UbuntuUpdates.org

Package "linux"

Name: linux

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Linux kernel version specific cloud tools for version 3.13.0
  • Linux kernel specific documentation for version 3.13.0
  • Header files related to Linux kernel version 3.13.0
  • Linux kernel headers for version 3.13.0 on 32 bit x86 SMP

Latest version: 3.13.0-151.201
Release: trusty (14.04)
Level: updates
Repository: main

Links

Save this URL for the latest version of "linux": https://www.ubuntuupdates.org/linux



Other versions of "linux" in Trusty

Repository Area Version
base main 3.13.0-24.46
security main 3.13.0-151.201
proposed main 3.13.0-153.203
PPA: Canonical Kernel Team 3.13.0-153.203

Packages in group

Deleted packages are displayed in grey.

linux-cloud-tools-common linux-doc linux-headers-3.13.0-137 linux-headers-3.13.0-137-generic linux-headers-3.13.0-137-lowlatency
linux-headers-3.13.0-139 linux-headers-3.13.0-139-generic linux-headers-3.13.0-139-lowlatency linux-headers-3.13.0-141 linux-headers-3.13.0-141-generic
linux-headers-3.13.0-141-lowlatency linux-headers-3.13.0-142 linux-headers-3.13.0-142-generic linux-headers-3.13.0-142-lowlatency linux-headers-3.13.0-143
linux-headers-3.13.0-143-generic linux-headers-3.13.0-143-lowlatency linux-headers-3.13.0-144 linux-headers-3.13.0-144-generic linux-headers-3.13.0-144-lowlatency
linux-headers-3.13.0-145 linux-headers-3.13.0-145-generic linux-headers-3.13.0-145-lowlatency linux-headers-3.13.0-147 linux-headers-3.13.0-147-generic
linux-headers-3.13.0-147-lowlatency linux-headers-3.13.0-149 linux-headers-3.13.0-149-generic linux-headers-3.13.0-149-lowlatency linux-headers-3.13.0-151
linux-headers-3.13.0-151-generic linux-headers-3.13.0-151-lowlatency linux-image-3.13.0-135-generic linux-image-3.13.0-135-lowlatency linux-image-3.13.0-137-generic
linux-image-3.13.0-137-lowlatency linux-image-3.13.0-139-generic linux-image-3.13.0-139-lowlatency linux-image-3.13.0-141-generic linux-image-3.13.0-141-lowlatency
linux-image-3.13.0-142-generic linux-image-3.13.0-142-lowlatency linux-image-3.13.0-143-generic linux-image-3.13.0-143-lowlatency linux-image-3.13.0-144-generic
linux-image-3.13.0-144-lowlatency linux-image-3.13.0-145-generic linux-image-3.13.0-145-lowlatency linux-image-3.13.0-147-generic linux-image-3.13.0-147-lowlatency
linux-image-3.13.0-149-generic linux-image-3.13.0-149-lowlatency linux-image-3.13.0-151-generic linux-image-3.13.0-151-lowlatency linux-image-extra-3.13.0-135-generic
linux-image-extra-3.13.0-137-generic linux-image-extra-3.13.0-139-generic linux-image-extra-3.13.0-141-generic linux-image-extra-3.13.0-142-generic linux-image-extra-3.13.0-143-generic
linux-image-extra-3.13.0-144-generic linux-image-extra-3.13.0-145-generic linux-image-extra-3.13.0-147-generic linux-image-extra-3.13.0-149-generic linux-image-extra-3.13.0-151-generic
linux-libc-dev linux-source-3.13.0 linux-tools-3.13.0-135 linux-tools-3.13.0-135-generic linux-tools-3.13.0-135-lowlatency
linux-tools-3.13.0-137 linux-tools-3.13.0-137-generic linux-tools-3.13.0-137-lowlatency linux-tools-3.13.0-139 linux-tools-3.13.0-139-generic
linux-tools-3.13.0-139-lowlatency linux-tools-3.13.0-141 linux-tools-3.13.0-141-generic linux-tools-3.13.0-141-lowlatency linux-tools-3.13.0-142
linux-tools-3.13.0-142-generic linux-tools-3.13.0-142-lowlatency linux-tools-3.13.0-143 linux-tools-3.13.0-143-generic linux-tools-3.13.0-143-lowlatency
linux-tools-3.13.0-144 linux-tools-3.13.0-144-generic linux-tools-3.13.0-144-lowlatency linux-tools-3.13.0-145 linux-tools-3.13.0-145-generic
linux-tools-3.13.0-145-lowlatency linux-tools-3.13.0-147 linux-tools-3.13.0-147-generic linux-tools-3.13.0-147-lowlatency linux-tools-3.13.0-149
linux-tools-3.13.0-149-generic linux-tools-3.13.0-149-lowlatency linux-tools-3.13.0-151 linux-tools-3.13.0-151-generic linux-tools-3.13.0-151-lowlatency
linux-tools-common

