UbuntuUpdates.org

Package "linux-aws"

This package belongs to a PPA: Canonical Kernel Team

Name: linux-aws

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Header files related to Linux kernel version 4.4.0
  • Header files related to Linux kernel version 4.4.0
  • Header files related to Linux kernel version 4.4.0
  • Header files related to Linux kernel version 4.4.0

Latest version: 4.4.0-1014.14
Release: trusty (14.04)
Level: base
Repository: main

Links

Save this URL for the latest version of "linux-aws": https://www.ubuntuupdates.org/linux-aws



Other versions of "linux-aws" in Trusty

Repository Area Version
security universe 4.4.0-1014.14
updates universe 4.4.0-1014.14

Packages in group

Deleted packages are displayed in grey.

linux-aws-headers-4.4.0-1002 linux-aws-headers-4.4.0-1003 linux-aws-headers-4.4.0-1004 linux-aws-headers-4.4.0-1005 linux-aws-headers-4.4.0-1006
linux-aws-headers-4.4.0-1007 linux-aws-headers-4.4.0-1009 linux-aws-headers-4.4.0-1010 linux-aws-headers-4.4.0-1011 linux-aws-headers-4.4.0-1012
linux-aws-headers-4.4.0-1013 linux-aws-headers-4.4.0-1014

Changelog

Version: 4.4.0-1014.14 2018-02-16 00:08:42 UTC

 linux-aws (4.4.0-1014.14) trusty; urgency=medium
 .
   * linux-aws: 4.4.0-1014.14 -proposed tracker (LP: #1748486)
 .
   [ Ubuntu: 4.4.0-116.140 ]
 .
   * linux: 4.4.0-116.140 -proposed tracker (LP: #1748990)
   * BUG: unable to handle kernel NULL pointer dereference at 0000000000000009
     (LP: #1748671)
     - SAUCE: net: ipv4: fix for a race condition in raw_sendmsg -- fix backport
 .
   [ Ubuntu: 4.4.0-115.139 ]
 .
   * linux: 4.4.0-115.138 -proposed tracker (LP: #1748745)
   * CVE-2017-5715 (Spectre v2 Intel)
     - Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present"
     - SAUCE: turn off IBRS when full retpoline is present
     - [Packaging] retpoline files must be sorted
     - [Packaging] pull in retpoline files
 .
   [ Ubuntu: 4.4.0-114.137 ]
 .
   * linux: 4.4.0-114.137 -proposed tracker (LP: #1748484)
   * ALSA backport missing NVIDIA GPU codec IDs to patch table to
     Ubuntu 16.04 LTS Kernel (LP: #1744117)
     - ALSA: hda - Add missing NVIDIA GPU codec IDs to patch table
   * Shutdown hang on 16.04 with iscsi targets (LP: #1569925)
     - scsi: libiscsi: Allow sd_shutdown on bad transport
   * libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (LP: #1743053)
     - libata: apply MAX_SEC_1024 to all LITEON EP1 series devices
   * KVM patches for s390x to provide facility bits 81 (ppa15) and 82 (bpb)
     (LP: #1747090)
     - KVM: s390: wire up bpb feature
     - KVM: s390: Enable all facility bits that are known good for passthrough
   * CVE-2017-5715 (Spectre v2 Intel)
     - SAUCE: drop lingering gmb() macro
     - x86/feature: Enable the x86 feature to control Speculation
     - x86/feature: Report presence of IBPB and IBRS control
     - x86/enter: MACROS to set/clear IBRS and set IBPB
     - x86/enter: Use IBRS on syscall and interrupts
     - x86/idle: Disable IBRS entering idle and enable it on wakeup
     - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
     - x86/mm: Set IBPB upon context switch
     - x86/mm: Only set IBPB when the new thread cannot ptrace current thread
     - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
     - x86/kvm: Set IBPB when switching VM
     - x86/kvm: Toggle IBRS on VM entry and exit
     - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
     - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
     - x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR
     - x86/cpu/AMD: Add speculative control support for AMD
     - x86/microcode: Extend post microcode reload to support IBPB feature
     - KVM: SVM: Do not intercept new speculative control MSRs
     - x86/svm: Set IBRS value on VM entry and exit
     - x86/svm: Set IBPB when running a different VCPU
     - KVM: x86: Add speculative control CPUID support for guests
     - SAUCE: Fix spec_ctrl support in KVM
     - SAUCE: turn off IBPB when full retpoline is present
 .

