UbuntuUpdates.org

Package "linux-hwe-edge"

Name: linux-hwe-edge

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Linux kernel buildinfo for version 5.0.0 on 32 bit x86 SMP
  • Linux kernel buildinfo for version 5.0.0 on 32 bit x86 SMP
  • Linux kernel buildinfo for version 5.0.0 on 32 bit x86 SMP
  • Linux kernel buildinfo for version 5.0.0 on 32 bit x86 SMP

Latest version: 5.3.0-24.26~18.04.2
Release: bionic (18.04)
Level: security
Repository: main

Links



Other versions of "linux-hwe-edge" in Bionic

Repository Area Version
updates main 5.3.0-24.26~18.04.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 5.0.0-20.21~18.04.1 2019-06-29 15:07:04 UTC

  linux-hwe-edge (5.0.0-20.21~18.04.1) bionic; urgency=medium

  * linux-hwe-edge: 5.0.0-20.21~18.04.1 -proposed tracker (LP: #1833930)

  [ Ubuntu: 5.0.0-20.21 ]

  * linux: 5.0.0-20.21 -proposed tracker (LP: #1833934)
  * CVE-2019-11479
    - SAUCE: tcp: add tcp_min_snd_mss sysctl
    - SAUCE: tcp: enforce tcp_min_snd_mss in tcp_mtu_probing()
  * Remote denial of service (resource exhaustion) caused by TCP SACK scoreboard
    manipulation (LP: #1831638) // CVE-2019-11478
    - tcp: refine memory limit test in tcp_fragment()

 -- Khalid Elmously <email address hidden> Wed, 26 Jun 2019 03:11:10 -0400

Source diff to previous version
1831638 Remote denial of service (resource exhaustion) caused by TCP SACK scoreboard manipulation
CVE-2019-11479 Jonathan Looney discovered that the Linux kernel default MSS is hard-c ...
CVE-2019-11478 Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling cer

Version: 5.0.0-19.20~18.04.1 2019-06-25 00:06:41 UTC

  linux-hwe-edge (5.0.0-19.20~18.04.1) bionic; urgency=medium

  [ Ubuntu: 5.0.0-19.20 ]

  * CVE-2019-12817
    - SAUCE: powerpc/mm/64s/hash: Reallocate context ids on fork

 -- Kleber Sacilotto de Souza <email address hidden> Thu, 20 Jun 2019 12:25:00 +0200

Source diff to previous version
CVE-2019-12817 RESERVED

Version: 5.0.0-17.18~18.04.1 2019-06-19 18:06:30 UTC

  linux-hwe-edge (5.0.0-17.18~18.04.1) bionic; urgency=medium

  [ Ubuntu: 5.0.0-17.18 ]

  * Remote denial of service (resource exhaustion) caused by TCP SACK scoreboard
    manipulation (LP: #1831638)
    - SAUCE: tcp: tcp_fragment() should apply sane memory limits
  * Remote denial of service (system crash) caused by integer overflow in TCP
    SACK handling (LP: #1831637)
    - SAUCE: tcp: limit payload size of sacked skbs

 -- Stefan Bader <email address hidden> Wed, 05 Jun 2019 14:29:25 +0200

Source diff to previous version
1831638 Remote denial of service (resource exhaustion) caused by TCP SACK scoreboard manipulation
1831637 Remote denial of service (system crash) caused by integer overflow in TCP SACK handling

Version: 5.0.0-16.17~18.04.1 2019-06-05 14:07:15 UTC

  linux-hwe-edge (5.0.0-16.17~18.04.1) bionic; urgency=medium

  * linux-hwe-edge: 5.0.0-16.17~18.04.1 -proposed tracker (LP: #1829171)

  * Disco update: 5.0.8 upstream stable release (LP: #1828415)
    - [Packaging] remove n_r3964 from built modules list

  [ Ubuntu: 5.0.0-16.17 ]

