Package "linux-hwe-5.8"
| Name: |
linux-hwe-5.8
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description.
Description samples from packages in group:
- Linux kernel buildinfo for version 5.8.0 on 64 bit x86 SMP
- Linux kernel buildinfo for version 5.8.0 on 64 bit x86 SMP
- Linux kernel version specific cloud tools for version 5.8.0-67
- Linux kernel version specific cloud tools for version 5.8.0-67
|
| Latest version: |
5.8.0-67.75 |
| Release: |
focal (20.04) |
| Level: |
base |
| Repository: |
main |
Links
Other versions of "linux-hwe-5.8" in Focal
Packages in group
Deleted packages are displayed in grey.
Changelog
|
linux-hwe-5.8 (5.8.0-67.75) focal; urgency=medium
.
* focal/linux-hwe-5.8: 5.8.0-67.75 -proposed tracker (LP: #1947262)
.
* CVE-2021-3744 // CVE-2021-3764
- crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
.
* CVE-2020-36385
- RDMA/cma: Add missing locking to rdma_accept()
- RDMA/ucma: Fix the locking of ctx->file
- RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy
.
* Packaging resync (LP: #1786013)
- [Packaging] update Ubuntu.md
|
| Source diff to previous version |
| 1786013 |
Packaging resync |
| CVE-2021-3744 |
crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() |
| CVE-2021-3764 |
DoS in ccp_run_aes_gcm_cmd() function |
| CVE-2020-36385 |
An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_l |
|
|
linux-hwe-5.8 (5.8.0-66.74) focal; urgency=medium
.
* focal/linux-hwe-5.8: 5.8.0-66.74 -proposed tracker (LP: #1944903)
.
* Packaging resync (LP: #1786013)
- debian/dkms-versions -- update from kernel-versions (main/2021.09.27)
.
* linux: btrfs: fix NULL pointer dereference when deleting device by invalid
id (LP: #1945987)
- btrfs: fix NULL pointer dereference when deleting device by invalid id
.
* CVE-2021-38199
- NFSv4: Initialise connection to the server in nfs4_alloc_client()
.
* BCM57800 SRIOV bug causes interfaces to disappear (LP: #1945707)
- bnx2x: Fix enabling network interfaces without VFs
.
* CVE-2021-3759
- memcg: enable accounting of ipc resources
.
* CVE-2019-19449
- f2fs: fix wrong total_sections check and fsmeta check
- f2fs: fix to do sanity check on segment/section count
.
* Support builtin revoked certificates (LP: #1932029)
- Revert "UBUNTU: SAUCE: Dump stack when X.509 certificates cannot be loaded"
- integrity: Move import of MokListRT certs to a separate routine
- integrity: Load certs from the EFI MOK config table
- certs: Add EFI_CERT_X509_GUID support for dbx entries
- certs: Move load_system_certificate_list to a common function
- certs: Add ability to preload revocation certs
- integrity: Load mokx variables into the blacklist keyring
- certs: add 'x509_revocation_list' to gitignore
- SAUCE: Dump stack when X.509 certificates cannot be loaded
- [Packaging] build canonical-revoked-certs.pem from branch/arch certs
- [Packaging] Revoke 2012 UEFI signing certificate as built-in
- [Config] Configure CONFIG_SYSTEM_REVOCATION_KEYS with revoked keys
.
* Support importing mokx keys into revocation list from the mok table
(LP: #1928679)
- efi: Support for MOK variable config table
- efi: mokvar-table: fix some issues in new code
- efi: mokvar: add missing include of asm/early_ioremap.h
- efi/mokvar: Reserve the table only if it is in boot services data
- SAUCE: integrity: add informational messages when revoking certs
.
* Support importing mokx keys into revocation list from the mok table
(LP: #1928679) // CVE-2020-26541 when certificates are revoked via
MokListXRT.
- SAUCE: integrity: Load mokx certs from the EFI MOK config table
.
* CVE-2020-36311
- KVM: SVM: Periodically schedule when unregistering regions on destroy
.
* CVE-2021-22543
- KVM: do not allow mapping valid but non-reference-counted pages
.
* CVE-2021-3612
- Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl
.
* CVE-2021-38207
- net: ll_temac: Fix TX BD buffer overwrite
.
* CVE-2021-40490
- ext4: fix race writing to an inline_data file while its xattrs are changing
.
