UbuntuUpdates.org

Package "linux-aws"

Name: linux-aws

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Header files related to Linux kernel version 4.4.0
  • Header files related to Linux kernel version 4.4.0
  • Header files related to Linux kernel version 4.4.0
  • Header files related to Linux kernel version 4.4.0

Latest version: 4.4.0-1024.25
Release: trusty (14.04)
Level: proposed
Repository: universe

Links

Save this URL for the latest version of "linux-aws": https://www.ubuntuupdates.org/linux-aws



Other versions of "linux-aws" in Trusty

Repository Area Version
security universe 4.4.0-1023.23
updates universe 4.4.0-1023.23
PPA: Canonical Kernel Team 4.4.0-1024.25

Packages in group

Deleted packages are displayed in grey.

linux-aws-headers-4.4.0-1001 linux-aws-headers-4.4.0-1002 linux-aws-headers-4.4.0-1003 linux-aws-headers-4.4.0-1005 linux-aws-headers-4.4.0-1006
linux-aws-headers-4.4.0-1007 linux-aws-headers-4.4.0-1009 linux-aws-headers-4.4.0-1010 linux-aws-headers-4.4.0-1011 linux-aws-headers-4.4.0-1012
linux-aws-headers-4.4.0-1013 linux-aws-headers-4.4.0-1014 linux-aws-headers-4.4.0-1015 linux-aws-headers-4.4.0-1016 linux-aws-headers-4.4.0-1017
linux-aws-headers-4.4.0-1018 linux-aws-headers-4.4.0-1019 linux-aws-headers-4.4.0-1020 linux-aws-headers-4.4.0-1022 linux-aws-headers-4.4.0-1023
linux-aws-headers-4.4.0-1024

Changelog

Version: 4.4.0-1024.25 2018-06-18 08:06:45 UTC

  linux-aws (4.4.0-1024.25) trusty; urgency=medium

  * linux-aws: 4.4.0-1024.25 -proposed tracker (LP: #1776824)

  * The trusty/aws kernel package ships too many modules (LP: #1777080)
    - [config] AWS: ship_extras_package=false

  * Xenial update to 4.4.134 stable release (LP: #1775771)
    - [Config] CONFIG_TCG_CRB=y

  * Adapt configuration to match the master kernel config. This change
    has no effect for the AWS kernel as the resulting module is not
    shipped (LP: #1774563)
    - [Config] CONFIG_CAN_HMS_USB=m

  [ Ubuntu: 4.4.0-130.156 ]

  * linux: 4.4.0-130.156 -proposed tracker (LP: #1776822)
  * CVE-2018-3665 (x86)
    - x86/fpu: Fix early FPU command-line parsing
    - x86/fpu: Fix 'no387' regression
    - x86/fpu: Disable MPX when eagerfpu is off
    - x86/fpu: Default eagerfpu=on on all CPUs
    - x86/fpu: Fix FNSAVE usage in eagerfpu mode
    - x86/fpu: Fix math emulation in eager fpu mode
    - x86/fpu: Fix eager-FPU handling on legacy FPU machines

  [ Ubuntu: 4.4.0-129.155 ]

