UbuntuUpdates.org

Package "linux-kvm"

This package belongs to a PPA: Canonical Kernel Team

Name: linux-kvm

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Header files related to Linux kernel version 4.4.0
  • Header files related to Linux kernel version 4.4.0
  • Header files related to Linux kernel version 4.4.0
  • Header files related to Linux kernel version 4.4.0

Latest version: 4.4.0-1019.24
Release: xenial (16.04)
Level: base
Repository: main

Links

Save this URL for the latest version of "linux-kvm": https://www.ubuntuupdates.org/linux-kvm



Other versions of "linux-kvm" in Xenial

Repository Area Version
security main 4.4.0-1017.22
updates universe 4.4.0-1007.12
updates main 4.4.0-1017.22
proposed main 4.4.0-1019.24

Packages in group

Deleted packages are displayed in grey.

linux-kvm-headers-4.4.0-1003 linux-kvm-headers-4.4.0-1004 linux-kvm-headers-4.4.0-1005 linux-kvm-headers-4.4.0-1006 linux-kvm-headers-4.4.0-1007
linux-kvm-headers-4.4.0-1008 linux-kvm-headers-4.4.0-1009 linux-kvm-headers-4.4.0-1010 linux-kvm-headers-4.4.0-1011 linux-kvm-headers-4.4.0-1012
linux-kvm-headers-4.4.0-1013 linux-kvm-headers-4.4.0-1014 linux-kvm-headers-4.4.0-1015 linux-kvm-headers-4.4.0-1017 linux-kvm-headers-4.4.0-1018
linux-kvm-headers-4.4.0-1019

Changelog

Version: 4.4.0-1019.24 2018-02-13 12:08:36 UTC

 linux-kvm (4.4.0-1019.24) xenial; urgency=medium
 .
   * linux-kvm: 4.4.0-1019.24 -proposed tracker (LP: #1749092)
 .
   [ Ubuntu: 4.4.0-116.140 ]
 .
   * linux: 4.4.0-116.140 -proposed tracker (LP: #1748990)
   * BUG: unable to handle kernel NULL pointer dereference at 0000000000000009
     (LP: #1748671)
     - SAUCE: net: ipv4: fix for a race condition in raw_sendmsg -- fix backport
 .
   [ Ubuntu: 4.4.0-115.139 ]
 .
   * linux: 4.4.0-115.138 -proposed tracker (LP: #1748745)
   * CVE-2017-5715 (Spectre v2 Intel)
     - Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present"
     - SAUCE: turn off IBRS when full retpoline is present
     - [Packaging] retpoline files must be sorted
     - [Packaging] pull in retpoline files
 .
   [ Ubuntu: 4.4.0-114.137 ]
 .
   * linux: 4.4.0-114.137 -proposed tracker (LP: #1748484)
   * ALSA backport missing NVIDIA GPU codec IDs to patch table to
     Ubuntu 16.04 LTS Kernel (LP: #1744117)
     - ALSA: hda - Add missing NVIDIA GPU codec IDs to patch table
   * Shutdown hang on 16.04 with iscsi targets (LP: #1569925)
     - scsi: libiscsi: Allow sd_shutdown on bad transport
   * libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (LP: #1743053)
     - libata: apply MAX_SEC_1024 to all LITEON EP1 series devices
   * KVM patches for s390x to provide facility bits 81 (ppa15) and 82 (bpb)
     (LP: #1747090)
     - KVM: s390: wire up bpb feature
     - KVM: s390: Enable all facility bits that are known good for passthrough
   * CVE-2017-5715 (Spectre v2 Intel)
     - SAUCE: drop lingering gmb() macro
     - x86/feature: Enable the x86 feature to control Speculation
     - x86/feature: Report presence of IBPB and IBRS control
     - x86/enter: MACROS to set/clear IBRS and set IBPB
     - x86/enter: Use IBRS on syscall and interrupts
     - x86/idle: Disable IBRS entering idle and enable it on wakeup
     - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
     - x86/mm: Set IBPB upon context switch
     - x86/mm: Only set IBPB when the new thread cannot ptrace current thread
     - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
     - x86/kvm: Set IBPB when switching VM
     - x86/kvm: Toggle IBRS on VM entry and exit
     - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
     - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
     - x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR
     - x86/cpu/AMD: Add speculative control support for AMD
     - x86/microcode: Extend post microcode reload to support IBPB feature
     - KVM: SVM: Do not intercept new speculative control MSRs
     - x86/svm: Set IBRS value on VM entry and exit
     - x86/svm: Set IBPB when running a different VCPU
     - KVM: x86: Add speculative control CPUID support for guests
     - SAUCE: Fix spec_ctrl support in KVM
     - SAUCE: turn off IBPB when full retpoline is present
 .

