UbuntuUpdates.org

Package "linux-aws"

This package belongs to a PPA: Canonical Kernel Team

Name: linux-aws

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Header files related to Linux kernel version 4.15.0
  • Header files related to Linux kernel version 4.15.0
  • Header files related to Linux kernel version 4.15.0
  • Header files related to Linux kernel version 4.15.0

Latest version: 4.15.0-1033.35
Release: bionic (18.04)
Level: base
Repository: main

Links

Save this URL for the latest version of "linux-aws": https://www.ubuntuupdates.org/linux-aws



Other versions of "linux-aws" in Bionic

Repository Area Version
base main 4.15.0-1007.7
security main 4.15.0-1032.34
updates main 4.15.0-1032.34
proposed main 4.15.0-1033.35

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 4.15.0-1033.35 2019-02-06 16:09:27 UTC

 linux-aws (4.15.0-1033.35) bionic; urgency=medium
 .
   * linux-aws: 4.15.0-1033.35 -proposed tracker (LP: #1814731)
 .
   [ Ubuntu: 4.15.0-46.49 ]
 .
   * linux: 4.15.0-46.49 -proposed tracker (LP: #1814726)
   * mprotect fails on ext4 with dax (LP: #1799237)
     - x86/speculation/l1tf: Exempt zeroed PTEs from inversion
   * kernel BUG at /build/linux-vxxS7y/linux-4.15.0/mm/slub.c:296! (LP: #1812086)
     - iscsi target: fix session creation failure handling
     - scsi: iscsi: target: Set conn->sess to NULL when iscsi_login_set_conn_values
       fails
     - scsi: iscsi: target: Fix conn_ops double free
   * user_copy in user from ubuntu_kernel_selftests failed on KVM kernel
     (LP: #1812198)
     - selftests: user: return Kselftest Skip code for skipped tests
     - selftests: kselftest: change KSFT_SKIP=4 instead of KSFT_PASS
     - selftests: kselftest: Remove outdated comment
   * RTL8822BE WiFi Disabled in Kernel 4.18.0-12 (LP: #1806472)
     - SAUCE: staging: rtlwifi: allow RTLWIFI_DEBUG_ST to be disabled
     - [Config] CONFIG_RTLWIFI_DEBUG_ST=n
     - SAUCE: Add r8822be to signature inclusion list
   * kernel oops in bcache module (LP: #1793901)
     - SAUCE: bcache: never writeback a discard operation
   * CVE-2018-18397
     - userfaultfd: use ENOENT instead of EFAULT if the atomic copy user fails
     - userfaultfd: shmem: allocate anonymous memory for MAP_PRIVATE shmem
     - userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas
     - userfaultfd: shmem: add i_size checks
     - userfaultfd: shmem: UFFDIO_COPY: set the page dirty if VM_WRITE is not set
   * Ignore "incomplete report" from Elan touchpanels (LP: #1813733)
     - HID: i2c-hid: Ignore input report if there's no data present on Elan
       touchpanels
   * Vsock connect fails with ENODEV for large CID (LP: #1813934)
     - vhost/vsock: fix vhost vsock cid hashing inconsistent
   * SRU: Fix thinkpad 11e 3rd boot hang (LP: #1804604)
     - ACPI / LPSS: Force LPSS quirks on boot
   * Bionic update: upstream stable patchset 2019-01-17 (LP: #1812229)
     - scsi: sd_zbc: Fix variable type and bogus comment
     - KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in
       parallel.
     - x86/apm: Don't access __preempt_count with zeroed fs
     - x86/events/intel/ds: Fix bts_interrupt_threshold alignment
     - x86/MCE: Remove min interval polling limitation
     - fat: fix memory allocation failure handling of match_strdup()
     - ALSA: hda/realtek - Add Panasonic CF-SZ6 headset jack quirk
     - ARCv2: [plat-hsdk]: Save accl reg pair by default
     - ARC: Fix CONFIG_SWAP
     - ARC: configs: Remove CONFIG_INITRAMFS_SOURCE from defconfigs
     - ARC: mm: allow mprotect to make stack mappings executable
     - mm: memcg: fix use after free in mem_cgroup_iter()
     - mm/huge_memory.c: fix data loss when splitting a file pmd
     - cpufreq: intel_pstate: Register when ACPI PCCH is present
     - vfio/pci: Fix potential Spectre v1
     - stop_machine: Disable preemption when waking two stopper threads
     - drm/i915: Fix hotplug irq ack on i965/g4x
     - drm/nouveau: Use drm_connector_list_iter_* for iterating connectors
     - drm/nouveau: Avoid looping through fake MST connectors
     - gen_stats: Fix netlink stats dumping in the presence of padding
     - ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns
     - ipv6: fix useless rol32 call on hash
     - ipv6: ila: select CONFIG_DST_CACHE
     - lib/rhashtable: consider param->min_size when setting initial table size
     - net: diag: Don't double-free TCP_NEW_SYN_RECV sockets in tcp_abort
     - net: Don't copy pfmemalloc flag in __copy_skb_header()
     - skbuff: Unconditionally copy pfmemalloc in __skb_clone()
     - net/ipv4: Set oif in fib_compute_spec_dst
     - net: phy: fix flag masking in __set_phy_supported
     - ptp: fix missing break in switch
     - qmi_wwan: add support for Quectel EG91
     - tg3: Add higher cpu clock for 5762.
     - hv_netvsc: Fix napi reschedule while receive completion is busy
     - net/mlx4_en: Don't reuse RX page when XDP is set
     - net: systemport: Fix CRC forwarding check for SYSTEMPORT Lite
     - ipv6: make DAD fail with enhanced DAD when nonce length differs
     - net: usb: asix: replace mii_nway_restart in resume path
     - alpha: fix osf_wait4() breakage
     - cxl_getfile(): fix double-iput() on alloc_file() failures
     - powerpc/powernv: Fix save/restore of SPRG3 on entry/exit from stop (idle)
     - xhci: Fix perceived dead host due to runtime suspend race with event handler
     - KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer
     - x86/kvmclock: set pvti_cpu0_va after enabling kvmclock
     - ALSA: hda/realtek - Yet another Clevo P950 quirk entry
     - drm/amdgpu: Reserve VM root shared fence slot for command submission (v3)
     - rhashtable: add restart routine in rhashtable_free_and_destroy()
     - sch_fq_codel: zero q->flows_cnt when fq_codel_init fails
     - sctp: introduce sctp_dst_mtu
     - sctp: fix the issue that pathmtu may be set lower than MINSEGMENT
     - net: aquantia: vlan unicast address list correct handling
     - drm_mode_create_lease_ioctl(): fix open-coded filp_clone_open()
   * Bionic update: upstream stable patchset 2019-01-15 (LP: #1811877)
     - compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations
     - x86/asm: Add _ASM_ARG* constants for argument registers to
     - x86/paravirt: Make native_save_fl() extern inline
     - Btrfs: fix duplicate extents after fsync of file with prealloc extents
     - cpufreq / CPPC: Set platform specific transition_delay_us
     - PCI: exynos: Fix a potential init_clk_resources NULL pointer dereference
     - alx: take rtnl before calling __alx_open from resume
     - atm: Preserve value of skb->truesize when accounting to vcc
     - atm: zatm: Fix potential Spectre v1
     - ipv6: sr: fix passing wrong flags to crypto_

