UbuntuUpdates.org

Package "linux-kvm"

Name: linux-kvm

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Header files related to Linux kernel version 4.4.0
  • Header files related to Linux kernel version 4.4.0
  • Header files related to Linux kernel version 4.4.0
  • Header files related to Linux kernel version 4.4.0

Latest version: 4.4.0-1051.58
Release: xenial (16.04)
Level: security
Repository: main

Links

Save this URL for the latest version of "linux-kvm": https://www.ubuntuupdates.org/linux-kvm



Other versions of "linux-kvm" in Xenial

Repository Area Version
updates universe 4.4.0-1007.12
updates main 4.4.0-1051.58
proposed main 4.4.0-1052.59
PPA: Canonical Kernel Team 4.4.0-1052.59

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 4.4.0-1051.58 2019-06-28 22:07:01 UTC

  linux-kvm (4.4.0-1051.58) xenial; urgency=medium

  * linux-kvm: 4.4.0-1051.58 -proposed tracker (LP: #1834021)

  [ Ubuntu: 4.4.0-154.181 ]

  * linux: 4.4.0-154.181 -proposed tracker (LP: #1834030)
  * CVE-2019-11478
    - tcp: refine memory limit test in tcp_fragment()
  * CVE-2019-11479
    - SAUCE: tcp: add tcp_min_snd_mss sysctl
    - SAUCE: tcp: enforce tcp_min_snd_mss in tcp_mtu_probing()

 -- Connor Kuehl <email address hidden> Tue, 25 Jun 2019 11:01:45 -0700

Source diff to previous version
CVE-2019-11478 Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling cer
CVE-2019-11479 Jonathan Looney discovered that the Linux kernel default MSS is hard-c ...

Version: 4.4.0-1048.55 2019-06-19 13:11:04 UTC

  linux-kvm (4.4.0-1048.55) xenial; urgency=medium

  [ Ubuntu: 4.4.0-151.178 ]

  * Remote denial of service (system crash) caused by integer overflow in TCP
    SACK handling (LP: #1831637)
    - SAUCE: tcp: limit payload size of sacked skbs
    - SAUCE: tcp: fix fack_count accounting on tcp_shift_skb_data()
  * Remote denial of service (resource exhaustion) caused by TCP SACK scoreboard
    manipulation (LP: #1831638)
    - SAUCE: tcp: tcp_fragment() should apply sane memory limits

  [ Ubuntu: 4.4.0-150.176 ]

  * linux: 4.4.0-150.176 -proposed tracker (LP: #1830941)
  * glibc 2.23-0ubuntu11 ADT test failure with linux 4.4.0-149.175
    (LP: #1830890)
    - x86/vdso: Pass --eh-frame-hdr to the linker

 -- Stefan Bader <email address hidden> Tue, 11 Jun 2019 11:10:53 +0200

Source diff to previous version
1831637 Remote denial of service (system crash) caused by integer overflow in TCP SACK handling
1831638 Remote denial of service (resource exhaustion) caused by TCP SACK scoreboard manipulation
1830890 glibc 2.23-0ubuntu11 ADT test failure with linux 4.4.0-149.175

Version: 4.4.0-1047.53 2019-06-05 14:07:09 UTC

  linux-kvm (4.4.0-1047.53) xenial; urgency=medium

  * linux-kvm: 4.4.0-1047.53 -proposed tracker (LP: #1829195)

  * Xenial update: 4.4.179 upstream stable release (LP: #1828420)
    - [Config]: add CONFIG_LDISC_AUTOLOAD=y
    - [Config]: remove CONFIG_R3964

  [ Ubuntu: 4.4.0-149.175 ]