Source diff to previous version
1748671 BUG: unable to handle kernel NULL pointer dereference at 0000000000000009
1744117 ALSA backport missing NVIDIA GPU codec IDs to patch table to Ubuntu 16.04 LTS Kernel
1743053 libata: apply MAX_SEC_1024 to all LITEON EP1 series devices
1747090 KVM patches for s390x to provide facility bits 81 (ppa15) and 82 (bpb)
CVE-2017-5715 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an at

Version: 4.4.0-1018.23 2018-02-08 15:08:45 UTC

 linux-kvm (4.4.0-1018.23) xenial; urgency=low
 .
   * linux-kvm: 4.4.0-1018.23 -proposed tracker (LP: #1746944)
 .
   [ Ubuntu: 4.4.0-113.136 ]
 .
   * linux: 4.4.0-113.136 -proposed tracker (LP: #1746936)
   * Missing install-time driver for QLogic QED 25/40/100Gb Ethernet NIC
     (LP: #1743638)
     - [d-i] Add qede to nic-modules udeb
   * CVE-2017-5753 (Spectre v1 Intel)
     - x86/cpu/AMD: Make the LFENCE instruction serialized
     - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature
     - SAUCE: reinstate MFENCE_RDTSC feature definition
     - locking/barriers: introduce new observable speculation barrier
     - bpf: prevent speculative execution in eBPF interpreter
     - x86, bpf, jit: prevent speculative execution when JIT is enabled
     - SAUCE: FIX: x86, bpf, jit: prevent speculative execution when JIT is enabled
     - carl9170: prevent speculative execution
     - qla2xxx: prevent speculative execution
     - Thermal/int340x: prevent speculative execution
     - ipv4: prevent speculative execution
     - ipv6: prevent speculative execution
     - fs: prevent speculative execution
     - net: mpls: prevent speculative execution
     - udf: prevent speculative execution
     - userns: prevent speculative execution
     - SAUCE: claim mitigation via observable speculation barrier
     - SAUCE: powerpc: add osb barrier
     - SAUCE: s390/spinlock: add osb memory barrier
     - SAUCE: arm64: no osb() implementation yet
     - SAUCE: arm: no osb() implementation yet
   * CVE-2017-5715 (Spectre v2 retpoline)
     - x86/cpuid: Provide get_scattered_cpuid_leaf()
     - x86/cpu: Factor out application of forced CPU caps
     - x86/cpufeatures: Make CPU bugs sticky
     - x86/cpufeatures: Add X86_BUG_CPU_INSECURE
     - x86/cpu, x86/pti: Do not enable PTI on AMD processors
     - x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN
     - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]
     - x86/cpu: Merge bugs.c and bugs_64.c
     - sysfs/cpu: Add vulnerability folder
     - x86/cpu: Implement CPU vulnerabilites sysfs functions
     - x86/alternatives: Add missing '\n' at end of ALTERNATIVE inline asm
     - x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier
     - x86/asm: Use register variable to get stack pointer value
     - x86/kbuild: enable modversions for symbols exported from asm
     - x86/asm: Make asm/alternative.h safe from assembly
     - EXPORT_SYMBOL() for asm
     - kconfig.h: use __is_defined() to check if MODULE is defined
     - x86/retpoline: Add initial retpoline support
     - x86/spectre: Add boot time option to select Spectre v2 mitigation
     - x86/retpoline/crypto: Convert crypto assembler indirect jumps
     - x86/retpoline/entry: Convert entry assembler indirect jumps
     - x86/retpoline/ftrace: Convert ftrace assembler indirect jumps
     - x86/retpoline/hyperv: Convert assembler indirect jumps
     - x86/retpoline/xen: Convert Xen hypercall indirect jumps
     - x86/retpoline/checksum32: Convert assembler indirect jumps
     - x86/retpoline/irq32: Convert assembler indirect jumps
     - x86/retpoline: Fill return stack buffer on vmexit