Source diff to previous version
1748671 BUG: unable to handle kernel NULL pointer dereference at 0000000000000009
1744117 ALSA backport missing NVIDIA GPU codec IDs to patch table to Ubuntu 16.04 LTS Kernel
1743053 libata: apply MAX_SEC_1024 to all LITEON EP1 series devices
1747090 KVM patches for s390x to provide facility bits 81 (ppa15) and 82 (bpb)
CVE-2017-5715 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an at

Version: 4.4.0-1013.13 2018-02-08 22:08:43 UTC

 linux-aws (4.4.0-1013.13) trusty; urgency=low
 .
   * linux-aws: 4.4.0-1013.13 -proposed tracker (LP: #1746937)
 .
   [ Ubuntu: 4.4.0-113.136 ]
 .
   * linux: 4.4.0-113.136 -proposed tracker (LP: #1746936)
   * Missing install-time driver for QLogic QED 25/40/100Gb Ethernet NIC
     (LP: #1743638)
     - [d-i] Add qede to nic-modules udeb
   * CVE-2017-5753 (Spectre v1 Intel)
     - x86/cpu/AMD: Make the LFENCE instruction serialized
     - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature
     - SAUCE: reinstate MFENCE_RDTSC feature definition
     - locking/barriers: introduce new observable speculation barrier
     - bpf: prevent speculative execution in eBPF interpreter
     - x86, bpf, jit: prevent speculative execution when JIT is enabled
     - SAUCE: FIX: x86, bpf, jit: prevent speculative execution when JIT is enabled
     - carl9170: prevent speculative execution
     - qla2xxx: prevent speculative execution
     - Thermal/int340x: prevent speculative execution
     - ipv4: prevent speculative execution
     - ipv6: prevent speculative execution
     - fs: prevent speculative execution
     - net: mpls: prevent speculative execution
     - udf: prevent speculative execution
     - userns: prevent speculative execution
     - SAUCE: claim mitigation via observable speculation barrier
     - SAUCE: powerpc: add osb barrier
     - SAUCE: s390/spinlock: add osb memory barrier
     - SAUCE: arm64: no osb() implementation yet
     - SAUCE: arm: no osb() implementation yet
   * CVE-2017-5715 (Spectre v2 retpoline)
     - x86/cpuid: Provide get_scattered_cpuid_leaf()
     - x86/cpu: Factor out application of forced CPU caps
     - x86/cpufeatures: Make CPU bugs sticky
     - x86/cpufeatures: Add X86_BUG_CPU_INSECURE
     - x86/cpu, x86/pti: Do not enable PTI on AMD processors
     - x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN
     - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]
     - x86/cpu: Merge bugs.c and bugs_64.c
     - sysfs/cpu: Add vulnerability folder
     - x86/cpu: Implement CPU vulnerabilites sysfs functions
     - x86/alternatives: Add missing '\n' at end of ALTERNATIVE inline asm
     - x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier
     - x86/asm: Use register variable to get stack pointer value
     - x86/kbuild: enable modversions for symbols exported from asm
     - x86/asm: Make asm/alternative.h safe from assembly
     - EXPORT_SYMBOL() for asm
     - kconfig.h: use __is_defined() to check if MODULE is defined
     - x86/retpoline: Add initial retpoline support
     - x86/spectre: Add boot time option to select Spectre v2 mitigation
     - x86/retpoline/crypto: Convert crypto assembler indirect jumps
     - x86/retpoline/entry: Convert entry assembler indirect jumps
     - x86/retpoline/ftrace: Convert ftrace assembler indirect jumps
     - x86/retpoline/hyperv: Convert assembler indirect jumps
     - x86/retpoline/xen: Convert Xen hypercall indirect jumps
     - x86/retpoline/checksum32: Convert assembler indirect jumps
     - x86/retpoline/irq32: Convert assembler indirect jumps
     - x86/retpoline: Fill return stack buffer on vmexit
     - x86/retpoline: Remove compile time warning
     - x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros
     - module: Add retpoline tag to VERMAGIC
     - x86/mce: Make machine check speculation protected
     - retpoline: Introduce start/end markers of indirect thunk
     - kprobes/x86: Blacklist indirect thunk functions for kprobes
     - kprobes/x86: Disable optimizing on the function jumps to indirect thunk
     - x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
     - [Config] CONFIG_RETPOLINE=y
     - [Packaging] retpoline -- add call site validation
     - [Config] disable retpoline checks for first upload
   * CVE-2017-5715 (revert embargoed) // CVE-2017-5753 (revert embargoed)
     - Revert "UBUNTU: SAUCE: Fix spec_ctrl support in KVM"
     - Revert "x86/cpuid: Provide get_scattered_cpuid_leaf()"
     - Revert "kvm: vmx: Scrub hardware GPRs at VM-exit"
     - Revert "Revert "x86/svm: Add code to clear registers on VM exit""
     - Revert "UBUNTU: SAUCE: x86/microcode: Extend post microcode reload to
       support IBPB feature -- repair missmerge"
     - Revert "arm: no gmb() implementation yet"
     - Revert "arm64: no gmb() implementation yet"
     - Revert "UBUNTU: SAUCE: x86/kvm: Fix stuff_RSB() for 32-bit"
     - Revert "s390/spinlock: add gmb memory barrier"
     - Revert "powerpc: add gmb barrier"
     - Revert "x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature"
     - Revert "x86/cpu/AMD: Make the LFENCE instruction serialized"
     - Revert "x86/svm: Add code to clear registers on VM exit"
     - Revert "x86/svm: Add code to clobber the RSB on VM exit"
     - Revert "KVM: x86: Add speculative control CPUID support for guests"
     - Revert "x86/svm: Set IBPB when running a different VCPU"
     - Revert "x86/svm: Set IBRS value on VM entry and exit"
     - Revert "KVM: SVM: Do not intercept new speculative control MSRs"
     - Revert "x86/microcode: Extend post microcode reload to support IBPB feature"
     - Revert "x86/cpu/AMD: Add speculative control support for AMD"
     - Revert "x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR"
     - Revert "x86/entry: Use retpoline for syscall's indirect calls"
     - Revert "x86/syscall: Clear unused extra registers on 32-bit compatible
       syscall entrance"
     - Revert "x86/syscall: Clear unused extra registers on syscall entrance"
     - Revert "x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb
       control"
     - Revert "x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature"
     - Revert "x86/kvm: Pad RSB on VM transition"
     - Revert "x86/kvm: Toggle IBRS on VM entry and exit"
     - Revert "x86/kvm: Set IBPB when switching VM"
     - Revert "x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm"
     - Revert "x86/entry: Stuff RSB