  * linux: 4.4.0-149.175 -proposed tracker (LP: #1829209)
  * disable a.out support (LP: #1818552)
    - [Config] Disable a.out support
  * autopkgtests run too often, too much and don't skip enough (LP: #1823056)
    - [Debian] Set +x on rebuild testcase.
    - [Debian] Skip rebuild test, for regression-suite deps.
    - [Debian] Make ubuntu-regression-suite skippable on unbootable kernels.
    - [Debian] make rebuild use skippable error codes when skipping.
    - [Debian] Only run regression-suite, if requested to.
  * Xenial update: 4.4.179 upstream stable release (LP: #1828420)
    - arm64: debug: Don't propagate UNKNOWN FAR into si_code for debug signals
    - arm64: debug: Ensure debug handlers check triggering exception level
    - ext4: cleanup bh release code in ext4_ind_remove_space()
    - lib/int_sqrt: optimize initial value compute
    - tty/serial: atmel: Add is_half_duplex helper
    - mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified
    - i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA
    - Bluetooth: Fix decrementing reference count twice in releasing socket
    - tty/serial: atmel: RS485 HD w/DMA: enable RX after TX is stopped
    - CIFS: fix POSIX lock leak and invalid ptr deref
    - h8300: use cc-cross-prefix instead of hardcoding h8300-unknown-linux-
    - tracing: kdb: Fix ftdump to not sleep
    - gpio: gpio-omap: fix level interrupt idling
    - sysctl: handle overflow for file-max
    - enic: fix build warning without CONFIG_CPUMASK_OFFSTACK
    - mm/cma.c: cma_declare_contiguous: correct err handling
    - mm/page_ext.c: fix an imbalance with kmemleak
    - mm/vmalloc.c: fix kernel BUG at mm/vmalloc.c:512!
    - mm/slab.c: kmemleak no scan alien caches
    - ocfs2: fix a panic problem caused by o2cb_ctl
    - f2fs: do not use mutex lock in atomic context
    - fs/file.c: initialize init_files.resize_wait
    - cifs: use correct format characters
    - dm thin: add sanity checks to thin-pool and external snapshot creation
    - cifs: Fix NULL pointer dereference of devname
    - fs: fix guard_bio_eod to check for real EOD errors
    - tools lib traceevent: Fix buffer overflow in arg_eval
    - usb: chipidea: Grab the (legacy) USB PHY by phandle first
    - scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c
    - coresight: etm4x: Add support to enable ETMv4.2
    - ARM: 8840/1: use a raw_spinlock_t in unwind
    - mmc: omap: fix the maximum timeout setting
    - e1000e: Fix -Wformat-truncation warnings
    - IB/mlx4: Increase the timeout for CM cache
    - scsi: megaraid_sas: return error when create DMA pool failed
    - perf test: Fix failure of 'evsel-tp-sched' test on s390
    - SoC: imx-sgtl5000: add missing put_device()
    - media: sh_veu: Correct return type for mem2mem buffer helpers
    - media: s5p-jpeg: Correct return type for mem2mem buffer helpers
    - media: s5p-g2d: Correct return type for mem2mem buffer helpers
    - media: mx2_emmaprp: Correct return type for mem2mem buffer helpers
    - leds: lp55xx: fix null deref on firmware load failure
    - kprobes: Prohibit probing on bsearch()
    - ARM: 8833/1: Ensure that NEON code always compiles with Clang
    - ALSA: PCM: check if ops are defined before suspending PCM
    - bcache: fix input overflow to cache set sysfs file io_error_halflife
    - bcache: fix input overflow to sequential_cutoff
    - bcache: improve sysfs_strtoul_clamp()
    - fbdev: fbmem: fix memory access if logo is bigger than the screen
    - cdrom: Fix race condition in cdrom_sysctl_register
    - ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe
    - soc: qcom: gsbi: Fix error handling in gsbi_probe()
    - mt7601u: bump supported EEPROM version
    - ARM: avoid Cortex-A9 livelock on tight dmb loops
    - tty: increase the default flip buffer limit to 2*640K
    - media: mt9m111: set initial frame size other than 0x0
    - hwrng: virtio - Avoid repeated init of completion
    - soc/tegra: fuse: Fix illegal free of IO base address
    - hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable
    - dmaengine: imx-dma: fix warning comparison of distinct pointer types
    - netfilter: physdev: relax br_netfilter dependency
    - media: s5p-jpeg: Check for fmt_ver_flag when doing fmt enumeration
    - regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting
    - wlcore: Fix memory leak in case wl12xx_fetch_firmware failure
    - x86/build: Mark per-CPU symbols as absolute explicitly for LLD
    - dmaengine: tegra: avoid overflow of byte tracking
    - drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers
    - binfmt_elf: switch to new creds when switching to new mm
    - kbuild: clang: choose GCC_TOOLCHAIN_DIR not on LD
    - x86/build: Specify elf_i386 linker emulation explicitly for i386 objects
    - x86: vdso: Use $LD instead of $CC to link
    - x86/vdso: Drop implicit common-page-size linker flag
    - lib/string.c: implement a basic bcmp
    - tty: mark Siemens R3964 line discipline as BROKEN
    - [Config]: remove CONFIG_R3964
    - [Config]: add CONFIG_LDISC_AUTOLOAD=y
    - tty: ldisc: add sysctl to prevent autoloading of ldiscs
    - ipv6: Fix dangling pointer when ipv6 fragment
    - ipv6: sit: reset ip header pointer in ipip6_rcv
    - net: rds: force to destroy connection if t_sock is NULL in
      rds_tcp_kill_sock().
    - qmi_wwan: add Olicard 600
    - sctp: initialize _pad of sockaddr_in before copying to user memory
    - tcp: Ensure DCTCP reacts to losses
    - netns: provide pure entropy for net_hash_mix()
    - net: ethtool: not call vzalloc for zero sized memory request
    - ip6_tunnel: Match to ARPHRD_TUNNEL6