     - x86/retpoline: Remove compile time warning
     - x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros
     - module: Add retpoline tag to VERMAGIC
     - x86/mce: Make machine check speculation protected
     - retpoline: Introduce start/end markers of indirect thunk
     - kprobes/x86: Blacklist indirect thunk functions for kprobes
     - kprobes/x86: Disable optimizing on the function jumps to indirect thunk
     - x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
     - [Config] CONFIG_RETPOLINE=y
     - [Packaging] retpoline -- add call site validation
     - [Config] disable retpoline checks for first upload
   * CVE-2017-5715 (revert embargoed) // CVE-2017-5753 (revert embargoed)
     - Revert "UBUNTU: SAUCE: Fix spec_ctrl support in KVM"
     - Revert "x86/cpuid: Provide get_scattered_cpuid_leaf()"
     - Revert "kvm: vmx: Scrub hardware GPRs at VM-exit"
     - Revert "Revert "x86/svm: Add code to clear registers on VM exit""
     - Revert "UBUNTU: SAUCE: x86/microcode: Extend post microcode reload to
       support IBPB feature -- repair missmerge"
     - Revert "arm: no gmb() implementation yet"
     - Revert "arm64: no gmb() implementation yet"
     - Revert "UBUNTU: SAUCE: x86/kvm: Fix stuff_RSB() for 32-bit"
     - Revert "s390/spinlock: add gmb memory barrier"
     - Revert "powerpc: add gmb barrier"
     - Revert "x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature"
     - Revert "x86/cpu/AMD: Make the LFENCE instruction serialized"
     - Revert "x86/svm: Add code to clear registers on VM exit"
     - Revert "x86/svm: Add code to clobber the RSB on VM exit"
     - Revert "KVM: x86: Add speculative control CPUID support for guests"
     - Revert "x86/svm: Set IBPB when running a different VCPU"
     - Revert "x86/svm: Set IBRS value on VM entry and exit"
     - Revert "KVM: SVM: Do not intercept new speculative control MSRs"
     - Revert "x86/microcode: Extend post microcode reload to support IBPB feature"
     - Revert "x86/cpu/AMD: Add speculative control support for AMD"
     - Revert "x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR"
     - Revert "x86/entry: Use retpoline for syscall's indirect calls"
     - Revert "x86/syscall: Clear unused extra registers on 32-bit compatible
       syscall entrance"
     - Revert "x86/syscall: Clear unused extra registers on syscall entrance"
     - Revert "x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb
       control"
     - Revert "x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature"
     - Revert "x86/kvm: Pad RSB on VM transition"
     - Revert "x86/kvm: Toggle IBRS on VM entry and exit"
     - Revert "x86/kvm: Set IBPB when switching VM"
     - Revert "x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm"
     - Revert "x86/entry: Stuff RSB

Source diff to previous version
1745338 upload urgency should be medium by default
1743383 Do not duplicate changelog entries assigned to more than one bug or CVE
CVE-2017-5753 Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker wi
CVE-2017-5715 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an at
CVE-2017-17712 The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized sta
CVE-2017-12190 The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector h
CVE-2015-8952 The mbcache feature in the ext2 and ext4 filesystem implementations in the Linux kernel before 4.6 mishandles xattr block caching, which allows local
CVE-2017-15115 The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off act
CVE-2017-8824 The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of servic
CVE-2017-5754 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an at

