UbuntuUpdates.org

Package "linux-kvm"

Name: linux-kvm

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Header files related to Linux kernel version 4.15.0
Latest version: 4.15.0-1071.72
Release: bionic (18.04)
Level: proposed
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "linux-kvm" in Bionic

Repository Area Version
base main 4.15.0-1008.8
security main 4.15.0-1071.72
updates main 4.15.0-1071.72
PPA: Canonical Kernel Team 4.15.0-1072.73

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 4.15.0-1071.72 2020-07-10 16:06:15 UTC

  linux-kvm (4.15.0-1071.72) bionic; urgency=medium

  * bionic/linux-kvm: 4.15.0-1071.72 -proposed tracker (LP: #1887041)

  [ Ubuntu: 4.15.0-112.113 ]

  * bionic/linux: 4.15.0-112.113 -proposed tracker (LP: #1887048)
  * Packaging resync (LP: #1786013)
    - update dkms package versions
  * CVE-2020-11935
    - SAUCE: aufs: do not call i_readcount_inc()
    - SAUCE: aufs: bugfix, IMA i_readcount
  * CVE-2020-10757
    - mm: Fix mremap not considering huge pmd devmap
  * Update lockdown patches (LP: #1884159)
    - efi/efi_test: Lock down /dev/efi_test and require CAP_SYS_ADMIN
    - efi: Restrict efivar_ssdt_load when the kernel is locked down
    - powerpc/xmon: add read-only mode
    - powerpc/xmon: Restrict when kernel is locked down
    - [Config] CONFIG_XMON_DEFAULT_RO_MODE=y
    - SAUCE: acpi: disallow loading configfs acpi tables when locked down
  * seccomp_bpf fails on powerpc (LP: #1885757)
    - SAUCE: selftests/seccomp: fix ptrace tests on powerpc
  * Introduce the new NVIDIA 418-server and 440-server series, and update the
    current NVIDIA drivers (LP: #1881137)
    - [packaging] add signed modules for the 418-server and the 440-server
      flavours

  [ Ubuntu: 4.15.0-111.112 ]

  * bionic/linux: 4.15.0-111.112 -proposed tracker (LP: #1886999)
  * Bionic update: upstream stable patchset 2020-05-07 (LP: #1877461)
    - SAUCE: mlxsw: Add missmerged ERR_PTR hunk
  * linux 4.15.0-109-generic network DoS regression vs -108 (LP: #1886668)
    - SAUCE: Revert "netprio_cgroup: Fix unlimited memory leak of v2 cgroups"
Source diff to previous version
1786013 Packaging resync
1884159 Update lockdown patches
1885757 seccomp_bpf fails on powerpc
1877461 Bionic update: upstream stable patchset 2020-05-07
1886668 linux 4.15.0-109-generic network DoS regression vs -108
CVE-2020-10757 A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with acces

Version: 4.15.0-1070.71 2020-07-07 10:07:07 UTC

  linux-kvm (4.15.0-1070.71) bionic; urgency=medium

  * bionic/linux-kvm: 4.15.0-1070.71 -proposed tracker (LP: #1885807)

  * Build and ship a signed wireguard.ko (LP: #1861284)
    - [Config] kvm: wireguard -- enable on all architectures

  * LXD 4.2 broken on linux-kvm due to missing VLAN filtering (LP: #1882955)
    - [Config] VLAN_8021Q=m && BRIDGE_VLAN_FILTERING=y

  [ Ubuntu: 4.15.0-110.111 ]

  * bionic/linux: 4.15.0-110.111 -proposed tracker (LP: #1885814)
  * Packaging resync (LP: #1786013)
    - update dkms package versions
  * CVE-2020-11935
    - SAUCE: aufs: do not call i_readcount_inc()
    - SAUCE: aufs: bugfix, IMA i_readcount
  * CVE-2020-10757
    - mm: Fix mremap not considering huge pmd devmap
  * Update lockdown patches (LP: #1884159)
    - efi/efi_test: Lock down /dev/efi_test and require CAP_SYS_ADMIN
    - efi: Restrict efivar_ssdt_load when the kernel is locked down
    - powerpc/xmon: add read-only mode
    - powerpc/xmon: Restrict when kernel is locked down
    - [Config] CONFIG_XMON_DEFAULT_RO_MODE=y
    - SAUCE: acpi: disallow loading configfs acpi tables when locked down
  * seccomp_bpf fails on powerpc (LP: #1885757)
    - SAUCE: selftests/seccomp: fix ptrace tests on powerpc
  * Introduce the new NVIDIA 418-server and 440-server series, and update the
    current NVIDIA drivers (LP: #1881137)
    - [packaging] add signed modules for the 418-server and the 440-server
      flavours