Source diff to previous version
1799237 mprotect fails on ext4 with dax
1812086 kernel BUG at /build/linux-vxxS7y/linux-4.15.0/mm/slub.c:296!
1812198 user_copy in user from ubuntu_kernel_selftests failed on KVM kernel
1806472 RTL8822BE WiFi Disabled in Kernel 4.18.0-12
1793901 kernel oops in bcache module
1813733 Ignore \
1813934 Vsock connect fails with ENODEV for large CID
1804604 SRU: Fix thinkpad 11e 3rd boot hang
1812229 Bionic update: upstream stable patchset 2019-01-17
1811877 Bionic update: upstream stable patchset 2019-01-15
1811777 Fix non-working pinctrl-intel
1812875 ip6_gre: fix tunnel list corruption for x-netns
1813873 Userspace break as a result of missing patch backport
1798776 kvm_stat : missing python dependency
1812797 [SRU] Fix Xorg crash with nomodeset when BIOS enable 64-bit fb addr
1812812 Fix non-working QCA Rome Bluetooth after S3
1813127 ptrace-tm-spd-gpr in powerpc/ptrace from ubuntu_kerenl_selftests failed on Bionic P8
1795453 [SRU] IO's are issued with incorrect Scatter Gather Buffer
1785816 Consider enabling CONFIG_NETWORK_PHY_TIMESTAMPING
1813532 x86/mm: Found insecure W+X mapping at address (ptrval)/0xc00a0000
1811929 Fix not working Goodix touchpad
1810797 bluetooth controller not detected with 4.15 kernel
1811755 X1 Extreme: only one of the two SSDs is loaded
1811803 Crash on \
1813663 External monitors does not work anymore 4.15.0-44
1813727 kernel 4.15.0-44 cannot mount ext4 fs with meta_bg enabled
CVE-2018-18397 The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowi
CVE-2018-19854 An issue was discovered in the Linux kernel before 4.19.3. crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configu
CVE-2019-6133 In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization deci