  * linux: 4.4.0-129.155 -proposed tracker (LP: #1776352)
  * Xenial update to 4.4.134 stable release (LP: #1775771)
    - MIPS: ptrace: Expose FIR register through FP regset
    - MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs
    - KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable"
    - affs_lookup(): close a race with affs_remove_link()
    - aio: fix io_destroy(2) vs. lookup_ioctx() race
    - ALSA: timer: Fix pause event notification
    - mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register
    - libata: Blacklist some Sandisk SSDs for NCQ
    - libata: blacklist Micron 500IT SSD with MU01 firmware
    - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent
    - Revert "ipc/shm: Fix shmat mmap nil-page protection"
    - ipc/shm: fix shmat() nil address after round-down when remapping
    - kasan: fix memory hotplug during boot
    - kernel/sys.c: fix potential Spectre v1 issue
    - kernel/signal.c: avoid undefined behaviour in kill_something_info
    - xfs: remove racy hasattr check from attr ops
    - do d_instantiate/unlock_new_inode combinations safely
    - firewire-ohci: work around oversized DMA reads on JMicron controllers
    - NFSv4: always set NFS_LOCK_LOST when a lock is lost.
    - ALSA: hda - Use IS_REACHABLE() for dependency on input
    - ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read()
    - kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl
    - tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into
      account
    - PCI: Add function 1 DMA alias quirk for Marvell 9128
    - tools lib traceevent: Simplify pointer print logic and fix %pF
    - perf callchain: Fix attr.sample_max_stack setting
    - tools lib traceevent: Fix get_field_str() for dynamic strings
    - dm thin: fix documentation relative to low water mark threshold
    - nfs: Do not convert nfs_idmap_cache_timeout to jiffies
    - watchdog: sp5100_tco: Fix watchdog disable bit
    - kconfig: Don't leak main menus during parsing
    - kconfig: Fix automatic menu creation mem leak
    - kconfig: Fix expr_free() E_NOT leak
    - ipmi/powernv: Fix error return code in ipmi_powernv_probe()
    - Btrfs: set plug for fsync
    - btrfs: Fix out of bounds access in btrfs_search_slot
    - Btrfs: fix scrub to repair raid6 corruption
    - scsi: fas216: fix sense buffer initialization
    - HID: roccat: prevent an out of bounds read in kovaplus_profile_activated()
    - jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path
    - powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes
    - powerpc/numa: Ensure nodes initialized for hotplug
    - RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure
    - ntb_transport: Fix bug with max_mw_size parameter
    - ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid
    - ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute
    - ocfs2: return error when we attempt to access a dirty bh in jbd2
    - mm/mempolicy: fix the check of nodemask from user
    - mm/mempolicy: add nodes_empty check in SYSC_migrate_pages
    - asm-generic: provide generic_pmdp_establish()
    - mm: pin address_space before dereferencing it while isolating an LRU page
    - IB/ipoib: Fix for potential no-carrier state
    - x86/power: Fix swsusp_arch_resume prototype
    - firmware: dmi_scan: Fix handling of empty DMI strings
    - ACPI: processor_perflib: Do not send _PPC change notification if not ready
    - MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS
    - xen-netfront: Fix race between device setup and open
    - xen/grant-table: Use put_page instead of free_page
    - RDS: IB: Fix null pointer issue
    - arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics
    - proc: fix /proc/*/map_files lookup
    - cifs: silence compiler warnings showing up with gcc-8.0.0
    - bcache: properly set task state in bch_writeback_thread()
    - bcache: fix for allocator and register thread race
    - bcache: fix for data collapse after re-attaching an attached device
    - bcache: return attach error when no cache set exist
    - tools/libbpf: handle issues with bpf ELF objects containing .eh_frames
    - locking/qspinlock: Ensure node->count is updated before initialising node
    - irqchip/gic-v3: Change pr_debug message to pr_devel
    - scsi: ufs: Enable quirk to ignore sending WRITE_SAME command
    - scsi: bnx2fc: Fix check in SCSI completion handler for timed out request
    - scsi: sym53c8xx_2: iterator underflow in sym_getsync()
    - scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo()
    - scsi: qla2xxx: Avoid triggering undefined behavior in
      qla2x00_mbx_completion()
    - ARC: Fix malformed ARC_EMUL_UNALIGNED default
    - usb: gadget: f_uac2: fix bFirstInterface in composite gadget
    - usb: gadget: fsl_udc_core: fix ep valid checks
    - usb: dwc2: Fix dwc2_hsotg_core_init_disconnected()
    - selftests: memfd: add c

1777080 The trusty/aws kernel package ships too many modules
1775771 Xenial update to 4.4.134 stable release
1774563 Support SocketCAN over USB on Dell IoT 300x Gateways
1775235 Ubuntu 16.04 (4.4.0-127) hangs on boot with virtio-scsi MQ enabled
1775856 register on binfmt_misc may overflow and crash the system
1775326 The kernel NULL pointer dereference happens when accessing the task_struct by task_cpu() in function cpuacct_charge()
1775477 Xenial update to 4.4.133 stable release
1768143 vmxnet3: update to latest ToT
1775137 Prevent speculation on user controlled pointer
1774173 Xenial update to 4.4.132 stable release
1774181 Update to upstream's implementation of Spectre v1 mitigation
1772593 cpum_sf: ensure sample freq is non-zero
1773509 ELANPAD ELAN0612 does not work, patch available
1774336 FS-Cache: Assertion failed: FS-Cache: 6 == 5 is false
1772575 Kernel 4.4 NBD size overflow with image size exceeding 1TB
1772775 4.4.0-127.153 generates many \
1771826 Creation of IMA file hashes fails when appraisal is enabled
1771301 Setting ipv6.disable=1 prevents both IPv4 and IPv6 socket opening for VXLAN tunnels
1773905 Support UVC1.5 Camera for Xenial
1772671 Kernel produces empty lines in /proc/PID/status
1744173 rfi-flush: Switch to new linear fallback flush
CVE-2018-3665 speculative register leakage from lazy FPU context switching
CVE-2018-3639 Speculative Store Bypass
CVE-2018-7755 An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a k