 -- Sultan Alsawaf <email address hidden> Mon, 06 Jul 2020 12:39:53 -0700
1861284 Build and ship a signed wireguard.ko
1882955 LXD 4.2 broken on linux-kvm due to missing VLAN filtering
1786013 Packaging resync
1884159 Update lockdown patches
1885757 seccomp_bpf fails on powerpc
CVE-2020-10757 A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with acces

Version: *DELETED* 2020-07-02 13:06:28 UTC
No changelog for deleted or moved packages.

Version: 4.15.0-1069.70 2020-06-27 00:06:57 UTC

  linux-kvm (4.15.0-1069.70) bionic; urgency=medium

  * bionic/linux-kvm: 4.15.0-1069.70 -proposed tracker (LP: #1885042)

  * Build and ship a signed wireguard.ko (LP: #1861284)
    - [Packaging] kvm: Enable shipping pre-built wireguard

  [ Ubuntu: 4.15.0-109.110 ]

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
    - update dkms package versions
  * Build and ship a signed wireguard.ko (LP: #1861284)
    - [Packaging] wireguard -- add support for building signed .ko
  * CVE-2019-16089
    - SAUCE: nbd_genl_status: null check for nla_nest_start
  * CVE-2019-19642
    - kernel/relay.c: handle alloc_percpu returning NULL in relay_open
  * CVE-2019-12380
    - efi/x86/Add missing error handling to old_memmap 1:1 mapping code
  * CVE-2019-19039 // CVE-2019-19377
    - btrfs: sink flush_fn to extent_write_cache_pages
    - btrfs: extent_io: Move the BUG_ON() in flush_write_bio() one level up
    - btrfs: Don't submit any btree write bio if the fs has errors
  * CVE-2019-19036
    - btrfs: volumes: Use more straightforward way to calculate map length
    - btrfs: tree-checker: Try to detect missing INODE_ITEM
    - Btrfs: tree-checker: detect file extent items with overlapping ranges
    - Btrfs: make tree checker detect checksum items with overlapping ranges
    - btrfs: harden agaist duplicate fsid on scanned devices
    - Btrfs: fix missing data checksums after replaying a log tree
    - btrfs: reloc: fix reloc root leak and NULL pointer dereference
    - btrfs: Validate child tree block's level and first key
    - btrfs: Detect unbalanced tree with empty leaf before crashing btree
      operations
  * CVE-2019-19318
    - btrfs: tree-checker: Replace root parameter with fs_info
    - btrfs: tree-checker: Check level for leaves and nodes
    - btrfs: tree-checker: get fs_info from eb in generic_err
    - btrfs: tree-checker: get fs_info from eb in file_extent_err
    - btrfs: tree-checker: get fs_info from eb in check_csum_item
    - btrfs: tree-checker: get fs_info from eb in dir_item_err
    - btrfs: tree-checker: get fs_info from eb in check_dir_item
    - btrfs: tree-checker: get fs_info from eb in block_group_err
    - btrfs: tree-checker: get fs_info from eb in check_block_group_item
    - btrfs: tree-checker: get fs_info from eb in check_extent_data_item
    - btrfs: tree-checker: get fs_info from eb in check_leaf_item
    - btrfs: tree-checker: get fs_info from eb in check_leaf
    - btrfs: tree-checker: get fs_info from eb in chunk_err
    - btrfs: tree-checker: get fs_info from eb in dev_item_err
    - btrfs: tree-checker: get fs_info from eb in check_dev_item
    - btrfs: tree-checker: get fs_info from eb in check_inode_item
    - btrfs: tree-checker: Add ROOT_ITEM check
    - btrfs: tree-checker: Add EXTENT_ITEM and METADATA_ITEM check
    - btrfs: tree-checker: Add simple keyed refs check
    - btrfs: tree-checker: Add EXTENT_DATA_REF check
    - btrfs: tree-checker: Fix wrong check on max devid
    - Btrfs: fix selftests failure due to uninitialized i_mode in test inodes
  * CVE-2019-19813 // CVE-2019-19816
    - btrfs: Refactor parameter of BTRFS_MAX_DEVS() from root to fs_info
    - btrfs: Move btrfs_check_chunk_valid() to tree-check.[ch] and export it
    - btrfs: tree-checker: Make chunk item checker messages more readable
    - btrfs: tree-checker: Make btrfs_check_chunk_valid() return EUCLEAN instead
      of EIO
    - btrfs: tree-checker: Check chunk item at tree block read time
    - btrfs: tree-checker: Verify dev item
    - btrfs: tree-checker: Enhance chunk checker to validate chunk profile
    - btrfs: tree-checker: Verify inode item
    - btrfs: inode: Verify inode mode to avoid NULL pointer dereference
  * CVE-2020-0543
    - UBUNTU/SAUCE: x86/speculation/srbds: do not try to turn mitigation off when
      not supported
  * Build Nvidia drivers in conjunction with kernel (LP: #1764792)
    - [Packaging] disable nvidia dkms builds for mainline
  * Bionic update: upstream stable patchset 2020-06-02 (LP: #1881801)
    - i2c: dev: Fix the race between the release of i2c_dev and cdev
    - ima: Set file->f_mode instead of file->f_flags in ima_calc_file_hash()
    - evm: Check also if *tfm is an error pointer in init_desc()
    - ima: Fix return value of ima_write_policy()
    - fix multiplication overflow in copy_fdtable()
    - iommu/amd: Fix over-read of ACPI UID from IVRS table
    - i2c: mux: demux-pinctrl: Fix an error handling path in
      'i2c_demux_pinctrl_probe()'
    - ubi: Fix seq_file usage in detailed_erase_block_info debugfs file
    - gcc-common.h: Update for GCC 10
    - HID: multitouch: add eGalaxTouch P80H84 support
    - scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV
    - configfs: fix config_item refcnt leak in configfs_rmdir()
    - vhost/vsock: fix packet delivery order to monitoring devices
    - component: Silence bind error on -EPROBE_DEFER
    - scsi: ibmvscsi: Fix WARN_ON during event pool release
    - x86/apic: Move TSC deadline timer debug printk
    - gtp: set NLM_F_MULTI flag in gtp_genl_dump_pdp()
    - ceph: fix double unlock in handle_cap_export()
    - USB: core: Fix misleading driver bug report
    - platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA
    - ARM: futex: Address build warning
    - padata: Replace delayed timer with immediate workqueue in padata_reorder
    - padata: initialize pd->cpu with effective cpumask
    - padata: purge get_cpu and reorder_via_wq from padata_do_serial
    - arm64: fix the flush_icache_range arguments in machine_kexec
    - ALSA: iec1712: Initialize STDSP24 properly when using the model=staudio
      option
    - ALSA: pcm: fix incorrect hw_base increase
    - apparmor: Fix aa_label refcnt leak in policy_update
    - dmaengine: tegra210-adma: Fix an error handling path in 'tegra_adma_probe()'
    - powerpc: restore alphabetic order in Kconfig
    - powerpc: Remove STRICT_KERNEL_RWX incompatibility with RELOCATABLE
    -