Version: 4.4.0-1017.22 2018-01-13 03:09:00 UTC

 linux-kvm (4.4.0-1017.22) xenial; urgency=low
 .
   * linux-kvm: 4.4.0-1016.21 -proposed tracker (LP: #1743002)
 .
   [ Ubuntu: 4.4.0-110.133 ]
 .
   * linux: 4.4.0-110.133 -proposed tracker (LP: #1742995)
   * CVE-2017-5753
     - x86/microcode/AMD: Add support for fam17h microcode loading
     - bpf: add bpf_patch_insn_single helper
     - bpf: prepare bpf_int_jit_compile/bpf_prog_select_runtime apis
     - bpf: add generic constant blinding for use in jits
     - locking/barriers: introduce new memory barrier gmb()
     - bpf: prevent speculative execution in eBPF interpreter
     - x86, bpf, jit: prevent speculative execution when JIT is enabled
     - uvcvideo: prevent speculative execution
     - carl9170: prevent speculative execution
     - qla2xxx: prevent speculative execution
     - Thermal/int340x: prevent speculative execution
     - userns: prevent speculative execution
     - ipv6: prevent speculative execution
     - fs: prevent speculative execution
     - net: mpls: prevent speculative execution
     - udf: prevent speculative execution
     - x86/feature: Enable the x86 feature to control Speculation
     - x86/feature: Report presence of IBPB and IBRS control
     - x86/enter: MACROS to set/clear IBRS and set IBPB
     - x86/enter: Use IBRS on syscall and interrupts
     - x86/idle: Disable IBRS entering idle and enable it on wakeup
     - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
     - x86/mm: Set IBPB upon context switch
     - x86/mm: Only set IBPB when the new thread cannot ptrace current thread
     - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
     - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
     - x86/kvm: Set IBPB when switching VM
     - x86/kvm: Toggle IBRS on VM entry and exit
     - x86/kvm: Pad RSB on VM transition
     - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
     - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
     - x86/syscall: Clear unused extra registers on syscall entrance
     - x86/syscall: Clear unused extra registers on 32-bit compatible syscall
       entrance
     - x86/entry: Use retpoline for syscall's indirect calls
     - x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR
     - x86/cpu/AMD: Add speculative control support for AMD
     - x86/microcode: Extend post microcode reload to support IBPB feature
     - KVM: SVM: Do not intercept new speculative control MSRs
     - x86/svm: Set IBRS value on VM entry and exit
     - x86/svm: Set IBPB when running a different VCPU
     - KVM: x86: Add speculative control CPUID support for guests
     - x86/svm: Add code to clobber the RSB on VM exit
     - x86/svm: Add code to clear registers on VM exit
     - x86/cpu/AMD: Make the LFENCE instruction serialized
     - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature
     - powerpc: add gmb barrier
     - s390/spinlock: add gmb memory barrier
     - SAUCE: x86/kvm: Fix stuff_RSB() for 32-bit
     - arm64: no gmb() implementation yet
     - arm: no gmb() implementation yet
   * CVE-2017-5715
     - x86/microcode/AMD: Add support for fam17h microcode loading
     - bpf: add bpf_patch_insn_single helper
     - bpf: prepare bpf_int_jit_compile/bpf_prog_select_runtime apis
     - bpf: add generic constant blinding for use in jits
     - locking/barriers: introduce new memory barrier gmb()
     - bpf: prevent speculative execution in eBPF interpreter
     - x86, bpf, jit: prevent speculative execution when JIT is enabled
     - uvcvideo: prevent speculative execution
     - carl9170: prevent speculative execution
     - qla2xxx: prevent speculative execution
     - Thermal/int340x: prevent speculative execution
     - userns: prevent speculative execution
     - ipv6: prevent speculative execution
     - fs: prevent speculative execution
     - net: mpls: prevent speculative execution
     - udf: prevent speculative execution
     - x86/feature: Enable the x86 feature to control Speculation
     - x86/feature: Report presence of IBPB and IBRS control
     - x86/enter: MACROS to set/clear IBRS and set IBPB
     - x86/enter: Use IBRS on syscall and interrupts
     - x86/idle: Disable IBRS entering idle and enable it on wakeup
     - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
     - x86/mm: Set IBPB upon context switch
     - x86/mm: Only set IBPB when the new thread cannot ptrace current thread
     - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
     - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
     - x86/kvm: Set IBPB when switching VM
     - x86/kvm: Toggle IBRS on VM entry and exit
     - x86/kvm: Pad RSB on VM transition
     - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
     - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
     - x86/syscall: Clear unused extra registers on syscall entrance
     - x86/syscall: Clear unused extra registers on 32-bit compatible syscall
       entrance
     - x86/entry: Use retpoline for syscall's indirect calls
     - x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR
     - x86/cpu/AMD: Add speculative control support for AMD
     - x86/microcode: Extend post microcode reload to support IBPB feature
     - KVM: SVM: Do not intercept new speculative control MSRs
     - x86/svm: Set IBRS value on VM entry and exit
     - x86/svm: Set IBPB when running a different VCPU
     - KVM: x86: Add speculative control CPUID support for guests
     - x86/svm: Add code to clobber the RSB on VM exit
     - x86/svm: Add code to clear registers on VM exit
     - x86/cpu/AMD: Make the LFENCE instruction serialized
     - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature
     - powerpc: add gmb barrier
     - s390/spinlock: add gmb memory barrier
     - SAUCE: x86/kvm: Fix stuff_RSB() for 32-bit
     - arm64: no gmb() implementation yet
     - arm: no gmb() implementation