Source diff to previous version
1745338 upload urgency should be medium by default
1743383 Do not duplicate changelog entries assigned to more than one bug or CVE
CVE-2017-5753 Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker wi
CVE-2017-5715 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an at
CVE-2017-17712 The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized sta
CVE-2017-12190 The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector h
CVE-2015-8952 The mbcache feature in the ext2 and ext4 filesystem implementations in the Linux kernel before 4.6 mishandles xattr block caching, which allows local
CVE-2017-15115 The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off act
CVE-2017-8824 The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of servic
CVE-2017-5754 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an at

Version: 4.4.0-1012.12 2018-01-30 23:08:30 UTC

 linux-aws (4.4.0-1012.12) trusty; urgency=low
 .
   * linux-aws: 4.4.0-1012.12 -proposed tracker (LP: #1746324)
 .
   * linux-aws serial console not recognized (LP: #1746318)
     - SAUCE: [aws] serial: 8250_pci: Add Amazon PCI serial device ID
     - [aws] config: SERIAL_8250_NR_UARTS=4

Source diff to previous version
1746318 linux-aws serial console not recognized

Version: 4.4.0-1011.11 2018-01-13 03:08:58 UTC

 linux-aws (4.4.0-1011.11) trusty; urgency=low
 .
   * linux-aws: 4.4.0-1011.11 -proposed tracker (LP: #1742998)
 .
   [ Ubuntu: 4.4.0-110.133 ]
 .
   * linux: 4.4.0-110.133 -proposed tracker (LP: #1742995)
   * CVE-2017-5753
     - x86/microcode/AMD: Add support for fam17h microcode loading
     - bpf: add bpf_patch_insn_single helper
     - bpf: prepare bpf_int_jit_compile/bpf_prog_select_runtime apis
     - bpf: add generic constant blinding for use in jits
     - locking/barriers: introduce new memory barrier gmb()
     - bpf: prevent speculative execution in eBPF interpreter
     - x86, bpf, jit: prevent speculative execution when JIT is enabled
     - uvcvideo: prevent speculative execution
     - carl9170: prevent speculative execution
     - qla2xxx: prevent speculative execution
     - Thermal/int340x: prevent speculative execution
     - userns: prevent speculative execution
     - ipv6: prevent speculative execution
     - fs: prevent speculative execution
     - net: mpls: prevent speculative execution
     - udf: prevent speculative execution
     - x86/feature: Enable the x86 feature to control Speculation
     - x86/feature: Report presence of IBPB and IBRS control
     - x86/enter: MACROS to set/clear IBRS and set IBPB
     - x86/enter: Use IBRS on syscall and interrupts
     - x86/idle: Disable IBRS entering idle and enable it on wakeup
     - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
     - x86/mm: Set IBPB upon context switch
     - x86/mm: Only set IBPB when the new thread cannot ptrace current thread
     - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
     - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
     - x86/kvm: Set IBPB when switching VM
     - x86/kvm: Toggle IBRS on VM entry and exit
     - x86/kvm: Pad RSB on VM transition
     - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
     - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
     - x86/syscall: Clear unused extra registers on syscall entrance
     - x86/syscall: Clear unused extra registers on 32-bit compatible syscall
       entrance
     - x86/entry: Use retpoline for syscall's indirect calls
     - x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR
     - x86/cpu/AMD: Add speculative control support for AMD
     - x86/microcode: Extend post microcode reload to support IBPB feature
     - KVM: SVM: Do not intercept new speculative control MSRs
     - x86/svm: Set IBRS value on VM entry and exit
     - x86/svm: Set IBPB when running a different VCPU
     - KVM: x86: Add speculative control CPUID support for guests
     - x86/svm: Add code to clobber the RSB on VM exit
     - x86/svm: Add code to clear registers on VM exit
     - x86/cpu/AMD: Make the LFENCE instruction serialized
     - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature
     - powerpc: add gmb barrier
     - s390/spinlock: add gmb memory barrier
     - SAUCE: x86/kvm: Fix stuff_RSB() for 32-bit
     - arm64: no gmb() implementation yet
     - arm: no gmb() implementation yet
   * CVE-2017-5715
     - x86/microcode/AMD: Add support for fam17h microcode loading
     - bpf: add bpf_patch_insn_single helper
     - bpf: prepare bpf_int_jit_compile/bpf_prog_select_runtime apis
     - bpf: add generic constant blinding for use in jits
     - locking/barriers: introduce new memory barrier gmb()
     - bpf: prevent speculative execution in eBPF interpreter
     - x86, bpf, jit: prevent speculative execution when JIT is enabled
     - uvcvideo: prevent speculative execution
     - carl9170: prevent speculative execution
     - qla2xxx: prevent speculative execution
     - Thermal/int340x: prevent speculative execution
     - userns: prevent speculative execution
     - ipv6: prevent speculative execution
     - fs: prevent speculative execution
     - net: mpls: prevent speculative execution
     - udf: prevent speculative execution
     - x86/feature: Enable the x86 feature to control Speculation
     - x86/feature: Report presence of IBPB and IBRS control
     - x86/enter: MACROS to set/clear IBRS and set IBPB
     - x86/enter: Use IBRS on syscall and interrupts
     - x86/idle: Disable IBRS entering idle and enable it on wakeup
     - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
     - x86/mm: Set IBPB upon context switch
     - x86/mm: Only set IBPB when the new thread cannot ptrace current thread
     - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
     - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
     - x86/kvm: Set IBPB when switching VM
     - x86/kvm: Toggle IBRS on VM entry and exit
     - x86/kvm: Pad RSB on VM transition
     - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
     - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
     - x86/syscall: Clear unused extra registers on syscall entrance
     - x86/syscall: Clear unused extra registers on 32-bit compatible syscall
       entrance
     - x86/entry: Use retpoline for syscall's indirect calls
     - x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR
     - x86/cpu/AMD: Add speculative control support for AMD
     - x86/microcode: Extend post microcode reload to support IBPB feature
     - KVM: SVM: Do not intercept new speculative control MSRs
     - x86/svm: Set IBRS value on VM entry and exit
     - x86/svm: Set IBPB when running a different VCPU
     - KVM: x86: Add speculative control CPUID support for guests
     - x86/svm: Add code to clobber the RSB on VM exit
     - x86/svm: Add code to clear registers on VM exit
     - x86/cpu/AMD: Make the LFENCE instruction serialized
     - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature
     - powerpc: add gmb barrier
     - s390/spinlock: add gmb memory barrier
     - SAUCE: x86/kvm: Fix stuff_RSB() for 32-bit
     - arm64: no gmb() implementation yet
     - arm: no gmb() implementation

Source diff to previous version
1742772 powerpc: flush L1D on return to use
1742771 s390: add ppa to kernel entry/exit
CVE-2017-5753 Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker wi
CVE-2017-5715 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an at
CVE-2017-5754 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an at

Version: 4.4.0-1010.10 2018-01-10 12:08:57 UTC

 linux-aws (4.4.0-1010.10) trusty; urgency=low
 .
   * linux-aws: 4.4.0-1010.10 -proposed tracker (LP: #1742253)
 .
 .
   [ Ubuntu: 4.4.0-109.132 ]
 .
   * linux: 4.4.0-109.132 -proposed tracker (LP: #1742252)
   * Kernel trace with xenial 4.4 (4.4.0-108.131, Candidate kernels for PTI fix)
     (LP: #1741934)
     - SAUCE: kaiser: fix perf crashes - fix to original commit
 .
   [ Ubuntu: 4.4.0-108.131 ]
 .
   * linux: 4.4.0-108.131 -proposed tracker (LP: #1741727)
   * CVE-2017-5754
     - x86/mm: Disable PCID on 32-bit kernels

1741934 Kernel trace with xenial 4.4 (4.4.0-108.131, Candidate kernels for PTI fix)
CVE-2017-5754 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an at



About   -   Send Feedback to @ubuntu_updates