Source diff to previous version
1861284 Build and ship a signed wireguard.ko
1786013 Packaging resync
1764792 Build Nvidia drivers in conjunction with kernel
1881801 Bionic update: upstream stable patchset 2020-06-02
1880014 Bionic update: upstream stable patchset 2020-05-21
1875916 upgrading to 4.15.0-99-generic breaks the sound and the trackpad
1866357 Pop sound from build-in speaker during cold boot and resume from S3
1879536 Bionic update: upstream stable patchset 2020-05-19
1876699 add 16-bit width registers support for EEPROM at24 device
1880834 qeth: utilize virtual MAC for Layer2 OSD devices
1879658 Cannot create ipvlans with \u003e 1500 MTU on recent Bionic kernels
1883874 dkms-build: downloads fail in private PPAs
CVE-2019-16089 An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status in drivers/block/nbd.c does not check the nla_nest_start_noflag return va
CVE-2019-19642 On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated att
CVE-2019-12380 **DISPUTED** An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. phys_efi_set_virtual_address_map in arch/x86/platform/ef
CVE-2019-19039 ** DISPUTED ** __btrfs_free_extent in fs/btrfs/extent-tree.c in the Linux kernel through 5.3.12 calls btrfs_print_leaf in a certain ENOENT case, whic
CVE-2019-19377 In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btr
CVE-2019-19036 btrfs_root_node in fs/btrfs/ctree.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because rcu_dereference(root->node) can be z
CVE-2019-19318 In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_
CVE-2019-19813 In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a
CVE-2019-19816 In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __b
CVE-2020-0543 Special Register Buffer Data Sampling
CVE-2020-10711 A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commer
CVE-2020-13143 gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel through 5.6.13 relies on kstrdup without considering the possibility o

Version: 4.15.0-1068.69 2020-06-11 15:07:20 UTC

  linux-kvm (4.15.0-1068.69) bionic; urgency=medium

  * bionic/linux-kvm: 4.15.0-1068.69 -proposed tracker (LP: #1882747)

  [ Ubuntu: 4.15.0-107.108 ]