* LRMv5: switch primary version handling to kernel-versions data set
(LP: #1928921)
- [Packaging] switch to kernel-versions
|
| Source diff to previous version |
| 1786013 |
Packaging resync |
| 1945987 |
linux: btrfs: fix NULL pointer dereference when deleting device by invalid id |
| 1945707 |
BCM57800 SRIOV bug causes interfaces to disappear |
| 1932029 |
Support builtin revoked certificates |
| 1928679 |
Support importing mokx keys into revocation list from the mok table |
| 1928921 |
LRMv5: switch primary version handling to kernel-versions data set |
| CVE-2021-38199 |
fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to caus |
| CVE-2021-3759 |
unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks |
| CVE-2019-19449 |
In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can lead to slab-out-of-bounds read access in f2fs_build_segment_manager in fs/f |
| CVE-2020-26541 |
The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects c |
| CVE-2020-36311 |
An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service (soft lockup) by trigger |
| CVE-2021-22543 |
An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed |
| CVE-2021-3612 |
An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls i |
| CVE-2021-38207 |
drivers/net/ethernet/xilinx/ll_temac_main.c in the Linux kernel before 5.12.13 allows remote attackers to cause a denial of service (buffer overflow |
| CVE-2021-40490 |
A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13. |
|
|
linux-hwe-5.8 (5.8.0-65.73) focal; urgency=medium
.
* focal/linux-hwe-5.8: 5.8.0-65.73 -proposed tracker (LP: #1939805)
.
* Packaging resync (LP: #1786013)
- [Packaging] update variants
- debian/dkms-versions -- update from kernel-versions (main/2021.08.16)
.
* CVE-2021-3656
- SAUCE: KVM: nSVM: always intercept VMLOAD/VMSAVE when nested
.
* CVE-2021-3653
- KVM: nSVM: introduce nested_svm_load_cr3()/nested_npt_enabled()
- SAUCE: KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl
|
| Source diff to previous version |
| 1786013 |
Packaging resync |
| CVE-2021-3656 |
KVM: nSVM: always intercept VMLOAD/VMSAVE when nested |
| CVE-2021-3653 |
KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl |
|
|
linux-hwe-5.8 (5.8.0-64.72) focal; urgency=medium
.
* focal/linux-hwe-5.8: 5.8.0-64.72 -proposed tracker (LP: #1937067)
.
* Packaging resync (LP: #1786013)
- [Packaging] update update.conf
.
* large_dir in ext4 broken (LP: #1933074)
- SAUCE: ext4: fix directory index node split corruption
.
* Add l2tp.sh in net from ubuntu_kernel_selftests back (LP: #1934293)
- Revert "UBUNTU: SAUCE: selftests/net -- disable l2tp.sh test"
.
* icmp_redirect.sh in net from ubuntu_kernel_selftests failed on F-OEM-5.6 /
F-OEM-5.10 / F-OEM-5.13 / F / G / H (LP: #1880645)
- selftests: icmp_redirect: support expected failures
.
* ubuntu-host driver lacks lseek ops (LP: #1934110)
- ubuntu-host: add generic lseek op
.
* ubuntu_kernel_selftests ftrace fails on arm64 F / aws-5.8 / amd64 F
azure-5.8 (LP: #1927749)
- selftests/ftrace: fix event-no-pid on 1-core machine
.
* pmtu.sh from net in ubuntu_kernel_selftests failed with no error message
(LP: #1887661)
- selftests: pmtu.sh: improve the test result processing
.
* cifs: On cifs_reconnect, resolve the hostname again (LP: #1929831)
- cifs: rename reconn_inval_dfs_target()
- cifs: Simplify reconnect code when dfs upcall is enabled
- cifs: Avoid error pointer dereference
- cifs: On cifs_reconnect, resolve the hostname again.
.
* Pixel format change broken for Elgato Cam Link 4K (LP: #1932367)
- (upstream) media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K
.
* Groovy update: upstream stable patchset 2021-06-28 (LP: #1933877)
- proc: Track /proc/$pid/attr/ opener mm_struct
- ASoC: max98088: fix ni clock divider calculation
- spi: Fix spi device unregister flow
- net/nfc/rawsock.c: fix a permission check bug
- ASoC: Intel: bytcr_rt5640: Add quirk for the Glavey TM800A550L tablet
- ASoC: Intel: bytcr_rt5640: Add quirk for the Lenovo Miix 3-830 tablet
- vfio-ccw: Serialize FSM IDLE state with I/O completion
- ASoC: sti-sas: add missing MODULE_DEVICE_TABLE
- spi: sprd: Add missing MODULE_DEVICE_TABLE
- isdn: mISDN: netjet: Fix crash in nj_probe:
- bonding: init notify_work earlier to avoid uninitialized use
- netlink: disable IRQs for netlink_lock_table()
- net: mdiobus: get rid of a BUG_ON()
- cgroup: disable controllers at parse time
- wq: handle VM suspension in stall detection
- net/qla3xxx: fix schedule while atomic in ql_sem_spinlock
- RDS tcp loopback connection can hang
- scsi: bnx2fc: Return failure if io_req is already in ABTS processing