Changelog

Version: 3.13.0-151.201 2018-06-11 17:06:59 UTC

  linux (3.13.0-151.201) trusty; urgency=medium

  * linux: 3.13.0-151.201 -proposed tracker (LP: #1774190)

  * CVE-2018-3639 (x86)
    - SAUCE: Set generic SSBD feature for Intel cpus
    - KVM: vmx: fix MPX detection
    - KVM: x86: Fix MSR_IA32_BNDCFGS in msrs_to_save
    - x86/cpu: Add CLZERO detection

  * Trusty cannot load microcode for family 17h AMD processors (LP: #1774082)
    - x86/microcode/AMD: Add support for fam17h microcode loading

Source diff to previous version
1774082 Trusty cannot load microcode for family 17h AMD processors
CVE-2018-3639 Speculative Store Bypass

Version: 3.13.0-149.199 2018-05-22 02:10:22 UTC

  linux (3.13.0-149.199) trusty; urgency=medium

  * CVE-2018-3639 (powerpc)
    - SAUCE: rfi-flush: update H_CPU_* macro names to upstream
    - SAUCE: rfi-flush: update plpar_get_cpu_characteristics() signature to
      upstream
    - powerpc/pseries: Support firmware disable of RFI flush
    - powerpc/powernv: Support firmware disable of RFI flush
    - powerpc/64s: Allow control of RFI flush via debugfs
    - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
    - powerpc/rfi-flush: Always enable fallback flush on pseries
    - powerpc/rfi-flush: Differentiate enabled and patched flush types
    - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
    - powerpc: Add security feature flags for Spectre/Meltdown
    - powerpc/pseries: Set or clear security feature flags
    - powerpc/powernv: Set or clear security feature flags
    - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
    - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
    - powerpc/pseries: Fix clearing of security feature flags
    - powerpc: Move default security feature flags
    - powerpc/pseries: Restore default security feature flags on setup
    - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit
    - SAUCE: powerpc/64s: Move the data access exception out-of-line

  * CVE-2018-3639 (x86)
    - arch: Introduce post-init read-only memory
    - SAUCE: Add X86_FEATURE_ARCH_CAPABILITIES
    - SAUCE: x86: Add alternative_msr_write
    - x86/nospec: Simplify alternative_msr_write()
    - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
    - x86/bugs: Concentrate bug detection into a separate function
    - x86/bugs: Concentrate bug reporting into a separate function
    - x86/msr: Add definitions for new speculation control MSRs
    - x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
    - x86/bugs, KVM: Support the combination of guest and host IBRS
    - x86/bugs: Expose /sys/../spec_store_bypass
    - x86/cpufeatures: Add X86_FEATURE_RDS
    - x86/bugs: Provide boot parameters for the spec_store_bypass_disable
      mitigation
    - x86/bugs/intel: Set proper CPU features and setup RDS
    - x86/bugs: Whitelist allowed SPEC_CTRL MSR values
    - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
    - x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
    - x86/speculation: Create spec-ctrl.h to avoid include hell
    - prctl: Add speculation control prctls
    - x86/process: Allow runtime control of Speculative Store Bypass
    - x86/speculation: Add prctl for Speculative Store Bypass mitigation
    - nospec: Allow getting/setting on non-current task
    - proc: Provide details on speculation flaw mitigations
    - seccomp: Enable speculation flaw mitigations
    - SAUCE: x86/bugs: Honour SPEC_CTRL default
    - x86/bugs: Make boot modes __ro_after_init
    - prctl: Add force disable speculation
    - seccomp: Use PR_SPEC_FORCE_DISABLE
    - seccomp: Add filter flag to opt-out of SSB mitigation
    - seccomp: Move speculation migitation control to arch code
    - x86/speculation: Make "seccomp" the default mode for Speculative Store
      Bypass
    - x86/bugs: Rename _RDS to _SSBD
    - proc: Use underscores for SSBD in 'status'
    - Documentation/spec_ctrl: Do some minor cleanups
    - x86/bugs: Fix __ssb_select_mitigation() return type
    - x86/bugs: Make cpu_show_common() static