  * CVE-2020-0543
    - UBUNTU/SAUCE: x86/speculation/srbds: do not try to turn mitigation off when
      not supported
  * Build Nvidia drivers in conjunction with kernel (LP: #1764792)
    - [Packaging] disable nvidia dkms builds for mainline
  * Bionic update: upstream stable patchset 2020-06-02 (LP: #1881801)
    - i2c: dev: Fix the race between the release of i2c_dev and cdev
    - ima: Set file->f_mode instead of file->f_flags in ima_calc_file_hash()
    - evm: Check also if *tfm is an error pointer in init_desc()
    - ima: Fix return value of ima_write_policy()
    - fix multiplication overflow in copy_fdtable()
    - iommu/amd: Fix over-read of ACPI UID from IVRS table
    - i2c: mux: demux-pinctrl: Fix an error handling path in
      'i2c_demux_pinctrl_probe()'
    - ubi: Fix seq_file usage in detailed_erase_block_info debugfs file
    - gcc-common.h: Update for GCC 10
    - HID: multitouch: add eGalaxTouch P80H84 support
    - scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV
    - configfs: fix config_item refcnt leak in configfs_rmdir()
    - vhost/vsock: fix packet delivery order to monitoring devices
    - component: Silence bind error on -EPROBE_DEFER
    - scsi: ibmvscsi: Fix WARN_ON during event pool release
    - x86/apic: Move TSC deadline timer debug printk
    - gtp: set NLM_F_MULTI flag in gtp_genl_dump_pdp()
    - ceph: fix double unlock in handle_cap_export()
    - USB: core: Fix misleading driver bug report
    - platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA
    - ARM: futex: Address build warning
    - padata: Replace delayed timer with immediate workqueue in padata_reorder
    - padata: initialize pd->cpu with effective cpumask
    - padata: purge get_cpu and reorder_via_wq from padata_do_serial
    - arm64: fix the flush_icache_range arguments in machine_kexec
    - ALSA: iec1712: Initialize STDSP24 properly when using the model=staudio
      option
    - ALSA: pcm: fix incorrect hw_base increase
    - apparmor: Fix aa_label refcnt leak in policy_update
    - dmaengine: tegra210-adma: Fix an error handling path in 'tegra_adma_probe()'
    - powerpc: restore alphabetic order in Kconfig
    - powerpc: Remove STRICT_KERNEL_RWX incompatibility with RELOCATABLE
    - powerpc/64s: Disable STRICT_KERNEL_RWX
    - x86/uaccess, ubsan: Fix UBSAN vs. SMAP
    - ubsan: build ubsan.c more conservatively
    - libnvdimm/btt: Remove unnecessary code in btt_freelist_init
    - libnvdimm/btt: Fix LBA masking during 'free list' population
    - media: fdp1: Fix R-Car M3-N naming in debug message
    - cxgb4: free mac_hlist properly
    - cxgb4/cxgb4vf: Fix mac_hlist initialization and free
    - Revert "gfs2: Don't demote a glock until its revokes are written"
    - staging: iio: ad2s1210: Fix SPI reading
    - staging: greybus: Fix uninitialized scalar variable
    - iio: sca3000: Remove an erroneous 'get_device()'
    - iio: dac: vf610: Fix an error handling path in 'vf610_dac_probe()'
    - mei: release me_cl object reference
    - rapidio: fix an error in get_user_pages_fast() error handling
    - rxrpc: Fix a memory leak in rxkad_verify_response()
    - x86/unwind/orc: Fix unwind_get_return_address_ptr() for inactive tasks
    - iio: adc: stm32-adc: Use dma_request_chan() instead
      dma_request_slave_channel()
    - iio: adc: stm32-adc: fix device used to request dma