- scsi: vmw_pvscsi: Set correct residual data length
- scsi: hisi_sas: Drop free_irq() of devm_request_irq() allocated irq
- scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal
- net: macb: ensure the device is available before accessing GEMGXL control
registers
- net: appletalk: cops: Fix data race in cops_probe1
- net: dsa: microchip: enable phy errata workaround on 9567
- nvme-fabrics: decode host pathing error for connect
- MIPS: Fix kernel hang under FUNCTION_GRAPH_TRACER and PREEMPT_TRACER
- dm verity: fix require_signatures module_param permissions
- bnx2x: Fix missing error code in bnx2x_iov_init_one()
- nvme-tcp: remove incorrect Kconfig dep in BLK_DEV_NVME
- powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P2041 i2c controllers
- powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P1010 i2c controllers
- spi: Don't have controller clean up spi device before driver unbind
- spi: Cleanup on failure of initial setup
- i2c: mpc: Make use of i2c_recover_bus()
- i2c: mpc: implement erratum A-004447 workaround
- x86/boot: Add .text.* to setup.ld
- spi: bcm2835: Fix out-of-bounds access with more than 4 slaves
- drm: Fix use-after-free read in drm_getunique()
- drm: Lock pointer access in drm_master_release()
- kvm: avoid speculation-based attacks from out-of-range memslot accesses
- staging: rtl8723bs: Fix uninitialized variables
- btrfs: return value from btrfs_mark_extent_written() in case of error
- btrfs: promote debugging asserts to full-fledged checks in validate_super
- cgroup1: don't allow '\n' in renaming
- USB: f_ncm: ncm_bitrate (speed) is unsigned
- usb: f_ncm: only first packet of aggregate needs to start timer
- usb: pd: Set PD_T_SINK_WAIT_CAP to 310ms
- usb: dwc3: ep0: fix NULL pointer exception
- usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling
- usb: typec: wcove: Use LE to CPU conversion when accessing msg->header
- usb: typec: ucsi: Clear PPM capability data in ucsi_init() error path
- usb: gadget: f_fs: Ensure io_completion_wq is idle during unbind
- USB: serial: ftdi_sio: add NovaTech OrionMX product ID
- USB: serial: omninet: add device id for Zyxel Omni 56K Plus
- USB: serial: quatech2: fix control-request directions
- USB: serial: cp210x: fix alternate function for CP2102N QFN20
- usb: gadget: eem: fix wrong eem header operation
- usb: fix various gadgets null ptr deref on 10gbps cabling.
- usb: fix various gadget panics on 10gbps cabling
- regulator: core: resolve supply for boot-on/always-on regulators
- regulator: max77620: Use device_set_of_node_from_dev()
- usb: typec: mux: Fix copy-paste mistake in typec_mux_match
- RDMA/ipoib: Fix warning caused by destroying non-initial netns
- RDMA/mlx4: Do not map the core_clock page to user space unless enabled
- vmlinux.lds.h: Avoid orphan section with !SMP
- perf: Fix data race between pin_count increment/decrement
- sched/fair: Make sure to update tg contrib for blocked load
- KVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message
- IB/mlx5: Fix initializing CQ fragments buffer
- NFS: Fix a potential NULL dereference in nfs_get_client()
- NFSv
|
| Source diff to previous version |
| 1786013 |
Packaging resync |
| 1933074 |
large_dir in ext4 broken |
| 1934110 |
ubuntu-host driver lacks lseek ops |
| 1929831 |
cifs: On cifs_reconnect, resolve the hostname again |
| 1932367 |
Pixel format change broken for Elgato Cam Link 4K |
| 1933877 |
Groovy update: upstream stable patchset 2021-06-28 |
| 1930188 |
Acer Aspire 5 sound driver issues |
| 1933541 |
Groovy update: upstream stable patchset 2021-06-24 |
| 1933262 |
Groovy update: upstream stable patchset 2021-06-22 |
| 1926165 |
Bass speakers not enabled on Lenovo Yoga 9i |
| 1932359 |
Groovy update: upstream stable patchset 2021-06-17 |
| 1925057 |
[82A1, Realtek ALC287, Speaker, Internal] Underruns, dropouts or crackling sound |
| 804178 |
\ |
|
|
linux-hwe-5.8 (5.8.0-61.68~20.04.1) focal; urgency=medium
.
* focal/linux-hwe-5.8: 5.8.0-61.68~20.04.1 -proposed tracker (LP: #1934092)
.
[ Ubuntu: 5.8.0-61.68 ]
.
* test_pmtu_vti4_link_add_mtu() test from net/pmtu.sh in
ubuntu_kernel_selftests cannot finish properly on 5.11 and 5.8
(LP: #1933969)
- ip6_gre: proper dev_{hold|put} in ndo_[un]init methods
- sit: proper dev_{hold|put} in ndo_[un]init methods
- ip6_tunnel: sit: proper dev_{hold|put} in ndo_[un]init methods
- ipv6: remove extra dev_hold() for fallback tunnels
.
|
| 1933969 |
test_pmtu_vti4_link_add_mtu() test from net/pmtu.sh in ubuntu_kernel_selftests cannot finish properly on 5.11 and 5.8 |
|
About
-
Send Feedback to @ubuntu_updates