Source diff to previous version
1742772 powerpc: flush L1D on return to use
1742771 s390: add ppa to kernel entry/exit
CVE-2017-5753 Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker wi
CVE-2017-5715 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an at
CVE-2017-5754 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an at

Version: 4.4.0-1015.20 2018-01-07 10:07:57 UTC

 linux-kvm (4.4.0-1015.20) xenial; urgency=low
 .
   * linux-kvm: 4.4.0-1015.20 -proposed tracker (LP: #1741651)
 .
   [ Ubuntu: 4.4.0-107.130 ]
 .
   * linux: 4.4.0-107.130 -proposed tracker (LP: #1741643)
   * CVE-2017-5754
     - Revert "UBUNTU: SAUCE: arch/x86/entry/vdso: temporarily disable vdso"
     - KPTI: Report when enabled
     - x86, vdso, pvclock: Simplify and speed up the vdso pvclock reader
     - x86/vdso: Get pvclock data from the vvar VMA instead of the fixmap
     - x86/kasan: Clear kasan_zero_page after TLB flush
     - kaiser: Set _PAGE_NX only if supported
 .
   [ Ubuntu: 4.4.0-106.129 ]
 .
   * linux: 4.4.0-106.129 -proposed tracker (LP: #1741528)
   * CVE-2017-5754
     - KAISER: Kernel Address Isolation
     - kaiser: merged update
     - kaiser: do not set _PAGE_NX on pgd_none
     - kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE
     - kaiser: fix build and FIXME in alloc_ldt_struct()
     - kaiser: KAISER depends on SMP
     - kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER
     - kaiser: fix perf crashes
     - kaiser: ENOMEM if kaiser_pagetable_walk() NULL
     - kaiser: tidied up asm/kaiser.h somewhat
     - kaiser: tidied up kaiser_add/remove_mapping slightly
     - kaiser: kaiser_remove_mapping() move along the pgd
     - kaiser: cleanups while trying for gold link
     - kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET
     - kaiser: delete KAISER_REAL_SWITCH option
     - kaiser: vmstat show NR_KAISERTABLE as nr_overhead
     - x86/mm: Enable CR4.PCIDE on supported systems
     - x86/mm: Build arch/x86/mm/tlb.c even on !SMP
     - x86/mm, sched/core: Uninline switch_mm()
     - x86/mm: Add INVPCID helpers
     - x86/mm: If INVPCID is available, use it to flush global mappings
     - kaiser: enhanced by kernel and user PCIDs
     - kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user
     - kaiser: PCID 0 for kernel and 128 for user
     - kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user
     - kaiser: paranoid_entry pass cr3 need to paranoid_exit
     - kaiser: _pgd_alloc() without __GFP_REPEAT to avoid stalls
     - kaiser: fix unlikely error in alloc_ldt_struct()
     - kaiser: add "nokaiser" boot option, using ALTERNATIVE
     - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling
     - x86/boot: Add early cmdline parsing for options with arguments
     - x86/kaiser: Check boottime cmdline params
     - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush
     - kaiser: drop is_atomic arg to kaiser_pagetable_walk()
     - kaiser: asm/tlbflush.h handle noPGE at lower level
     - kaiser: kaiser_flush_tlb_on_return_to_user() check PCID
     - x86/paravirt: Dont patch flush_tlb_single
     - x86/kaiser: Reenable PARAVIRT
     - kaiser: disabled on Xen PV
     - x86/kaiser: Move feature detection up
     - kvm: x86: fix RSM when PCID is non-zero
     - SAUCE: arch/x86/entry/vdso: temporarily disable vdso
     - [Config]: CONFIG_KAISER=y