  * linux: 5.0.0-16.17 -proposed tracker (LP: #1829173)
  * shiftfs: lock security sensitive superblock flags (LP: #1827122)
    - SAUCE: shiftfs: lock down certain superblock flags
  * Please package libbpf (which is done out of the kernel src) in Debian [for
    19.10] (LP: #1826410)
    - SAUCE: tools -- fix add ability to disable libbfd
  * Disco update: 5.0.8 upstream stable release (LP: #1828415)
    - drm/i915/gvt: do not let pin count of shadow mm go negative
    - kbuild: pkg: use -f $(srctree)/Makefile to recurse to top Makefile
    - netfilter: nft_compat: use .release_ops and remove list of extension
    - netfilter: nf_tables: use-after-free in dynamic operations
    - netfilter: nf_tables: add missing ->release_ops() in error path of newrule()
    - hv_netvsc: Fix unwanted wakeup after tx_disable
    - ibmvnic: Fix completion structure initialization
    - ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type
    - ipv6: Fix dangling pointer when ipv6 fragment
    - ipv6: sit: reset ip header pointer in ipip6_rcv
    - kcm: switch order of device registration to fix a crash
    - net: ethtool: not call vzalloc for zero sized memory request
    - net-gro: Fix GRO flush when receiving a GSO packet.
    - net/mlx5: Decrease default mr cache size
    - netns: provide pure entropy for net_hash_mix()
    - net: rds: force to destroy connection if t_sock is NULL in
      rds_tcp_kill_sock().
    - net/sched: act_sample: fix divide by zero in the traffic path
    - net/sched: fix ->get helper of the matchall cls
    - qmi_wwan: add Olicard 600
    - r8169: disable ASPM again
    - sctp: initialize _pad of sockaddr_in before copying to user memory
    - tcp: Ensure DCTCP reacts to losses
    - tcp: fix a potential NULL pointer dereference in tcp_sk_exit
    - vrf: check accept_source_route on the original netdevice
    - net/mlx5e: Fix error handling when refreshing TIRs
    - net/mlx5e: Add a lock on tir list
    - nfp: validate the return code from dev_queue_xmit()
    - nfp: disable netpoll on representors
    - bnxt_en: Improve RX consumer index validity check.
    - bnxt_en: Reset device on RX buffer errors.
    - net: ip_gre: fix possible use-after-free in erspan_rcv
    - net: ip6_gre: fix possible use-after-free in ip6erspan_rcv
    - net: bridge: always clear mcast matching struct on reports and leaves
    - net: thunderx: fix NULL pointer dereference in nicvf_open/nicvf_stop
    - net: vrf: Fix ping failed when vrf mtu is set to 0
    - net: core: netif_receive_skb_list: unlist skb before passing to pt->func
    - r8169: disable default rx interrupt coalescing on RTL8168
    - net: mlx5: Add a missing check on idr_find, free buf
    - net/mlx5e: Update xoff formula
    - net/mlx5e: Update xon formula
    - kbuild: clang: choose GCC_TOOLCHAIN_DIR not on LD
    - lib/string.c: implement a basic bcmp
    - Revert "clk: meson: clean-up clock registration"
    - tty: mark Siemens R3964 line discipline as BROKEN
    - [Config]: remove CONFIG_R3964
    - [Config]: add CONFIG_LDISC_AUTOLOAD=y
    - tty: ldisc: add sysctl to prevent autoloading of ldiscs
    - hwmon: (w83773g) Select REGMAP_I2C to fix build error
    - hwmon: (occ) Fix power sensor indexing
    - SMB3: Allow persistent handle timeout to be configurable on mount
    - HID: logitech: Handle 0 scroll events for the m560
    - ACPICA: Clear status of GPEs before enabling them
    - ACPICA: Namespace: remove address node from global list after method
      termination
    - ALSA: seq: Fix OOB-reads from strlcpy
    - ALSA: hda/realtek: Enable headset MIC of Acer TravelMate B114-21 with ALC233
    - ALSA: hda/realtek - Add quirk for Tuxedo XC 1509
    - ALSA: xen-front: Do not use stream buffer size before it is set
    - mm/huge_memory.c: fix modifying of page protection by insert_pfn_pmd()
    - arm64: dts: rockchip: fix rk3328 sdmmc0 write errors
    - mmc: alcor: don't write data before command has completed
    - mmc: sdhci-omap: Don't finish_mrq() on a command error during tuning
    - parisc: Detect QEMU earlier in boot process
    - parisc: regs_return_value() should return gpr28
    - parisc: also set iaoq_b in instruction_pointer_set()
    - alarmtimer: Return correct remaining time
    - drm/i915/gvt: do not deliver a workload if its creation fails
    - drm/sun4i: DW HDMI: Lower max. supported rate for H6
    - drm/udl: add a release method and delay modeset teardown
    - kvm: svm: fix potential get_num_contig_pages overflow
    - include/linux/bitrev.h: fix constant bitrev
    - mm: writeback: use exact memcg dirty counts
    - ASoC: intel: Fix crash at suspend/resume after failed codec registration
    - ASoC: fsl_esai: fix channel swap issue when stream starts
    - Btrfs: do not allow trimming when a fs is mounted with the nologreplay
      option
    - btrfs: prop: fix zstd compression parameter validation
    - btrfs: prop: fix vanished compression property after failed set
    - riscv: Fix syscall_get_arguments() and syscall_set_arguments()
    - block: Revert v5.0 blk_mq_request_issue_directly() changes
    - block: do not leak memory in bio_copy_user_iov()
    - block: fix the return errno for direct IO
    - genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent()
    - genirq: Initialize request_mutex if CONFIG_SPARSE_IRQ=n
    - virtio: Honour 'may_reduce_num' in vring_create_virtqueue
    - ARM: OMAP1: ams-delta: Fix broken GPIO ID allocation
    - ARM: dts: rockchip: fix rk3288 cpu opp node reference
    - ARM: dts: am335x-evmsk: Correct the regulators for the audio codec
    - ARM: dts: am335x-evm: Correct the regulators for the audio codec
    - ARM: dts: rockchip: Fix SD card detection on rk3288-t