    - riscv: set max_pfn to the PFN of the last page
    - ubifs: remove broken lazytime support
    - HID: alps: Add AUI1657 device ID
    - HID: alps: ALPS_1657 is too specific; use U1_UNICORN_LEGACY instead
    - aquantia: Fix the media type of AQC100 ethernet controller in the driver
    - HID: i2c-hid: reset Synaptics SYNA2393 on resume
    - HID: quirks: Add HID_QUIRK_NO_INIT_REPORTS quirk for Dell K12A keyboard-dock
    - stmmac: fix pointer check after utilization in stmmac_interrupt
    - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Xtreme
    - ALSA: hda/realtek - Add more fixup entries for Clevo machines
    - drm/etnaviv: fix perfmon domain interation
    - nfit: Add Hyper-V NVDIMM DSM command set to white list
    - thunderbolt: Drop duplicated get_switch_at_route()
    - net: bcmgenet: code movement
    - net: bcmgenet: abort suspend on error
    - misc: rtsx: Add short delay after exit from ASPM
  * Bionic update: upstream stable patchset 2020-05-21 (LP: #1880014)
    - USB: serial: qcserial: Add DW5816e support
    - dp83640: reverse arguments to list_add_tail
    - fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks
    - net: macsec: preserve ingress frame ordering
    - net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc()
    - net: usb: qmi_wwan: add support for DW5816e
    - sch_choke: avoid potential panic in choke_reset()
    - sch_sfq: validate silly quantum values
    - bnxt_en: Fix VLAN acceleration handling in bnxt_fix_features().
    - net/mlx5: Fix forced completion access non initialized command entry
    - net/mlx5: Fix command entry leak in Internal Error State
    - bnxt_en: Improve AER slot reset.
    - bnxt_en: Fix VF anti-spoof filter setup.
    - net: stricter validation of untrusted gso packets
    - ipv6: fix cleanup ordering for ip6_mr failure
    - HID: wacom: Read HID_DG_CONTACTMAX directly for non-generic devices
    - HID: usbhid: Fix race between usbhid_close() and usbhid_stop()
    - USB: uas: add quirk for LaCie 2Big Quadra
    - USB: serial: garmin_gps: add sanity checking for data length
    - tracing: Add a vmalloc_sync_mappings() for safe measure
    - KVM: arm: vgic: Fix limit condition when writing to GICD_I[CS]ACTIVER
    - mm/page_alloc: fix watchdog soft lockups during set_zone_contiguous()
    - coredump: fix crash when umh is disabled
    - batman-adv: fix batadv_nc_random_weight_tq
    - batman-adv: Fix refcnt leak in batadv_s
1764792 Build Nvidia drivers in conjunction with kernel
1881801 Bionic update: upstream stable patchset 2020-06-02
1880014 Bionic update: upstream stable patchset 2020-05-21
1875916 upgrading to 4.15.0-99-generic breaks the sound and the trackpad
1866357 Pop sound from build-in speaker during cold boot and resume from S3
1879536 Bionic update: upstream stable patchset 2020-05-19
1876699 add 16-bit width registers support for EEPROM at24 device
1880834 qeth: utilize virtual MAC for Layer2 OSD devices
1879658 Cannot create ipvlans with \u003e 1500 MTU on recent Bionic kernels
1786013 Packaging resync
CVE-2020-0543 Special Register Buffer Data Sampling
CVE-2020-10711 A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commer
CVE-2020-13143 gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel through 5.6.13 relies on kstrdup without considering the possibility o


About   -   Send Feedback to @ubuntu_updates