Version: 4.15.0-1032.34 2019-01-17 17:07:58 UTC

 linux-aws (4.15.0-1032.34) bionic; urgency=medium
 .
   * linux-aws: 4.15.0-1032.34 -proposed tracker (LP: #1811422)
 .
   * Packaging resync (LP: #1786013)
     - [Packaging] update update.conf
 .
   * Add Cavium ThunderX2 SoC UNCORE PMU driver (LP: #1811200)
     - [Config] New config CONFIG_THUNDERX2_PMU=m
 .
   * SATA device is not going to DEVSLP (LP: #1781533)
     - [Config] set CONFIG_SATA_MOBILE_LPM_POLICY=0
 .
   * Bionic update: upstream stable patchset 2019-01-04 (LP: #1810554)
     - [config] x86 CRYPTO_SALSA20 deprecated
 .
   [ Ubuntu: 4.15.0-44.47 ]
 .
   * linux: 4.15.0-44.47 -proposed tracker (LP: #1811419)
   * Packaging resync (LP: #1786013)
     - [Packaging] update helper scripts
   * CPU hard lockup with rigorous writes to NVMe drive (LP: #1810998)
     - blk-wbt: pass in enum wbt_flags to get_rq_wait()
     - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait
     - blk-wbt: move disable check into get_limit()
     - blk-wbt: use wq_has_sleeper() for wq active check
     - blk-wbt: fix has-sleeper queueing check
     - blk-wbt: abstract out end IO completion handler
     - blk-wbt: improve waking of tasks
   * To reduce the Realtek USB cardreader power consumption (LP: #1811337)
     - mmc: sdhci: Disable 1.8v modes (HS200/HS400/UHS) if controller can't support
       1.8v
     - mmc: core: Introduce MMC_CAP_SYNC_RUNTIME_PM
     - mmc: rtsx_usb_sdmmc: Don't runtime resume the device while changing led
     - mmc: rtsx_usb: Use MMC_CAP2_NO_SDIO
     - mmc: rtsx_usb: Enable MMC_CAP_ERASE to allow erase/discard/trim requests
     - mmc: rtsx_usb_sdmmc: Re-work runtime PM support
     - mmc: rtsx_usb_sdmmc: Re-work card detection/removal support
     - memstick: rtsx_usb_ms: Add missing pm_runtime_disable() in probe function
     - misc: rtsx_usb: Use USB remote wakeup signaling for card insertion detection
     - memstick: Prevent memstick host from getting runtime suspended during card
       detection
     - memstick: rtsx_usb_ms: Use ms_dev() helper
     - memstick: rtsx_usb_ms: Support runtime power management
   * Support non-strict iommu mode on arm64 (LP: #1806488)
     - iommu/io-pgtable-arm: Fix race handling in split_blk_unmap()
     - iommu/arm-smmu-v3: Implement flush_iotlb_all hook
     - iommu/dma: Add support for non-strict mode
     - iommu: Add "iommu.strict" command line option
     - iommu/io-pgtable-arm: Add support for non-strict mode
     - iommu/arm-smmu-v3: Add support for non-strict mode
     - iommu/io-pgtable-arm-v7s: Add support for non-strict mode
     - iommu/arm-smmu: Support non-strict mode
   * ELAN900C:00 04F3:2844 touchscreen doesn't work (LP: #1811335)
     - pinctrl: cannonlake: Fix community ordering for H variant
     - pinctrl: cannonlake: Fix HOSTSW_OWN register offset of H variant
   * Add Cavium ThunderX2 SoC UNCORE PMU driver (LP: #1811200)
     - perf: Export perf_event_update_userpage
     - Documentation: perf: Add documentation for ThunderX2 PMU uncore driver
     - drivers/perf: Add Cavium ThunderX2 SoC UNCORE PMU driver
     - [Config] New config CONFIG_THUNDERX2_PMU=m
   * Update hisilicon SoC-specific drivers (LP: #1810457)
     - SAUCE: Revert "net: hns3: Updates RX packet info fetch in case of multi BD"
     - Revert "UBUNTU: SAUCE: {topost} net: hns3: separate roce from nic when
       resetting"
     - Revert "UBUNTU: SAUCE: {topost} net: hns3: Use roce handle when calling roce
       callback function"
     - Revert "UBUNTU: SAUCE: {topost} net: hns3: Add calling roce callback
       function when link status change"
     - Revert "UBUNTU: SAUCE: {topost} net: hns3: optimize the process of notifying
       roce client"
     - Revert "UBUNTU: SAUCE: {topost} net: hns3: Add pf reset for hip08 RoCE"
     - scsi: hisi_sas: Remove depends on HAS_DMA in case of platform dependency
     - ethernet: hisilicon: hns: hns_dsaf_mac: Use generic eth_broadcast_addr
     - scsi: hisi_sas: consolidate command check in hisi_sas_get_ata_protocol()
     - scsi: hisi_sas: remove some unneeded structure members
     - scsi: hisi_sas: Introduce hisi_sas_phy_set_linkrate()
     - net: hns: Fix the process of adding broadcast addresses to tcam
     - net: hns3: remove redundant variable 'protocol'
     - scsi: hisi_sas: Drop hisi_sas_slot_abort()
     - net: hns: Make many functions static
     - net: hns: make hns_dsaf_roce_reset non static
     - net: hisilicon: hns: Replace mdelay() with msleep()
     - net: hns3: fix return value error while hclge_cmd_csq_clean failed
     - net: hns: remove redundant variables 'max_frm' and 'tmp_mac_key'
     - net: hns: Mark expected switch fall-through
     - net: hns3: Mark expected switch fall-through
     - net: hns3: Remove tx ring BD len register in hns3_enet
     - net: hns: modify variable type in hns_nic_reuse_page
     - net: hns: use eth_get_headlen interface instead of hns_nic_get_headlen
     - net: hns3: modify variable type in hns3_nic_reuse_page
     - net: hns3: Fix for vf vlan delete failed problem
     - net: hns3: Fix for multicast failure
     - net: hns3: Fix error of checking used vlan id
     - net: hns3: Implement shutdown ops in hns3 pci driver
     - net: hns3: Fix for loopback selftest failed problem
     - net: hns3: Fix ping exited problem when doing lp selftest
     - net: hns3: Preserve vlan 0 in hardware table
     - net: hns3: Only update mac configuation when necessary
     - net: hns3: Change the dst mac addr of loopback packet
     - net: hns3: Remove redundant codes of query advertised flow control abilitiy
     - net: hns3: Refine hns3_get_link_ksettings()
     - net: hns: make function hns_gmac_wait_fifo_clean() static
     - net: hns3: Add default irq affinity
     - net: hns3: Add unlikely for buf_num check
     - net: hns3: Remove tx budget to clean more TX descriptors in a napi
     - net: hns3: Remove packet statistics of public
     - net: hns3: Add support for hns3_nic_netdev_ops.ndo_do_ioctl
     - net: hns3: Set STATE_DOWN bit o