Source diff to previous version
1828420 Xenial update: 4.4.179 upstream stable release
1818552 disable a.out support
1823056 autopkgtests run too often, too much and don't skip enough
1826212 Xenial update: 4.4.178 upstream stable release
1825780 Kprobe event string type argument failed in ftrace from ubuntu_kernel_selftests on B/C i386
1825777 False positive test result in run_netsocktests from net in ubuntu_kernel_selftest

Version: 4.4.0-1046.52 2019-05-15 21:07:11 UTC

  linux-kvm (4.4.0-1046.52) xenial; urgency=medium

  [ Ubuntu: 4.4.0-148.174 ]

  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
    - Documentation/l1tf: Fix small spelling typo
    - perf/x86/intel: Add model number for Skylake Server to perf
    - perf/x86: Add model numbers for Kabylake CPUs
    - perf/x86/intel: Use Intel family macros for core perf events
    - perf/x86/msr: Use Intel family macros for MSR events code
    - perf/x86/msr: Add missing Intel models
    - SAUCE: perf/x86/{cstate,rapl,uncore}: Use Intel Model name macros
    - perf/x86/msr: Add missing CPU IDs
    - x86/speculation: Simplify the CPU bug detection logic
    - x86/cpu: Sanitize FAM6_ATOM naming
    - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID
    - bitops: avoid integer overflow in GENMASK(_ULL)
    - locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a
      new <linux/bits.h> file
    - tools include: Adopt linux/bits.h
    - x86/msr-index: Cleanup bit defines
    - x86/speculation: Consolidate CPU whitelists
    - x86/speculation/mds: Add basic bug infrastructure for MDS
    - x86/speculation/mds: Add BUG_MSBDS_ONLY
    - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests
    - x86/speculation/mds: Add mds_clear_cpu_buffers()
    - locking/static_keys: Provide DECLARE and well as DEFINE macros
    - x86/speculation/mds: Clear CPU buffers on exit to user
    - x86/kvm/vmx: Add MDS protection when L1D Flush is not active
    - x86/speculation/mds: Conditionally clear CPU buffers on idle entry
    - SAUCE: sched/smt: Introduce sched_smt_{active,present}
    - SAUCE: Rename the Ubuntu-only spec_ctrl_mutex mutex
    - SAUCE: x86/speculation: Introduce arch_smt_update()
    - x86/speculation: Rework SMT state change
    - x86/speculation: Reorder the spec_v2 code
    - x86/speculation: Unify conditional spectre v2 print functions
    - x86/speculation/mds: Add mitigation control for MDS
    - x86/speculation/mds: Add sysfs reporting for MDS
    - x86/speculation/mds: Add mitigation mode VMWERV
    - Documentation: Move L1TF to separate directory
    - Documentation: Add MDS vulnerability documentation
    - x86/speculation/mds: Add mds=full,nosmt cmdline option
    - x86/speculation: Move arch_smt_update() call to after mitigation decisions
    - x86/speculation/mds: Add SMT warning message
    - x86/speculation/mds: Fix comment
    - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
    - x86/speculation/mds: Add 'mitigations=' support for MDS
  * CVE-2017-5715 // CVE-2017-5753
    - s390/speculation: Support 'mitigations=' cmdline option
  * CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754 // CVE-2018-3639
    - powerpc/speculation: Support 'mitigations=' cmdline option
  * CVE-2017-5715 // CVE-2017-5754 // CVE-2018-3620 // CVE-2018-3639 //
    CVE-2018-3646
    - cpu/speculation: Add 'mitigations=' cmdline option
    - x86/speculation: Support 'mitigations=' cmdline option
  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log

Source diff to previous version
1786013 Packaging resync
CVE-2018-12126 MSBDS Microarchitectural Store Buffer Data Sampling
CVE-2018-12127 MLPDS Microarchitectural Load Port Data Sampling
CVE-2018-12130 MFBDS Microarchitectural Fill Buffer Data Sampling
CVE-2017-5715 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an at
CVE-2017-5753 Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker wi
CVE-2017-5754 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an at
CVE-2018-3639 Speculative Store Bypass
CVE-2018-3620 L1 Terminal Fault-OS/SMM Foreshadow-NG
CVE-2018-3646 L1 Terminal Fault-VMM

Version: 4.4.0-1043.49 2019-04-02 16:12:09 UTC

  linux-kvm (4.4.0-1043.49) xenial; urgency=medium

  * linux-kvm: 4.4.0-1043.49 -proposed tracker (LP: #1821712)

  * linux-generic should depend on linux-base >=4.1 (LP: #1820419)
    - [Packaging] Fix linux-base dependency

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
    - [Packaging] resync retpoline extraction

1820419 linux-generic should depend on linux-base \u003e=4.1
1786013 Packaging resync



About   -   Send Feedback to @ubuntu_updates