UbuntuUpdates.org

Package "linux"

Name: linux

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Linux kernel version specific cloud tools for version 3.13.0
  • Linux kernel specific documentation for version 3.13.0
  • Header files related to Linux kernel version 3.13.0
  • Linux kernel headers for version 3.13.0 on 32 bit x86 SMP

Latest version: 3.13.0-158.208
Release: trusty (14.04)
Level: updates
Repository: main

Links

Save this URL for the latest version of "linux": https://www.ubuntuupdates.org/linux



Other versions of "linux" in Trusty

Repository Area Version
base main 3.13.0-24.46
security main 3.13.0-157.207
proposed main 3.13.0-159.209
PPA: Canonical Kernel Team 3.13.0-159.209

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.13.0-158.208 2018-09-10 20:06:31 UTC

  linux (3.13.0-158.208) trusty; urgency=medium

  * linux: 3.13.0-158.208 -proposed tracker (LP: #1788764)

  * CVE-2018-3620 // CVE-2018-3646
    - SAUCE: x86/fremap: Invert the offset when converting to/from a PTE

  * BUG: scheduling while atomic (Kernel : Ubuntu-3.13 + VMware: 6.0 and late)
    (LP: #1780470)
    - VSOCK: sock_put wasn't safe to call in interrupt context
    - VSOCK: Fix lockdep issue.
    - VSOCK: Detach QP check should filter out non matching QPs.

  * CacheFiles: Error: Overlong wait for old active object to go away.
    (LP: #1776254)
    - cachefiles: Fix missing clear of the CACHEFILES_OBJECT_ACTIVE flag
    - cachefiles: Wait rather than BUG'ing on "Unexpected object collision"

  * fscache cookie refcount updated incorrectly during fscache object allocation
    (LP: #1776277)
    - fscache: Fix reference overput in fscache_attach_object() error handling

  * FS-Cache: Assertion failed: FS-Cache: 6 == 5 is false (LP: #1774336)
    - Revert "UBUNTU: SAUCE: CacheFiles: fix a read_waiter/read_copier race"
    - fscache: Allow cancelled operations to be enqueued
    - cachefiles: Fix refcounting bug in backing-file read monitoring

 -- Kleber Sacilotto de Souza <email address hidden> Fri, 24 Aug 2018 15:08:23 +0000

Source diff to previous version
1780470 BUG: scheduling while atomic (Kernel : Ubuntu-3.13 + VMware: 6.0 and late)
1776254 CacheFiles: Error: Overlong wait for old active object to go away.
1776277 fscache cookie refcount updated incorrectly during fscache object allocation
1774336 FS-Cache: Assertion failed: FS-Cache: 6 == 5 is false
CVE-2018-3620 L1 Terminal Fault-OS/SMM Foreshadow-NG
CVE-2018-3646 L1 Terminal Fault-VMM

Version: 3.13.0-157.207 2018-08-23 23:06:34 UTC

  linux (3.13.0-157.207) trusty; urgency=medium

  * linux: 3.13.0-157.207 -proposed tracker (LP: #1787982)

  * CVE-2017-5715 (Spectre v2 retpoline)
    - SAUCE: Fix "x86/retpoline/entry: Convert entry assembler indirect jumps"

  * CVE-2017-2583
    - KVM: x86: fix emulation of "MOV SS, null selector"

  * CVE-2017-7518
    - KVM: x86: fix singlestepping over syscall

  * CVE-2017-18270
    - KEYS: prevent creating a different user's keyrings

  * Update to upstream's implementation of Spectre v1 mitigation (LP: #1774181)
    - Documentation: Document array_index_nospec
    - array_index_nospec: Sanitize speculative array de-references
    - x86: Implement array_index_mask_nospec
    - x86: Introduce barrier_nospec
    - x86/get_user: Use pointer masking to limit speculation
    - x86/syscall: Sanitize syscall table de-references under speculation
    - vfs, fdtable: Prevent bounds-check bypass via speculative execution
    - nl80211: Sanitize array index in parse_txq_params
    - x86/spectre: Report get_user mitigation for spectre_v1
    - x86/kvm: Update spectre-v1 mitigation
    - nospec: Allow index argument to have const-qualified type
    - nospec: Move array_index_nospec() parameter checking into separate macro
    - nospec: Kill array_index_nospec_mask_check()
    - SAUCE: Replace osb() calls with array_index_nospec()
    - SAUCE: Rename osb() to barrier_nospec()
    - SAUCE: x86: Use barrier_nospec in arch/x86/um/asm/barrier.h