Source diff to previous version
1786013 Packaging resync
1811200 Add Cavium ThunderX2 SoC UNCORE PMU driver
1781533 SATA device is not going to DEVSLP
1810554 Bionic update: upstream stable patchset 2019-01-04
1810998 CPU hard lockup with rigorous writes to NVMe drive
1811337 To reduce the Realtek USB cardreader power consumption
1806488 Support non-strict iommu mode on arm64
1811335 ELAN900C:00 04F3:2844 touchscreen doesn't work
1810457 Update hisilicon SoC-specific drivers
1811094 iptables connlimit allows more connections than the limit when using multiple CPUs
1809046 Cannot initialize ATA disk if IDENTIFY command fails
1808912 scsi: libsas: fix a race condition when smp task timeout
1805085 Fix and issue that LG I2C touchscreen stops working after reboot
1805245 powerpc/powernv/pci: Work around races in PCI bridge enabling
1807757 Drivers: hv: vmbus: Offload the handling of channels to two workqueues
1802248 Disable LPM for Raydium Touchscreens
1805607 Power leakage at S5 with Qualcomm Atheros QCA9377 802.11ac Wireless Network Adapter
1806534 Fix USB2 device wrongly detected as USB1
1809488 armhf guests fail to boot in EFI mode
1801102 Bionic shows incorrect warning about number of pointers in TFD
1810891 audio output has constant noise on a Dell machine
1791758 ldisc crash on reopened tty
1808097 Console got stuck using serial tty after logout
1802454 fanotify10 in ubuntu_ltp_syscalls failed
1805344 SRU: Fix kernel xhci hang when resume from S3
1805081 Add pointstick support for Cirque Touchpad
1797587 Intel NVMe drives timeout when nvme format is attempted
1810892 lineout jack can't work on a Dell machine
1808353 Blacklist Realtek Virtual IPMI device
1809847 Ethernet[10ec:8136] doesn't work after S3 with kernel 4.15.0.43.64
1809219 Killer 802.11ac 2x2 (1550 or 1550i) [8086:2526][1a56:1550] is not supported
1811055 Support new Realtek ethernet chips
1805775 PC SN720 NVMe WDC 256GB consumes more power in S2Idle than during long idle
1804588 Power consumption during s2idle is higher than long idle (Intel SSDPEKKF)
1810781 mpt3sas - driver using the wrong register to update a queue index in FW
1810702 HP mobile workstations with hybrid graphics support, can not directly output to external monitors by dGPU
1802135 broken touchpad after i2c-i801 blacklist change
1806335 Enable new Realtek card reader
1806532 The line-out on the Dell Dock station can't work
1806380 linux-buildinfo: pull out ABI information into its own package
1806818 Fix Intel I210 doesn't work when ethernet cable gets plugged
1806850 Fix Terminus USB hub that may breaks connected USB devices after S3
1807342 Add support for Dell DW5821e WWAN/GPS module
1807333 Add support for 0cf3:535b QCA_ROME device
1808465 The mute led can't work anymore on the lenovo x1 carbon
1805079 click/pop noise in the headphone on several lenovo laptops
1728244 Touchpad stops working after reboot on Apollo Lake
1808729 MAC address pass through on RTL8153-BND for docking station
1805414 [Ubuntu] kernel: zcrypt: reinit ap queue state machine
1805802 [UBUNTU] qeth: fix length check in SNMP processing
1808183 ASPEED server console output extremely slow after upgrade to 18.04
1808399 Bionic update: upstream stable patchset 2018-12-13
1808185 Bionic update: upstream stable patchset 2018-12-12
1807469 Bionic update: upstream stable patchset 2018-12-07
1620762 Support AverMedia DVD EZMaker 7 USB video capture dongle
CVE-2018-16882 A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested(=1) virtualization is enabled.
CVE-2018-14625 A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condi
CVE-2018-17972 An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may i
CVE-2018-19407 The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer
CVE-2018-18281 Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes en