Version: *DELETED* 2018-06-14 09:06:59 UTC
No changelog for deleted or moved packages.

Version: 4.4.0-1023.23 2018-05-28 19:06:30 UTC

  linux-aws (4.4.0-1023.23) trusty; urgency=medium

  * linux-aws: 4.4.0-1023.23 -proposed tracker (LP: #1772963)

  * Xenial update to 4.4.129 stable release (LP: #1768429)
    - [Config] Remove ARCH_HWEIGHT_CFLAGS

  [ Ubuntu: 4.4.0-128.154 ]

  * linux: 4.4.0-128.154 -proposed tracker (LP: #1772960)
  * CVE-2018-3639 (x86)
    - x86/cpu: Make alternative_msr_write work for 32-bit code
    - x86/bugs: Fix the parameters alignment and missing void
    - KVM: SVM: Move spec control call after restore of GS
    - x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP
    - x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS
    - x86/cpufeatures: Disentangle SSBD enumeration
    - x86/cpu/AMD: Fix erratum 1076 (CPB bit)
    - x86/cpufeatures: Add FEATURE_ZEN
    - x86/speculation: Handle HT correctly on AMD
    - x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL
    - x86/speculation: Add virtualized speculative store bypass disable support
    - x86/speculation: Rework speculative_store_bypass_update()
    - x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host}
    - x86/bugs: Expose x86_spec_ctrl_base directly
    - x86/bugs: Remove x86_spec_ctrl_set()
    - x86/bugs: Rework spec_ctrl base and mask logic
    - x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG
    - KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD
    - x86/bugs: Rename SSBD_NO to SSB_NO
    - KVM: VMX: Expose SSBD properly to guests.
  * [i915_bpo] Fix flickering issue after panel change (LP: #1770565)
    - drm/i915: Fix iboost setting for DDI with 4 lanes on SKL
    - drm/i915: Name the "iboost bit"
    - drm/i915: Program iboost settings for HDMI/DVI on SKL
    - drm/i915: Move bxt_ddi_vswing_sequence() call into intel_ddi_pre_enable()
      for HDMI
    - drm/i915: Explicitly use ddi buf trans entry 9 for hdmi
    - drm/i915: Split DP/eDP/FDI and HDMI/DVI DDI buffer programming apart
    - drm/i915: Get the iboost setting based on the port type
    - drm/i915: Simplify intel_ddi_get_encoder_port()
    - drm/i915: Fix iboost setting for SKL Y/U DP DDI buffer translation entry 2
    - drm/i915: KBL - Recommended buffer translation programming for DisplayPort
    - drm/i915: Ignore OpRegion panel type except on select machines
  * [SRU][Bionic/Artful] fix false positives in W+X checking (LP: #1769696)
    - init: fix false positives in W+X checking
  * [Ubuntu 16.04] kernel: fix rwlock implementation (LP: #1761674)
    - SAUCE: (no-up) s390: fix rwlock implementation
  * linux < 4.11: unable to use netfilter logging from non-init namespaces
    (LP: #1766573)
    - netfilter: allow logging from non-init namespaces
  * [LTC Test] Ubuntu 18.04: tm_sigreturn failed on P8 compat mode 16.04.04
    guest (LP: #1771439)
    - powerpc: signals: Discard transaction state from signal frames
  * QCA9377 requires more IRAM banks for its new firmware (LP: #1748345)
    - ath10k: update the IRAM bank number for QCA9377
  * i915/kbl_dmc_ver1.bin failed with error -2 package 1.157.17 kernel
    4.4.0-116-generic (LP: #1752536)
    - ubuntu: i915_bpo - Add MODULE_FIRMWARE for Geminilake's DMC
  * Xenial update to 4.4.131 stable release (LP: #1768825)
    - ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS
    - ext4: set h_journal if there is a failure starting a reserved handle
    - ext4: add validity checks for bitmap block numbers
    - ext4: fix bitmap position validation
    - usbip: usbip_host: fix to hold parent lock for device_attach() calls
    - usbip: vhci_hcd: Fix usb device and sockfd leaks
    - USB: serial: simple: add libtransistor console
    - USB: serial: ftdi_sio: use jtag quirk for Arrow USB Blaster
    - USB: serial: cp210x: add ID for NI USB serial console
    - usb: core: Add quirk for HP v222w 16GB Mini
    - USB: Increment wakeup count on remote wakeup.
    - ALSA: usb-audio: Skip broken EU on Dell dock USB-audio
    - virtio: add ability to iterate over vqs
    - virtio_console: free buffers after reset
    - drm/virtio: fix vq wait_event condition
    - tty: Don't call panic() at tty_ldisc_init()
    - tty: n_gsm: Fix long delays with control frame timeouts in ADM mode
    - tty: n_gsm: Fix DLCI handling for ADM mode if debug & 2 is not set
    - tty: Use __GFP_NOFAIL for tty_ldisc_get()
    - ALSA: core: Report audio_tstamp in snd_pcm_sync_ptr
    - ALSA: seq: oss: Fix unbalanced use lock for synth MIDI device
    - ALSA: hda/realtek - Add some fixes for ALC233
    - mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase block.
    - mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug.
    - mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase block.
    - kobject: don't use WARN for registration failures
    - scsi: sd: Defer spinning up drive while SANITIZE is in progress
    - ARM: amba: Make driver_override output consistent with other buses
    - ARM: amba: Fix race condition with driver_override
    - ARM: amba: Don't read past the end of sysfs "driver_override" buffer
    - ASoC: fsl_esai: Fix divisor calculation failure at lower ratio
    - libceph: validate con->state at the top of try_write()
    - x86/ipc: Fix x32 version of shmid64_ds and msqid64_ds
    - x86/smpboot: Don't use mwait_play_dead() on AMD systems
    - serial: mctrl_gpio: export mctrl_gpio_disable_ms and mctrl_gpio_init
    - serial: mctrl_gpio: Add missing module license
    - Linux 4.4.131
  * Xenial update to 4.4.130 stable release (LP: #1768474) // CVE-2017-5715 //
    CVE-2017-5753
    - SAUCE: s390: print messages for gmb and nobp
  * Xenial update to 4.4.130 stable release (LP: #1768474)
    - cifs: do not allow creating sockets except with SMB1 posix exensions
    - x86/tsc: Prevent 32bit truncation in calc_hpet_ref()
    - perf: Return proper values for user stack errors
    - staging: ion : Donnot wakeup kswapd in ion system alloc
    - r8152: add Linksys USB3GIGV1 id
    - Input: drv260x - fix initializing overdrive voltage
    -