Source diff to previous version
1828415 Disco update: 5.0.8 upstream stable release
1827122 shiftfs: lock security sensitive superblock flags
1826410 Please package libbpf (which is done out of the kernel src) in Debian [for 19.10]
1828410 Disco update: 5.0.7 upstream stable release
1822871 enabling ftrace on Hi1620 CS causes an Oops
1827972 The noise keeps occurring when Headset is plugged in on a Dell machine
1824864 CONFIG_LOG_BUF_SHIFT set to 14 is too low on arm64
1827967 There are 4 HDMI/Displayport audio output listed in sound setting without attach any HDMI/DP monitor
1824259 Headphone jack switch sense is inverted: plugging in headphones disables headphone output
1828092 ratelimit cma_alloc messages
1806380 linux-buildinfo: pull out ABI information into its own package
1766201 CTAUTO:DevOps:860.50:devops4fp1:Error occurred during LINUX Dmesg error Checking for all LINUX clients for devops4p10
1825777 False positive test result in run_netsocktests from net in ubuntu_kernel_selftest

Version: 5.0.0-15.16~18.04.1 2019-05-15 13:07:44 UTC

  linux-hwe-edge (5.0.0-15.16~18.04.1) bionic; urgency=medium

  [ Ubuntu: 5.0.0-15.16 ]

  * CVE-2019-11683
    - udp: fix GRO reception in case of length mismatch
    - udp: fix GRO packet of death
  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
    - x86/msr-index: Cleanup bit defines
    - x86/speculation: Consolidate CPU whitelists
    - x86/speculation/mds: Add basic bug infrastructure for MDS
    - x86/speculation/mds: Add BUG_MSBDS_ONLY
    - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests
    - x86/speculation/mds: Add mds_clear_cpu_buffers()
    - x86/speculation/mds: Clear CPU buffers on exit to user
    - x86/kvm/vmx: Add MDS protection when L1D Flush is not active
    - x86/speculation/mds: Conditionally clear CPU buffers on idle entry
    - x86/speculation/mds: Add mitigation control for MDS
    - x86/speculation/mds: Add sysfs reporting for MDS
    - x86/speculation/mds: Add mitigation mode VMWERV
    - Documentation: Move L1TF to separate directory
    - Documentation: Add MDS vulnerability documentation
    - x86/speculation/mds: Add mds=full,nosmt cmdline option
    - x86/speculation: Move arch_smt_update() call to after mitigation decisions
    - x86/speculation/mds: Add SMT warning message
    - x86/speculation/mds: Fix comment
    - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
    - x86/speculation/mds: Add 'mitigations=' support for MDS
  * CVE-2017-5715 // CVE-2017-5753
    - s390/speculation: Support 'mitigations=' cmdline option
  * CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754 // CVE-2018-3639
    - powerpc/speculation: Support 'mitigations=' cmdline option
  * CVE-2017-5715 // CVE-2017-5754 // CVE-2018-3620 // CVE-2018-3639 //
    CVE-2018-3646
    - cpu/speculation: Add 'mitigations=' cmdline option
    - x86/speculation: Support 'mitigations=' cmdline option
  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log

1786013 Packaging resync
CVE-2019-11683 udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x before 5.0.13 allows remote attackers to cause a denial of service (slab-ou
CVE-2018-12126 MSBDS Microarchitectural Store Buffer Data Sampling
CVE-2018-12127 MLPDS Microarchitectural Load Port Data Sampling
CVE-2018-12130 MFBDS Microarchitectural Fill Buffer Data Sampling
CVE-2017-5715 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an at
CVE-2017-5753 Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker wi
CVE-2017-5754 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an at
CVE-2018-3639 Speculative Store Bypass
CVE-2018-3620 L1 Terminal Fault-OS/SMM Foreshadow-NG
CVE-2018-3646 L1 Terminal Fault-VMM



About   -   Send Feedback to @ubuntu_updates