  * Prevent speculation on user controlled pointer (LP: #1775137)
    - x86: reorganize SMAP handling in user space accesses
    - x86: fix SMAP in 32-bit environments
    - x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
    - x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
    - x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec

  * CVE-2016-10208
    - ext4: validate s_first_meta_bg at mount time
    - ext4: fix fencepost in s_first_meta_bg validation

  * CVE-2018-10323
    - xfs: set format back to extents if xfs_bmap_extents_to_btree

  * CVE-2017-16911
    - usbip: prevent vhci_hcd driver from leaking a socket pointer address

  * CVE-2018-13406
    - video: uvesafb: Fix integer overflow in allocation

  * CVE-2018-10877
    - ext4: verify the depth of extent tree in ext4_find_extent()

  * CVE-2018-10881
    - ext4: clear i_data in ext4_inode_info when removing inline data

  * CVE-2018-1092
    - ext4: fail ext4_iget for root directory if unallocated

  * CVE-2018-1093
    - ext4: fix block bitmap validation when bigalloc, ^flex_bg
    - ext4: add validity checks for bitmap block numbers

  * CVE-2018-12233
    - jfs: Fix inconsistency between memory allocation and ea_buf->max_size

  * CVE-2017-16912
    - usbip: fix stub_rx: get_pipe() to validate endpoint number

  * CVE-2018-10675
    - mm/mempolicy: fix use after free when calling get_mempolicy

  * CVE-2017-8831
    - saa7164: fix sparse warnings
    - saa7164: fix double fetch PCIe access condition

  * CVE-2017-16533
    - HID: usbhid: fix out-of-bounds bug

  * CVE-2017-16538
    - media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner
    - media: dvb-usb-v2: lmedm04: Improve logic checking of warm start

  * CVE-2017-16644
    - hdpvr: Remove deprecated create_singlethread_workqueue
    - media: hdpvr: Fix an error handling path in hdpvr_probe()

  * CVE-2017-16645
    - Input: ims-psu - check if CDC union descriptor is sane

  * CVE-2017-5549
    - USB: serial: kl5kusb105: fix line-state error handling

  * CVE-2017-16532
    - usb: usbtest: fix NULL pointer dereference

  * CVE-2017-16537
    - media: imon: Fix null-ptr-deref in imon_probe

  * CVE-2017-11472
    - ACPICA: Add additional debug info/statements
    - ACPICA: Namespace: fix operand cache leak

  * CVE-2017-16643
    - Input: gtco - fix potential out-of-bound access

  * CVE-2017-16531
    - USB: fix out-of-bounds in usb_set_configuration

  * CVE-2018-10124
    - kernel/signal.c: avoid undefined behaviour in kill_something_info

  * CVE-2017-6348
    - irda: Fix lockdep annotations in hashbin_delete().

  * CVE-2017-17558
    - USB: core: prevent malicious bNumInterfaces overflow

  * CVE-2017-5897
    - ip6_gre: fix ip6gre_err() invalid reads

  * CVE-2017-6345
    - SAUCE: import sock_efree()
    - net/llc: avoid BUG_ON() in skb_orphan()

  * CVE-2017-7645
    - nfsd: check for oversized NFSv2/v3 arguments

  * CVE-2017-9984
    - ALSA: msnd: Optimize / harden DSP and MIDI loops

  * CVE-2018-1000204
    - scsi: sg: allocate with __GFP_ZERO in sg_build_indirect()

  * CVE-2018-10021
    - scsi: libsas: defer ata device eh commands to libata

  * CVE-2017-16914
    - usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer

  * CVE-2017-16913
    - usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input