Version: 4.15.0-1031.33 2018-12-07 12:07:52 UTC

 linux-aws (4.15.0-1031.33) bionic; urgency=medium
 .
   * linux-aws: 4.15.0-1031.33 -proposed tracker (LP: #1806664)
 .
   * xen hibernation support for linux-aws (bionic) (LP: #1804533)
     - SAUCE [aws] x86/xen: Introduce new function to map HYPERVISOR_shared_info on
       Resume
     - SAUCE [aws] x86/xen: add system core suspend and resume callbacks
     - SAUCE [aws] xen-netfront: add callbacks for PM suspend and hibernation
       support
     - SAUCE [aws] xen-time-introduce-xen_-save-restore-_steal_clock
     - SAUCE [aws] x86/xen: save and restore steal clock
     - SAUCE [aws] xen/events: add xen_shutdown_pirqs helper function
     - SAUCE [aws] x86/xen: close event channels for PIRQs in system core suspend
       callback
     - SAUCE [aws] PM / hibernate: update the resume offset on
       SNAPSHOT_SET_SWAP_AREA
 .
   [ Ubuntu: 4.15.0-43.46 ]
 .
   * linux: 4.15.0-43.46 -proposed tracker (LP: #1806659)
   * System randomly hangs during suspend when mei_wdt is loaded (LP: #1803942)
     - SAUCE: base/dd: limit release function changes to vfio driver only
   * Workaround CSS timeout on AMD SNPS 3.0 xHC (LP: #1806838)
     - xhci: Allow more than 32 quirks
     - xhci: workaround CSS timeout on AMD SNPS 3.0 xHC
   * linux-buildinfo: pull out ABI information into its own package
     (LP: #1806380)
     - [Packaging] limit preparation to linux-libc-dev in headers
     - [Packaging] commonise debhelper invocation
     - [Packaging] ABI -- accumulate abi information at the end of the build
     - [Packaging] buildinfo -- add basic build information
     - [Packaging] buildinfo -- add firmware information to the flavour ABI
     - [Packaging] buildinfo -- add compiler information to the flavour ABI
     - [Packaging] buildinfo -- add buildinfo support to getabis
     - [Config] buildinfo -- add retpoline version markers
   * linux packages should own /usr/lib/linux/triggers (LP: #1770256)
     - [Packaging] own /usr/lib/linux/triggers
   * CVE-2018-12896
     - posix-timers: Sanitize overrun handling
   * CVE-2018-16276
     - USB: yurex: fix out-of-bounds uaccess in read handler
   * CVE-2018-10902
     - ALSA: rawmidi: Change resized buffers atomically
   * CVE-2018-18710
     - cdrom: fix improper type cast, which can leat to information leak.
   * CVE-2018-18690
     - xfs: don't fail when converting shortform attr to long form during
       ATTR_REPLACE
   * CVE-2018-14734
     - infiniband: fix a possible use-after-free bug
   * CVE-2018-18445
     - bpf: 32-bit RSH verification must truncate input before the ALU op
   * Packaging resync (LP: #1786013)
     - [Packaging] update helper scripts

Source diff to previous version
1804533 xen hibernation support for linux-aws (bionic)
1803942 System randomly hangs during suspend when mei_wdt is loaded
1806838 Workaround CSS timeout on AMD SNPS 3.0 xHC
1806380 linux-buildinfo: pull out ABI information into its own package
1770256 linux packages should own /usr/lib/linux/triggers
1786013 Packaging resync
CVE-2018-12896 An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by th
CVE-2018-16276 An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/write
CVE-2018-10902 It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_
CVE-2018-18710 An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by lo
CVE-2018-18690 In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the ne
CVE-2018-14734 drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup ste
CVE-2018-18445 In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-o