Source diff to previous version
1768429 Xenial update to 4.4.129 stable release
1770565 [i915_bpo] Fix flickering issue after panel change
1769696 [SRU][Bionic/Artful] fix false positives in W+X checking
1761674 [Ubuntu 16.04] kernel: fix rwlock implementation
1766573 linux \u003c 4.11: unable to use netfilter logging from non-init namespaces
1771439 [LTC Test] Ubuntu 18.04: tm_sigreturn failed on P8 compat mode 16.04.04 guest
1748345 QCA9377 requires more IRAM banks for its new firmware
1752536 i915/kbl_dmc_ver1.bin failed with error -2 package 1.157.17 kernel 4.4.0-116-generic
1768825 Xenial update to 4.4.131 stable release
1768474 Xenial update to 4.4.130 stable release
1763748 Integrated Webcam Realtek Integrated_Webcam_HD (0bda:58f4) not working in DELL XPS 13 9370 with firmware 1.50
1769671 [Xenial] Kernels OOPS when mwifiex is in AP mode
1750038 user space process hung in 'D' state waiting for disk io to complete
1766054 Acer Swift sf314-52 power button not managed
CVE-2018-3639 Speculative Store Bypass
CVE-2017-5715 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an at
CVE-2017-5753 Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker wi
CVE-2018-8087 Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to caus