  * CVE-2017-16535
    - USB: core: fix out-of-bounds access bug in usb_get_bos_descriptor()

  * CVE-2017-16536
    - cx231xx-cards: fix NULL-deref on missing association descriptor

  * CVE-2017-16650
    - net: qmi_wwan: fix divide by 0 on bad descriptors

  * CVE-2017-18255
    - perf/core: Fix the perf_cpu_time_max_percent check

  * CVE-2018-10940
    - cdrom: information leak in cdrom_ioctl_media_changed()

  * CVE-2018-13094
    - xfs: don't call xfs_da_shrink_inode with NULL bp

  * other users' coredumps can be read via setgid directory and killpriv bypass
    (LP: #1779923) // CVE-2018-13405
    - Fix up non-directory creation in SGID directories

  * CVE-2017-16529
    - ALSA: usb-audio: Check out-of-bounds access by corrupted buffer descriptor

  * CVE-2017-2671
    - ping: implement proper locking

  * CVE-2017-15649
    - packet: hold bind lock when rebinding to fanout hook
    - packet: in packet_do_bind, test fanout with bind_lock held

  * CVE-2017-16527
    - ALSA: usb-audio: Kill stray URB at exiting

  * CVE-2017-16526
    - uwb: properly check kthread_run return value

  * CVE-2017-11473
    - x86/a

Source diff to previous version
1774181 Update to upstream's implementation of Spectre v1 mitigation
1775137 Prevent speculation on user controlled pointer
1779923 other users' coredumps can be read via setgid directory and killpriv bypass
1777029 fscache: Fix hanging wait on page discarded by writeback
CVE-2017-5715 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an at
CVE-2017-2583 The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a "MOV SS, NULL selector" i
CVE-2017-7518 A flaw was found in the Linux kernel before version 4.12 in the way ...
CVE-2017-18270 In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a den
CVE-2016-10208 The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physical
CVE-2018-10323 The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service
CVE-2017-16911 The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successf
CVE-2018-13406 An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attacker
CVE-2018-10877 Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem
CVE-2018-10881 A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of se
CVE-2018-1092 The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, whic
CVE-2018-1093 The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service (out-of-bo
CVE-2018-12233 In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twic
CVE-2017-16912 The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a de
CVE-2018-10675 The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or
CVE-2017-8831 The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel through 4.11.5 allows local users to cause a denial of se
CVE-2017-16533 The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (out-of-
CVE-2017-16538 drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault
CVE-2017-16644 The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service
CVE-2017-16645 The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of s
CVE-2017-5549 The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents in
CVE-2017-16532 The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL po
CVE-2017-16537 The imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer
CVE-2017-11472 The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel before 4.12 does not flush the operand cache and causes a kerne
CVE-2017-16643 The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of se
CVE-2017-16531 drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or
CVE-2018-10124 The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might all
CVE-2017-6348 The hashbin_delete function in net/irda/irqueue.c in the Linux kernel before 4.9.13 improperly manages lock dropping, which allows local users to cau
CVE-2017-17558 The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider th
CVE-2017-5897 The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags
CVE-2017-6345 The LLC subsystem in the Linux kernel before 4.9.13 does not ensure that a certain destructor exists in required circumstances, which allows local us
CVE-2017-7645 The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash)
CVE-2017-9984 The snd_msnd_interrupt function in sound/isa/msnd/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service
CVE-2018-1000204 ** DISPUTED ** Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6
CVE-2018-10021 ** DISPUTED ** drivers/scsi/libsas/sas_scsi_host.c in the Linux kernel before 4.16 allows local users to cause a denial of service (ata qc leak) by t
CVE-2017-16914 The "stub_send_ret_submit()" function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows att
CVE-2017-16913 The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_
CVE-2017-16535 The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel before 4.13.10 allows local users to cause a denial of service (
CVE-2017-16536 The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial
CVE-2017-16650 The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-
CVE-2017-18255 The perf_cpu_time_max_percent_handler function in kernel/events/core.c in the Linux kernel before 4.11 allows local users to cause a denial of servic
CVE-2018-10940 The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds ch
CVE-2018-13094 An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da
CVE-2018-13405 The inode_init_owner function in fs/inode.c in the Linux kernel through 4.17.4 allows local users to create files with an unintended group ownership,
CVE-2017-16529 The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bou
CVE-2017-2671 The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure
CVE-2017-15649 net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of p
CVE-2017-16527 sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and syste
CVE-2017-16526 drivers/uwb/uwbd.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (general protection fault and system crash) or p
CVE-2017-11473 Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 4.12.2 allows local users to gain
CVE-2017-14991 The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized ke
CVE-2017-2584 arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of s
CVE-2018-10087 The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local