Version: 4.15.0-1028.29 2018-11-19 07:08:17 UTC

 linux-aws (4.15.0-1028.29) bionic; urgency=medium
 .
   * linux-aws: 4.15.0-1028.29 -proposed tracker (LP: #1802558)
 .
   * Improve AWS hibernation performance (LP: #1803613)
     - SAUCE: [aws] PM / hibernate: Speed up hibernation by batching requests
 .
   * Restore request-based mode to xen-blkfront for AWS kernels (LP: #1801305)
     - SAUCE: xen/manage: keep track of the on-going suspend mode
     - SAUCE: xen/manage: introduce helper function to know the on-going suspend
       mode
     - SAUCE: xenbus: add freeze/thaw/restore callbacks support
     - SAUCE: xen-blkfront: add callbacks for PM suspend and hibernation
     - SAUCE: xen-blkfront: resurrect request-based mode
     - SAUCE: xen-blkfront: Fixed blkfront_restore to remove a call to negotiate_mq
 .
   [ Ubuntu: 4.15.0-42.45 ]
 .
   * linux: 4.15.0-42.45 -proposed tracker (LP: #1803592)
   * [FEAT] Guest-dedicated Crypto Adapters (LP: #1787405)
     - KVM: s390: reset crypto attributes for all vcpus
     - KVM: s390: vsie: simulate VCPU SIE entry/exit
     - KVM: s390: introduce and use KVM_REQ_VSIE_RESTART
     - KVM: s390: refactor crypto initialization
     - s390: vfio-ap: base implementation of VFIO AP device driver
     - s390: vfio-ap: register matrix device with VFIO mdev framework
     - s390: vfio-ap: sysfs interfaces to configure adapters
     - s390: vfio-ap: sysfs interfaces to configure domains
     - s390: vfio-ap: sysfs interfaces to configure control domains
     - s390: vfio-ap: sysfs interface to view matrix mdev matrix
     - KVM: s390: interface to clear CRYCB masks
     - s390: vfio-ap: implement mediated device open callback
     - s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl
     - s390: vfio-ap: zeroize the AP queues
     - s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl
     - KVM: s390: Clear Crypto Control Block when using vSIE
     - KVM: s390: vsie: Do the CRYCB validation first
     - KVM: s390: vsie: Make use of CRYCB FORMAT2 clear
     - KVM: s390: vsie: Allow CRYCB FORMAT-2
     - KVM: s390: vsie: allow CRYCB FORMAT-1
     - KVM: s390: vsie: allow CRYCB FORMAT-0
     - KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1
     - KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2
     - KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2
     - KVM: s390: device attrs to enable/disable AP interpretation
     - KVM: s390: CPU model support for AP virtualization
     - s390: doc: detailed specifications for AP virtualization
     - KVM: s390: fix locking for crypto setting error path
     - KVM: s390: Tracing APCB changes
     - s390: vfio-ap: setup APCB mask using KVM dedicated function
     - s390/zcrypt: Add ZAPQ inline function.
     - s390/zcrypt: Review inline assembler constraints.
     - s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.
     - s390/zcrypt: fix ap_instructions_available() returncodes
     - s390/zcrypt: remove VLA usage from the AP bus
     - s390/zcrypt: Remove deprecated ioctls.
     - s390/zcrypt: Remove deprecated zcrypt proc interface.
     - s390/zcrypt: Support up to 256 crypto adapters.
     - [Config:] Enable CONFIG_S390_AP_IOMMU and set CONFIG_VFIO_AP to module.
   * Bypass of mount visibility through userns + mount propagation (LP: #1789161)
     - mount: Retest MNT_LOCKED in do_umount
     - mount: Don't allow copying MNT_UNBINDABLE|MNT_LOCKED mounts
   * CVE-2018-18955: nested user namespaces with more than five extents
     incorrectly grant privileges over inode (LP: #1801924) // CVE-2018-18955
     - userns: also map extents in the reverse map to kernel IDs
   * kdump fail due to an IRQ storm (LP: #1797990)
     - SAUCE: x86/PCI: Export find_cap() to be used in early PCI code
     - SAUCE: x86/quirks: Add parameter to clear MSIs early on boot
     - SAUCE: x86/quirks: Scan all busses for early PCI quirks
 .
   [ Ubuntu: 4.15.0-40.43 ]
 .
   * linux: 4.15.0-40.43 -proposed tracker (LP: #1802554)
   * crash in ENA driver on removing an interface (LP: #1802341)
     - SAUCE: net: ena: fix crash during ena_remove()
   * Ubuntu 18.04.1 - [s390x] Kernel panic while stressing network bonding
     (LP: #1797367)
     - s390/qeth: don't keep track of MAC address's cast type
     - s390/qeth: consolidate qeth MAC address helpers
     - s390/qeth: avoid using is_multicast_ether_addr_64bits on (u8 *)[6]
     - s390/qeth: remove outdated portname debug msg
     - s390/qeth: reduce hard-coded access to ccw channels
     - s390/qeth: sanitize strings in debug messages
   * [18.04 FEAT] zcrypt DD: introduce APQN tags to support deterministic driver
     binding (LP: #1799184)
     - s390/zcrypt: code beautify
     - s390/zcrypt: AP bus support for alternate driver(s)
     - s390/zcrypt: hex string mask improvements for apmask and aqmask.
     - s390/zcrypt: remove unused functions and declarations
     - s390/zcrypt: Show load of cards and queues in sysfs
   * [GLK/CLX] Enhanced IBRS (LP: #1786139)
     - x86/speculation: Remove SPECTRE_V2_IBRS in enum spectre_v2_mitigation
     - x86/speculation: Support Enhanced IBRS on future CPUs
   * Allow signed kernels to be kexec'ed under lockdown (LP: #1798441)
     - Fix kexec forbidding kernels signed with keys in the secondary keyring to
       boot
   * Overlayfs in user namespace leaks directory content of inaccessible
     directories (LP: #1793458) // CVE-2018-6559
     - SAUCE: overlayfs: ensure mounter privileges when reading directories
   * Update ENA driver to version 2.0.1K (LP: #1798182)
     - net: ena: remove ndo_poll_controller
     - net: ena: fix warning in rmmod caused by double iounmap
     - net: ena: fix rare bug when failed restart/resume is followed by driver
       removal
     - net: ena: fix NULL dereference due to untimely napi initialization
     - net: ena: fix auto casting to boolean
     - net: ena: minor performance improvement
     - net: ena: complete host info to match latest ENA spec
     - net: ena: introduce Low Latency Queues data structures acc