Version: 4.4.0-1022.22 2018-05-22 00:06:48 UTC

  linux-aws (4.4.0-1022.22) trusty; urgency=medium

  [ Ubuntu: 4.4.0-127.153 ]

  * CVE-2018-3639 (powerpc)
    - powerpc/pseries: Support firmware disable of RFI flush
    - powerpc/powernv: Support firmware disable of RFI flush
    - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
    - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
    - powerpc/rfi-flush: Always enable fallback flush on pseries
    - powerpc/rfi-flush: Differentiate enabled and patched flush types
    - powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
    - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
    - powerpc: Add security feature flags for Spectre/Meltdown
    - powerpc/pseries: Set or clear security feature flags
    - powerpc/powernv: Set or clear security feature flags
    - powerpc/64s: Move cpu_show_meltdown()
    - powerpc/64s: Enhance the information in cpu_show_meltdown()
    - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
    - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
    - powerpc/64s: Wire up cpu_show_spectre_v1()
    - powerpc/64s: Wire up cpu_show_spectre_v2()
    - powerpc/pseries: Fix clearing of security feature flags
    - powerpc: Move default security feature flags
    - powerpc/pseries: Restore default security feature flags on setup
    - SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel
      entry/exit
  * CVE-2018-3639 (x86)
    - SAUCE: Clean up IBPB and IBRS control functions and macros
    - SAUCE: Fix up IBPB and IBRS kernel parameters documentation
    - SAUCE: Remove #define X86_FEATURE_PTI
    - x86/cpufeature: Move some of the scattered feature bits to x86_capability
    - x86/cpufeature: Cleanup get_cpu_cap()
    - x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6
    - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
    - x86/cpufeatures: Add Intel feature bits for Speculation Control
    - SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf
    - x86/cpufeatures: Add AMD feature bits for Speculation Control
    - x86/msr: Add definitions for new speculation control MSRs
    - SAUCE: x86/msr: Rename MSR spec control feature bits
    - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
    - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes
    - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support
    - x86/speculation: Add <asm/msr-index.h> dependency
    - x86/cpufeatures: Clean up Spectre v2 related CPUID flags
    - x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
    - SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code
    - SAUCE: x86: Add alternative_msr_write
    - SAUCE: x86/nospec: Simplify alternative_msr_write()
    - SAUCE: x86/bugs: Concentrate bug detection into a separate function
    - SAUCE: x86/bugs: Concentrate bug reporting into a separate function
    - arch: Introduce post-init read-only memory
    - SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
    - SAUCE: x86/bugs, KVM: Support the combination of guest and host IBRS
    - SAUCE: x86/bugs: Expose /sys/../spec_store_bypass
    - SAUCE: x86/cpufeatures: Add X86_FEATURE_RDS
    - SAUCE: x86/bugs: Provide boot parameters for the spec_store_bypass_disable
      mitigation
    - SAUCE: x86/bugs/intel: Set proper CPU features and setup RDS
    - SAUCE: x86/bugs: Whitelist allowed SPEC_CTRL MSR values
    - SAUCE: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if
      requested
    - SAUCE: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
    - SAUCE: x86/speculation: Create spec-ctrl.h to avoid include hell
    - SAUCE: prctl: Add speculation control prctls
    - x86/process: Optimize TIF checks in __switch_to_xtra()
    - SAUCE: x86/process: Allow runtime control of Speculative Store Bypass
    - SAUCE: x86/speculation: Add prctl for Speculative Store Bypass mitigation
    - SAUCE: nospec: Allow getting/setting on non-current task
    - SAUCE: proc: Provide details on speculation flaw mitigations
    - SAUCE: seccomp: Enable speculation flaw mitigations
    - SAUCE: x86/bugs: Honour SPEC_CTRL default
    - SAUCE: x86/bugs: Make boot modes __ro_after_init
    - SAUCE: prctl: Add force disable speculation
    - SAUCE: seccomp: Use PR_SPEC_FORCE_DISABLE
    - selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC
    - SAUCE: seccomp: Add filter flag to opt-out of SSB mitigation
    - SAUCE: seccomp: Move speculation migitation control to arch code
    - SAUCE: x86/speculation: Make "seccomp" the default mode for Speculative
      Store Bypass
    - SAUCE: x86/bugs: Rename _RDS to _SSBD
    - SAUCE: proc: Use underscores for SSBD in 'status'
    - SAUCE: Documentation/spec_ctrl: Do some minor cleanups
    - SAUCE: x86/bugs: Fix __ssb_select_mitigation() return type
    - SAUCE: x86/bugs: Make cpu_show_common() static
    - x86/entry: define _TIF_ALLWORK_MASK flags explicitly
    - Revert "x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2
      microcodes"
    - SAUCE: kvm/cpuid: Fix CPUID_7_0.EDX handling