Version: 3.13.0-156.206 2018-08-17 23:07:07 UTC

  linux (3.13.0-156.206) trusty; urgency=medium

  * linux: 3.13.0-156.206 -proposed tracker (LP: #1787187)

  * java Corrupted page table (LP: #1787127)
    - [Config] disable NUMA_BALANCING

  * java Corrupted page table (LP: #1787127) // CVE-2018-3620 // CVE-2018-3646
    - x86/mm: Simplify p[g4um]d_page() macros

  * 3.13.0-155.205 Kernel Panic - divide by zero (LP: #1787258)
    - x86/topology: Handle CPUID bogosity gracefully

 -- Kamal Mostafa <email address hidden> Thu, 16 Aug 2018 13:59:37 -0700

Source diff to previous version
1787127 java Corrupted page table
1787258 3.13.0-155.205 Kernel Panic - divide by zero
CVE-2018-3620 L1 Terminal Fault-OS/SMM Foreshadow-NG
CVE-2018-3646 L1 Terminal Fault-VMM

Version: 3.13.0-155.205 2018-08-14 21:07:20 UTC

  linux (3.13.0-155.205) trusty; urgency=medium

  * CVE-2017-18344
    - posix-timer: Properly check sigevent->sigev_notify

  * CVE-2018-5390
    - tcp: avoid collapses in tcp_prune_queue() if possible
    - tcp: detect malicious patterns in tcp_collapse_ofo_queue()

  * CVE-2018-5391
    - Revert "net: increase fragment memory usage limits"

