tools packaging when not building package
    - [debian] prep linux-libc-dev only if do_libc_dev_package=true

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

  * kernel oops in bcache module (LP: #1793901)
    - SAUCE: bcache: never writeback a discard operation

  * iptables connlimit allows more connections than the limit when using
    multiple CPUs (LP: #1811094)
    - netfilter: connlimit: improve packet-to-closed-connection logic
    - netfilter: nf_conncount: fix garbage collection confirm race
    - netfilter: nf_conncount: don't skip eviction when age is negative

  * CVE-2019-6133
    - fork: record start_time late

  * test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS
    (LP: #1813001)
    - procfs: make /proc/*/{stack, syscall, personality} 0400

 -- Kleber Sacilotto de Souza <email address hidden> Thu, 07 Feb 2019 11:31:21 +0000

Source diff to previous version
1806380 linux-buildinfo: pull out ABI information into its own package
1764794 signing: only install a signed kernel
1786013 Packaging resync
1793901 kernel oops in bcache module
1811094 iptables connlimit allows more connections than the limit when using multiple CPUs
1813001 test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS
CVE-2019-6133 In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization deci

Version: 3.13.0-165.215 2019-02-04 10:08:03 UTC

  linux (3.13.0-165.215) trusty; urgency=medium

  * linux: 3.13.0-165.215 -proposed tracker (LP: #1811856)

  * CVE-2018-17972
    - proc: restrict kernel stack dumps to root

  * CVE-2018-18281
    - mremap: properly flush TLB before releasing the page

  * 29d6d30f5c8aa58b04f40a58442df3bcaae5a1d5 in btrfs_kernel_fixes failed on T
    (LP: #1809868)
    - Btrfs: send, don't send rmdir for same target multiple times

  * CVE-2018-9568
    - net: Set sk_prot_creator when cloning sockets to the right proto

  * CVE-2018-1066
    - cifs: empty TargetInfo leads to crash on recovery

 -- Khalid Elmously <email address hidden> Wed, 16 Jan 2019 06:19:08 +0000

1809868 29d6d30f5c8aa58b04f40a58442df3bcaae5a1d5 in btrfs_kernel_fixes failed on T
CVE-2018-17972 An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may i
CVE-2018-18281 Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes en
CVE-2018-9568 In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no add
CVE-2018-1066 The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker



About   -   Send Feedback to @ubuntu_updates