Source diff to previous version
CVE-2018-3639 Speculative Store Bypass

Version: 4.4.0-1020.20 2018-05-14 17:07:02 UTC

  linux-aws (4.4.0-1020.20) trusty; urgency=medium

  * linux-aws: 4.4.0-1020.20 -proposed tracker (LP: #1770013)

  * Xenial update to 4.4.118 stable release (LP: #1756866)
    - [Config] Add CONFIG_DST_CACHE=y
    - [Config] Add CONFIG_USB_NET_CDC_SUBSET_ENABLE=m

  [ Ubuntu: 4.4.0-125.150 ]

  * linux: 4.4.0-125.150 -proposed tracker (LP: #1770011)
  * Unable to insert test_bpf module on Xenial (LP: #1765698)
    - bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y
    - test_bpf: Fix testing with CONFIG_BPF_JIT_ALWAYS_ON=y on other arches
  * virtio_scsi race can corrupt memory, panic kernel (LP: #1765241)
    - SAUCE: (no-up) virtio-scsi: Fix race in target free
  * bpf_map_lookup_elem: BUG: unable to handle kernel paging request
    (LP: #1763454) // CVE-2017-17862
    - SAUCE: Add missing hunks from "bpf: fix branch pruning logic"
  * Xenial: rfkill: fix missing return on rfkill_init (LP: #1764810)
    - rfkill: fix missing return on rfkill_init
  * "ip a" command on a guest VM shows UNKNOWN status (LP: #1761534)
    - virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS
  * Xenial update to 4.4.128 stable release (LP: #1765010)
    - cfg80211: make RATE_INFO_BW_20 the default
    - md/raid5: make use of spin_lock_irq over local_irq_disable + spin_lock
    - rtc: snvs: fix an incorrect check of return value
    - x86/asm: Don't use RBP as a temporary register in
      csum_partial_copy_generic()
    - NFSv4.1: RECLAIM_COMPLETE must handle NFS4ERR_CONN_NOT_BOUND_TO_SESSION
    - IB/srpt: Fix abort handling
    - af_key: Fix slab-out-of-bounds in pfkey_compile_policy.
    - mac80211: bail out from prep_connection() if a reconfig is ongoing
    - bna: Avoid reading past end of buffer
    - qlge: Avoid reading past end of buffer
    - ipmi_ssif: unlock on allocation failure
    - net: cdc_ncm: Fix TX zero padding
    - net: ethernet: ti: cpsw: adjust cpsw fifos depth for fullduplex flow control
    - lockd: fix lockd shutdown race
    - drivers/misc/vmw_vmci/vmci_queue_pair.c: fix a couple integer overflow tests
    - pidns: disable pid allocation if pid_ns_prepare_proc() is failed in
      alloc_pid()
    - s390: move _text symbol to address higher than zero
    - net/mlx4_en: Avoid adding steering rules with invalid ring
    - NFSv4.1: Work around a Linux server bug...
    - CIFS: silence lockdep splat in cifs_relock_file()
    - net: qca_spi: Fix alignment issues in rx path
    - netxen_nic: set rcode to the return status from the call to netxen_issue_cmd
    - Input: elan_i2c - check if device is there before really probing
    - Input: elantech - force relative mode on a certain module
    - KVM: PPC: Book3S PR: Check copy_to/from_user return values
    - vmxnet3: ensure that adapter is in proper state during force_close
    - SMB2: Fix share type handling
    - bus: brcmstb_gisb: Use register offsets with writes too
    - bus: brcmstb_gisb: correct support for 64-bit address output
    - PowerCap: Fix an error code in powercap_register_zone()
    - ARM: dts: imx53-qsrb: Pulldown PMIC IRQ pin
    - staging: wlan-ng: prism2mgmt.c: fixed a double endian conversion before
      calling hfa384x_drvr_setconfig16, also fixes relative sparse warning
    - x86/tsc: Provide 'tsc=unstable' boot parameter
    - ARM: dts: imx6qdl-wandboard: Fix audio channel swap
    - ipv6: avoid dad-failures for addresses with NODAD
    - async_tx: Fix DMA_PREP_FENCE usage in do_async_gen_syndrome()
    - usb: dwc3: keystone: check return value
    - btrfs: fix incorrect error return ret being passed to mapping_set_error
    - ata: libahci: properly propagate return value of platform_get_irq()
    - neighbour: update neigh timestamps iff update is effective
    - arp: honour gratuitous ARP _replies_
    - usb: chipidea: properly handle host or gadget initialization failure
    - USB: ene_usb6250: fix first command execution
    - net: x25: fix one potential use-after-free issue
    - USB: ene_usb6250: fix SCSI residue overwriting
    - serial: 8250: omap: Disable DMA for console UART
    - serial: sh-sci: Fix race condition causing garbage during shutdown
    - sh_eth: Use platform device for printing before register_netdev()
    - scsi: csiostor: fix use after free in csio_hw_use_fwconfig()
    - powerpc/mm: Fix virt_addr_valid() etc. on 64-bit hash
    - ath5k: fix memory leak on buf on failed eeprom read
    - selftests/powerpc: Fix TM resched DSCR test with some compilers
    - xfrm: fix state migration copy replay sequence numbers
    - iio: hi8435: avoid garbage event at first enable
    - iio: hi8435: cleanup reset gpio
    - ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors
    - md-cluster: fix potential lock issue in add_new_disk
    - ARM: davinci: da8xx: Create DSP device only when assigned memory
    - ray_cs: Avoid reading past end of buffer
    - leds: pca955x: Correct I2C Functionality
    - sched/numa: Use down_read_trylock() for the mmap_sem
    - net/mlx5: Tolerate irq_set_affinity_hint() failures
    - selinux: do not check open permission on sockets
    - block: fix an error code in add_partition()
    - mlx5: fix bug reading rss_hash_type from CQE
    - net: ieee802154: fix net_device reference release too early
    - libceph: NULL deref on crush_decode() error path
    - netfilter: ctnetlink: fix incorrect nf_ct_put during hash resize
    - pNFS/flexfiles: missing error code in ff_layout_alloc_lseg()
    - ASoC: rsnd: SSI PIO adjust to 24bit mode
    - scsi: bnx2fc: fix race condition in bnx2fc_get_host_stats()
    - fix race in drivers/char/random.c:get_reg()
    - ext4: fix off-by-one on max nr_pages in ext4_find_unwritten_pgoff()
    - tcp: better validation of received ack sequences
    - net: move somaxconn init from sysctl code
    - Input: elan_i2c - clear INT before resetting controller
    - bonding: Don't update slave->link until ready to commit
    - KVM: nVMX: Fix handling of lmsw instruction
    - net: llc: add lock_sock