Source diff to previous version
1803613 Improve AWS hibernation performance
1801305 Restore request-based mode to xen-blkfront for AWS kernels
1787405 [FEAT] Guest-dedicated Crypto Adapters
1789161 Bypass of mount visibility through userns + mount propagation
1801924 CVE-2018-18955: nested user namespaces with more than five extents incorrectly grant privileges over inode
1797990 kdump fail due to an IRQ storm
1797367 Ubuntu 18.04.1 - [s390x] Kernel panic while stressing network bonding
1799184 [18.04 FEAT] zcrypt DD: introduce APQN tags to support deterministic driver binding
1786139 [GLK/CLX] Enhanced IBRS
1798441 Allow signed kernels to be kexec'ed under lockdown
1793458 Overlayfs in user namespace leaks directory content of inaccessible directories
1798182 Update ENA driver to version 2.0.1K
1800537 Bionic update: upstream stable patchset 2018-10-29
1799049 [bionic]mlx5: reading SW stats through ifstat cause kernel crash
1799281 [Bionic][Cosmic] ipmi: Fix timer race with module unload
1799276 [Bionic] ipmi: Remove ACPI SPMI probing from the SSIF (I2C) driver
1786729 execveat03 in ubuntu_ltp_syscalls failed on X/B
1799794 [Bionic][Cosmic] Fix to ipmi to support vendor specific messages greater than 255 bytes
1784501 libvirtd is unable to configure bridge devices inside of LXD containers
1800849 [Ubuntu] kvm: fix deadlock when killed by oom
1800639 [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport
1801875 Power consumption during s2idle is higher than long idle(sk hynix)
1798552 Enable keyboard wakeup for S2Idle laptops
1801878 NULL pointer dereference at 0000000000000020 when access dst_orig-\u003eops-\u003efamily in function xfrm_lookup_with_ifid()
1801686 [Ubuntu] qdio: reset old sbal_state flags
1802023 hns3: map tx ring to tc
1800641 [Ubuntu] qeth: Fix potential array overrun in cmd/rc lookup
1798165 Vulkan applications cause permanent memory leak with Intel GPU
1792580 Mounting SOFS SMB shares fails
1786013 Packaging resync
CVE-2018-18955 userns: also map extents in the reverse map to kernel IDs
CVE-2018-6559 The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able

Version: 4.15.0-1028.28 2018-11-17 04:09:40 UTC

 linux-aws (4.15.0-1028.28) bionic; urgency=medium
 .
   * Improve AWS hibernation performance (LP: #1803613)
     - SAUCE: [aws] PM / hibernate: Speed up hibernation by batching requests
 .
   * Restore request-based mode to xen-blkfront for AWS kernels (LP: #1801305)
     - SAUCE: xen/manage: keep track of the on-going suspend mode
     - SAUCE: xen/manage: introduce helper function to know the on-going suspend
       mode
     - SAUCE: xenbus: add freeze/thaw/restore callbacks support
     - SAUCE: xen-blkfront: add callbacks for PM suspend and hibernation
     - SAUCE: xen-blkfront: resurrect request-based mode
     - SAUCE: xen-blkfront: Fixed blkfront_restore to remove a call to negotiate_mq
 .
   [ Ubuntu: 4.15.0-42.45 ]
 .
   * linux: 4.15.0-42.45 -proposed tracker (LP: #1803592)
   * [FEAT] Guest-dedicated Crypto Adapters (LP: #1787405)
     - KVM: s390: reset crypto attributes for all vcpus
     - KVM: s390: vsie: simulate VCPU SIE entry/exit
     - KVM: s390: introduce and use KVM_REQ_VSIE_RESTART
     - KVM: s390: refactor crypto initialization
     - s390: vfio-ap: base implementation of VFIO AP device driver
     - s390: vfio-ap: register matrix device with VFIO mdev framework
     - s390: vfio-ap: sysfs interfaces to configure adapters
     - s390: vfio-ap: sysfs interfaces to configure domains
     - s390: vfio-ap: sysfs interfaces to configure control domains
     - s390: vfio-ap: sysfs interface to view matrix mdev matrix
     - KVM: s390: interface to clear CRYCB masks
     - s390: vfio-ap: implement mediated device open callback
     - s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl
     - s390: vfio-ap: zeroize the AP queues
     - s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl
     - KVM: s390: Clear Crypto Control Block when using vSIE
     - KVM: s390: vsie: Do the CRYCB validation first
     - KVM: s390: vsie: Make use of CRYCB FORMAT2 clear
     - KVM: s390: vsie: Allow CRYCB FORMAT-2
     - KVM: s390: vsie: allow CRYCB FORMAT-1
     - KVM: s390: vsie: allow CRYCB FORMAT-0
     - KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1
     - KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2
     - KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2
     - KVM: s390: device attrs to enable/disable AP interpretation
     - KVM: s390: CPU model support for AP virtualization
     - s390: doc: detailed specifications for AP virtualization
     - KVM: s390: fix locking for crypto setting error path
     - KVM: s390: Tracing APCB changes
     - s390: vfio-ap: setup APCB mask using KVM dedicated function
     - s390/zcrypt: Add ZAPQ inline function.
     - s390/zcrypt: Review inline assembler constraints.
     - s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.
     - s390/zcrypt: fix ap_instructions_available() returncodes
     - s390/zcrypt: remove VLA usage from the AP bus
     - s390/zcrypt: Remove deprecated ioctls.
     - s390/zcrypt: Remove deprecated zcrypt proc interface.
     - s390/zcrypt: Support up to 256 crypto adapters.
     - [Config:] Enable CONFIG_S390_AP_IOMMU and set CONFIG_VFIO_AP to module.
   * Bypass of mount visibility through userns + mount propagation (LP: #1789161)
     - mount: Retest MNT_LOCKED in do_umount
     - mount: Don't allow copying MNT_UNBINDABLE|MNT_LOCKED mounts
   * CVE-2018-18955: nested user namespaces with more than five extents
     incorrectly grant privileges over inode (LP: #1801924) // CVE-2018-18955
     - userns: also map extents in the reverse map to kernel IDs
   * kdump fail due to an IRQ storm (LP: #1797990)
     - SAUCE: x86/PCI: Export find_cap() to be used in early PCI code
     - SAUCE: x86/quirks: Add parameter to clear MSIs early on boot
     - SAUCE: x86/quirks: Scan all busses for early PCI quirks
 .
   [ Ubuntu: 4.15.0-40.43 ]
 .
   * linux: 4.15.0-40.43 -proposed tracker (LP: #1802554)
   * crash in ENA driver on removing an interface (LP: #1802341)
     - SAUCE: net: ena: fix crash during ena_remove()
   * Ubuntu 18.04.1 - [s390x] Kernel panic while stressing network bonding
     (LP: #1797367)
     - s390/qeth: don't keep track of MAC address's cast type
     - s390/qeth: consolidate qeth MAC address helpers
     - s390/qeth: avoid using is_multicast_ether_addr_64bits on (u8 *)[6]
     - s390/qeth: remove outdated portname debug msg
     - s390/qeth: reduce hard-coded access to ccw channels
     - s390/qeth: sanitize strings in debug messages
   * [18.04 FEAT] zcrypt DD: introduce APQN tags to support deterministic driver
     binding (LP: #1799184)
     - s390/zcrypt: code beautify
     - s390/zcrypt: AP bus support for alternate driver(s)
     - s390/zcrypt: hex string mask improvements for apmask and aqmask.
     - s390/zcrypt: remove unused functions and declarations
     - s390/zcrypt: Show load of cards and queues in sysfs
   * [GLK/CLX] Enhanced IBRS (LP: #1786139)
     - x86/speculation: Remove SPECTRE_V2_IBRS in enum spectre_v2_mitigation
     - x86/speculation: Support Enhanced IBRS on future CPUs
   * Allow signed kernels to be kexec'ed under lockdown (LP: #1798441)
     - Fix kexec forbidding kernels signed with keys in the secondary keyring to
       boot
   * Overlayfs in user namespace leaks directory content of inaccessible
     directories (LP: #1793458) // CVE-2018-6559
     - SAUCE: overlayfs: ensure mounter privileges when reading directories
   * Update ENA driver to version 2.0.1K (LP: #1798182)
     - net: ena: remove ndo_poll_controller
     - net: ena: fix warning in rmmod caused by double iounmap
     - net: ena: fix rare bug when failed restart/resume is followed by driver
       removal
     - net: ena: fix NULL dereference due to untimely napi initialization
     - net: ena: fix auto casting to boolean
     - net: ena: minor performance improvement
     - net: ena: complete host info to match latest ENA spec
     - net: ena: introduce Low Latency Queues data structures according to ENA spec
     - net: ena: add functions for handling Low