Source diff to previous version
CVE-2017-5754 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an at

Version: 4.4.0-1014.19 2017-12-15 19:08:12 UTC

 linux-kvm (4.4.0-1014.19) xenial; urgency=low
 .
   * linux-kvm: 4.4.0-1014.19 -proposed tracker (LP: #1737923)
 .
 .
   [ Ubuntu: 4.4.0-105.128 ]
 .
   * linux: 4.4.0-105.128 -proposed tracker (LP: #1737916)
   * CVE-CVE-2017-12190
     - more bio_map_user_iov() leak fixes
   * CVE-2015-8952
     - mbcache2: reimplement mbcache
     - ext2: convert to mbcache2
     - ext4: convert to mbcache2
     - mbcache2: limit cache size
     - mbcache2: Use referenced bit instead of LRU
     - ext4: kill ext4_mballoc_ready
     - ext4: shortcut setting of xattr to the same value
     - mbcache: remove mbcache
     - mbcache2: rename to mbcache
     - mbcache: get rid of _e_hash_list_head
     - mbcache: add reusable flag to cache entries
   * CVE-2017-15115
     - sctp: do not peel off an assoc from one netns to another one
   * CVE-2017-8824
     - dccp: CVE-2017-8824: use-after-free in DCCP code
 .
   [ Ubuntu: 4.4.0-105.128 ]
 .
   * linux: 4.4.0-105.128 -proposed tracker (LP: #1737916)
   * CVE-CVE-2017-12190
     - more bio_map_user_iov() leak fixes
   * CVE-2015-8952
     - mbcache2: reimplement mbcache
     - ext2: convert to mbcache2
     - ext4: convert to mbcache2
     - mbcache2: limit cache size
     - mbcache2: Use referenced bit instead of LRU
     - ext4: kill ext4_mballoc_ready
     - ext4: shortcut setting of xattr to the same value
     - mbcache: remove mbcache
     - mbcache2: rename to mbcache
     - mbcache: get rid of _e_hash_list_head
     - mbcache: add reusable flag to cache entries
   * CVE-2017-15115
     - sctp: do not peel off an assoc from one netns to another one
   * CVE-2017-8824
     - dccp: CVE-2017-8824: use-after-free in DCCP code

CVE-2017-12190 The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector h
CVE-2015-8952 The mbcache feature in the ext2 and ext4 filesystem implementations in the Linux kernel before 4.6 mishandles xattr block caching, which allows local
CVE-2017-15115 The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off act
CVE-2017-8824 The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of servic



About   -   Send Feedback to @ubuntu_updates