1756866 Xenial update to 4.4.118 stable release
1765698 Unable to insert test_bpf module on Xenial
1765241 virtio_scsi race can corrupt memory, panic kernel
1763454 bpf_map_lookup_elem: BUG: unable to handle kernel paging request
1764810 Xenial: rfkill: fix missing return on rfkill_init
1761534 \
1765010 Xenial update to 4.4.128 stable release
1758507 sky2 gigabit ethernet driver sometimes stops working after lid-open resume from sleep (88E8055)
1765007 Xenial update to 4.4.127 stable release
1764999 Xenial update to 4.4.126 stable release
1764973 Xenial update to 4.4.125 stable release
1726930 System fails to start (boot) on battery due to read-only root file-system
1764762 Xenial update to 4.4.124 stable release
1764666 Xenial update to 4.4.123 stable release
1764627 Xenial update to 4.4.122 stable release
1764367 Xenial update to 4.4.121 stable release
1764316 Xenial update to 4.4.120 stable release
1762453 Xenial update to 4.4.119 stable release
1749420 [regression] Colour banding and artefacts appear system-wide on an Asus Zenbook UX303LA with Intel HD 4400 graphics
1755627 ibrs/ibpb fixes result in excessive kernel logging
CVE-2017-17862 kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. This beh
CVE-2017-16995 The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corrupt
CVE-2018-1000004 In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadl



About   -   Send Feedback to @ubuntu_updates