Source diff to previous version
CVE-2018-3639 Speculative Store Bypass

Version: 3.13.0-147.196 2018-05-08 23:07:57 UTC

  linux (3.13.0-147.196) trusty; urgency=medium

  * CVE-2018-8897
    - x86/traps: Enable DEBUG_STACK after cpu_init() for TRAP_DB/BP
    - x86/entry/64: Don't use IST entry for #BP stack

  * CVE-2018-1087
    - KVM: VMX: Fix DR6 update on #DB exception
    - KVM: VMX: Advance rip to after an ICEBP instruction
    - kvm/x86: fix icebp instruction handling

  * CVE-2018-1000199
    - perf/hwbp: Simplify the perf-hwbp code, fix documentation

 -- Kleber Sacilotto de Souza <email address hidden> Wed, 02 May 2018 15:50:32 +0200

Source diff to previous version
CVE-2018-8897 error in exception handling leads to DoS
CVE-2018-1087 error in exception handling leads to wrong debug stack value
CVE-2018-1000199 ptrace() incorrect error handling leads to corruption and DoS

Version: 3.13.0-145.194 2018-04-23 11:07:08 UTC

  linux (3.13.0-145.194) trusty; urgency=medium

  * linux: 3.13.0-145.194 -proposed tracker (LP: #1761430)

  * intel-microcode 3.20180312.0 causes lockup at login screen(w/ linux-
    image-4.13.0-37-generic) (LP: #1759920) // CVE-2017-5715 (Spectre v2 Intel)
    - Revert "UBUNTU: SAUCE: x86/mm: Only set IBPB when the new thread cannot
      ptrace current thread"
    - x86/speculation: Use Indirect Branch Prediction Barrier in context switch

  * DKMS driver builds fail with: Cannot use CONFIG_STACK_VALIDATION=y, please
    install libelf-dev, libelf-devel or elfutils-libelf-devel (LP: #1760876)
    - [Packaging] include the retpoline extractor in the headers

  * retpoline hints: primary infrastructure and initial hints (LP: #1758856)
    - [Packaging] retpoline-extract: flag *0xNNN(%reg) branches
    - x86/speculation, objtool: Annotate indirect calls/jumps for objtool
    - x86/speculation, objtool: Annotate indirect calls/jumps for objtool on 32bit
    - x86/paravirt, objtool: Annotate indirect calls
    - x86/asm: Stop depending on ptrace.h in alternative.h
    - [Packaging] retpoline -- add safe usage hint support
    - [Packaging] retpoline-check -- only report additions
    - [Packaging] retpoline -- widen indirect call/jmp detection
    - [Packaging] retpoline -- elide %rip relative indirections
    - [Packaging] retpoline -- clear hint information from packages
    - SAUCE: modpost: add discard to non-allocatable whitelist
    - KVM: x86: Make indirect calls in emulator speculation safe
    - KVM: VMX: Make indirect call speculation safe
    - x86/boot, objtool: Annotate indirect jump in secondary_startup_64()
    - SAUCE: early/late -- annotate indirect calls in early/late initialisation
      code
    - SAUCE: vga_set_mode -- avoid jump tables
    - [Config] retpoline -- switch to new format
    - [Packaging] retpoline hints -- handle missing files when RETPOLINE not
      enabled
    - [Packaging] final-checks -- remove check for empty retpoline files