1803613 Improve AWS hibernation performance
1801305 Restore request-based mode to xen-blkfront for AWS kernels
1787405 [FEAT] Guest-dedicated Crypto Adapters
1789161 Bypass of mount visibility through userns + mount propagation
1801924 CVE-2018-18955: nested user namespaces with more than five extents incorrectly grant privileges over inode
1797990 kdump fail due to an IRQ storm
1797367 Ubuntu 18.04.1 - [s390x] Kernel panic while stressing network bonding
1799184 [18.04 FEAT] zcrypt DD: introduce APQN tags to support deterministic driver binding
1786139 [GLK/CLX] Enhanced IBRS
1798441 Allow signed kernels to be kexec'ed under lockdown
1793458 Overlayfs in user namespace leaks directory content of inaccessible directories
1798182 Update ENA driver to version 2.0.1K
1800537 Bionic update: upstream stable patchset 2018-10-29
1799049 [bionic]mlx5: reading SW stats through ifstat cause kernel crash
1799281 [Bionic][Cosmic] ipmi: Fix timer race with module unload
1799276 [Bionic] ipmi: Remove ACPI SPMI probing from the SSIF (I2C) driver
1786729 execveat03 in ubuntu_ltp_syscalls failed on X/B
1799794 [Bionic][Cosmic] Fix to ipmi to support vendor specific messages greater than 255 bytes
1784501 libvirtd is unable to configure bridge devices inside of LXD containers
1800849 [Ubuntu] kvm: fix deadlock when killed by oom
1800639 [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport
1801875 Power consumption during s2idle is higher than long idle(sk hynix)
1798552 Enable keyboard wakeup for S2Idle laptops
1801878 NULL pointer dereference at 0000000000000020 when access dst_orig-\u003eops-\u003efamily in function xfrm_lookup_with_ifid()
1801686 [Ubuntu] qdio: reset old sbal_state flags
1802023 hns3: map tx ring to tc
1800641 [Ubuntu] qeth: Fix potential array overrun in cmd/rc lookup
1798165 Vulkan applications cause permanent memory leak with Intel GPU
1792580 Mounting SOFS SMB shares fails
1786013 Packaging resync
CVE-2018-18955 userns: also map extents in the reverse map to kernel IDs
CVE-2018-6559 The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able



About   -   Send Feedback to @ubuntu_updates