  * CVE-2018-3620 // CVE-2018-3646
    - SAUCE: x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
    - x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT
    - x86/speculation/l1tf: Change order of offset/type in swap entry
    - x86/speculation/l1tf: Protect swap entries against L1TF
    - x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation
    - x86/speculation/l1tf: Make sure the first page is always reserved
    - x86/speculation/l1tf: Add sysfs reporting for l1tf
    - x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings
    - x86/speculation/l1tf: Limit swap file size to MAX_PA/2
    - x86/topology: Create logical package id
    - x86/topology: Fix logical package mapping
    - x86/topology: Fix Intel HT disable
    - x86/topology: Use total_cpus not nr_cpu_ids for logical packages
    - x86/topology: Fix AMD core count
    - x86/smp: Provide topology_is_primary_thread()
    - x86/topology: Provide topology_smt_supported()
    - cpu/hotplug: Split do_cpu_down()
    - x86/topology: Add topology_max_smt_threads()
    - cpu/hotplug: Provide knobs to control SMT
    - [Config] updateconfigs - enable CONFIG_HOTPLUG_SMT
    - x86/CPU: Modify detect_extended_topology() to return result
    - x86/CPU/AMD: Derive CPU topology from CPUID function 0xB when available
    - x86/cpu: Remove the pointless CPU printout
    - x86/cpu/AMD: Remove the pointless detect_ht() call
    - x86/cpu/common: Provide detect_ht_early()
    - x86/cpu/topology: Provide detect_extended_topology_early()
    - x86/cpu/intel: Evaluate smp_num_siblings early
    - x86/cpu/AMD: Evaluate smp_num_siblings early
    - x86/apic: Ignore secondary threads if nosmt=force
    - x86/speculation/l1tf: Extend 64bit swap file size limit
    - x86/cpufeatures: Add detection of L1D cache flush support.
    - x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings
    - x86/speculation/l1tf: Protect PAE swap entries against L1TF
    - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE
    - Revert "x86/apic: Ignore secondary threads if nosmt=force"
    - cpu/hotplug: Boot HT siblings at least once
    - SAUCE: Alternative approach to boot nosmt
    - SAUCE: x86/mce: Try register mce notifier earlier
    - KVM: x86: Introducing kvm_x86_ops VM init/destroy hooks
    - x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present.
    - x86/KVM/VMX: Add module argument for L1TF mitigation
    - x86/KVM/VMX: Add L1D flush algorithm
    - x86/KVM/VMX: Add L1D MSR based flush
    - KVM: add kvm_arch_sched_in
    - x86/KVM/VMX: Add L1D flush logic
    - x86/KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers
    - x86/KVM/VMX: Add find_msr() helper function
    - x86/KVM/VMX: Seperate the VMX AUTOLOAD guest/host number accounting
    - x86/KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs
    - x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required
    - cpu/hotplug: Online siblings when SMT control is turned on
    - x86/litf: Introduce vmx status variable
    - x86/kvm: Drop L1TF MSR list approach
    - x86/l1tf: Handle EPT disabled state proper
    - x86/kvm: Move l1tf setup function
    - x86/kvm: Add static key for flush always
    - x86/kvm: Serialize L1D flush parameter setter
    - x86/kvm: Allow runtime control of L1D flush
    - cpu/hotplug: Expose SMT control init function
    - cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early
    - x86/bugs, kvm: Introduce boot-time control of L1TF mitigations
    - Documentation: Add section about CPU vulnerabilities
    - x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures
    - x86/KVM/VMX: Initialize the vmx_l1d_flush_pages' content
    - Documentation/l1tf: Fix typos
    - cpu/hotplug: detect SMT disabled by BIOS
    - x86/KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush()
    - x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond'
    - x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush()
    - x86/irq: Demote irq_cpustat_t::__softirq_pending to u16
    - x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d
    - x86: Don't include linux/irq.h from asm/hardirq.h
    - x86/apic: Order irq_enter/exit() calls correctly vs. ack_APIC_irq()
    - SAUCE: Move __this_cpu_{read,write} to percpu-ubuntu.h
    - x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d
    - x86/KVM/VMX: Don't set l1tf_flush_l1d from vmx_handle_external_intr()
    - Documentation/l1tf: Remove Yonah processors from not vulnerable list
    - x86/speculation: Simplify sysfs report of VMX L1TF vulnerability
    - x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry
    - cpu/hotplug: Fix SMT supported evaluation
    - x86/speculation/l1tf: Invert all not present mappings
    - x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert
    - x86/mm/pat: Ensure cpa->pfn only contains page frame numbers
    - SAUCE: Add pfn_pud() and pud_mkhuge()
    - x86/mm/pat: Make set_memory_np() L1TF safe

 -- Juerg Haefliger <email address hidden> Fri, 10 Aug 2018 16:18:20 +0200

Source diff to previous version
CVE-2017-18344 The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev
CVE-2018-5390 Linux Kernel TCP implementation vulnerable to Denial of Service
CVE-2018-5391 RESERVED
CVE-2018-3620 L1 Terminal Fault-OS/SMM Foreshadow-NG
CVE-2018-3646 L1 Terminal Fault-VMM

Version: 3.13.0-153.203 2018-07-02 10:07:15 UTC

  linux (3.13.0-153.203) trusty; urgency=medium

  * linux: 3.13.0-153.203 -proposed tracker (LP: #1776819)

  * CVE-2018-3665 (x86)
    - x86/fpu: Print out whether we are doing lazy/eager FPU context switches
    - x86/fpu: Default eagerfpu=on on all CPUs
    - x86/fpu: Fix math emulation in eager fpu mode

CVE-2018-3665 speculative register leakage from lazy FPU context switching



About   -   Send Feedback to @ubuntu_updates