  * retpoline: ignore %cs:0xNNN constant indirections (LP: #1752655)
    - [Packaging] retpoline -- elide %cs:0xNNNN constants on i386

  * Boot crash with Trusty 3.13 (LP: #1757193)
    - Revert "UBUNTU: SAUCE: x86, extable: fix uaccess fixup detection"
    - x86/mm: Expand the exception table logic to allow new handling options

  * Segmentation fault in ldt_gdt_64 (LP: #1755817) // CVE-2017-5754
    - x86/kvm: Rename VMX's segment access rights defines
    - x86/signal/64: Fix SS if needed when delivering a 64-bit signal

 -- Kleber Sacilotto de Souza <email address hidden> Thu, 05 Apr 2018 16:26:39 +0200

Source diff to previous version
1759920 intel-microcode 3.20180312.0 causes lockup at login screen(w/ linux-image-4.13.0-37-generic)
1760876 DKMS driver builds fail with: Cannot use CONFIG_STACK_VALIDATION=y, please install libelf-dev, libelf-devel or elfutils-libelf-devel
1758856 retpoline hints: primary infrastructure and initial hints
1752655 retpoline: ignore %cs:0xNNN constant indirections
1757193 Boot crash with Trusty 3.13
1755817 Segmentation fault in ldt_gdt_64
CVE-2017-5715 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an at
CVE-2017-5754 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an at

Version: 3.13.0-144.193 2018-04-04 13:08:03 UTC

  linux (3.13.0-144.193) trusty; urgency=medium

  * linux: 3.13.0-144.193 -proposed tracker (LP: #1755227)

  * CVE-2017-12762
    - isdn/i4l: fix buffer overflow

  * CVE-2017-17807
    - KEYS: add missing permission check for request_key() destination

  * bnx2x_attn_int_deasserted3:4323 MC assert! (LP: #1715519) //
    CVE-2018-1000026
    - net: Add ndo_gso_check
    - net: create skb_gso_validate_mac_len()
    - bnx2x: disable GSO where gso_size is too big for hardware

  * CVE-2017-17448
    - netfilter: nfnetlink_cthelper: Add missing permission checks

  * CVE-2017-11089
    - cfg80211: Define nla_policy for NL80211_ATTR_LOCAL_MESH_POWER_MODE

  * CVE-2018-5332
    - RDS: Heap OOB write in rds_message_alloc_sgs()

  * ppc64el: Do not call ibm,os-term on panic (LP: #1736954)
    - powerpc: Do not call ppc_md.panic in fadump panic notifier

  * CVE-2017-17805
    - crypto: salsa20 - fix blkcipher_walk API usage

  * [Hyper-V] storvsc: do not assume SG list is continuous when doing bounce
    buffers (LP: #1742480)
    - SAUCE: storvsc: do not assume SG list is continuous when doing bounce
      buffers

  * Shutdown hang on 16.04 with iscsi targets (LP: #1569925)
    - scsi: libiscsi: Allow sd_shutdown on bad transport

  * CVE-2017-17741
    - KVM: Fix stack-out-of-bounds read in write_mmio

  * CVE-2017-5715 (Spectre v2 Intel)
    - [Packaging] pull in retpoline files

 -- Stefan Bader <email address hidden> Thu, 15 Mar 2018 15:08:03 +0100

1715519 bnx2x_attn_int_deasserted3:4323 MC assert!
1736954 ppc64el: Do not call ibm,os-term on panic
1742480 [Hyper-V] storvsc: do not assume SG list is continuous when doing bounce buffers
CVE-2017-12762 In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which ca
CVE-2017-17807 The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's "default request-key key



About   -   Send Feedback to @ubuntu_updates