UbuntuUpdates.org

Package "linux"

Name: linux

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Linux kernel buildinfo for version 4.4.0 on 32 bit x86 SMP
  • Linux kernel buildinfo for version 4.4.0 on 32 bit x86 SMP
  • Linux kernel buildinfo for version 4.4.0 on 32 bit x86 SMP
  • Linux kernel buildinfo for version 4.4.0 on 32 bit x86 SMP

Latest version: 4.4.0-148.174
Release: xenial (16.04)
Level: security
Repository: main

Links

Save this URL for the latest version of "linux": https://www.ubuntuupdates.org/linux



Other versions of "linux" in Xenial

Repository Area Version
base main 4.4.0-21.37
updates main 4.4.0-148.174
proposed main 4.4.0-149.175
PPA: Canonical Kernel Team 4.4.0-149.175

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 4.4.0-139.165 2018-11-13 19:07:31 UTC

  linux (4.4.0-139.165) xenial; urgency=medium

  * linux: 4.4.0-139.165 -proposed tracker (LP: #1799401)

  * Kernel panic after the ubuntu_nbd_smoke_test on Xenial kernel (LP: #1793464)
    - nbd: Remove signal usage
    - nbd: Timeouts are not user requested disconnects
    - nbd: Cleanup reset of nbd and bdev after a disconnect
    - nbd: don't shutdown sock with irq's disabled
    - nbd: fix race in ioctl

  * fscache: bad refcounting in fscache_op_complete leads to OOPS (LP: #1797314)
    - SAUCE: fscache: Fix race in decrementing refcount of op->npages

  * xenial: virtio-scsi: CPU soft lockup due to loop in
    virtscsi_target_destroy() (LP: #1798110)
    - SAUCE: (no-up) virtio-scsi: Decrement reqs counter before SCSI command
      requeue

  * Error reported when creating ZFS pool with "-t" option, despite successful
    pool creation (LP: #1769937)
    - SAUCE: (noup) Update zfs to 0.6.5.6-0ubuntu26

  * Xenial update: 4.4.160 upstream stable release (LP: #1798770)
    - crypto: skcipher - Fix -Wstringop-truncation warnings
    - tsl2550: fix lux1_input error in low light
    - vmci: type promotion bug in qp_host_get_user_memory()
    - x86/numa_emulation: Fix emulated-to-physical node mapping
    - staging: rts5208: fix missing error check on call to rtsx_write_register
    - uwb: hwa-rc: fix memory leak at probe
    - power: vexpress: fix corruption in notifier registration
    - Bluetooth: Add a new Realtek 8723DE ID 0bda:b009
    - USB: serial: kobil_sct: fix modem-status error handling
    - 6lowpan: iphc: reset mac_header after decompress to fix panic
    - md-cluster: clear another node's suspend_area after the copy is finished
    - media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt()
    - powerpc/kdump: Handle crashkernel memory reservation failure
    - media: fsl-viu: fix error handling in viu_of_probe()
    - x86/tsc: Add missing header to tsc_msr.c
    - x86/entry/64: Add two more instruction suffixes
    - scsi: target/iscsi: Make iscsit_ta_authentication() respect the output
      buffer size
    - scsi: klist: Make it safe to use klists in atomic context
    - scsi: ibmvscsi: Improve strings handling
    - usb: wusbcore: security: cast sizeof to int for comparison
    - powerpc/powernv/ioda2: Reduce upper limit for DMA window size
    - alarmtimer: Prevent overflow for relative nanosleep
    - s390/extmem: fix gcc 8 stringop-overflow warning
    - ALSA: snd-aoa: add of_node_put() in error path
    - media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power
    - media: soc_camera: ov772x: correct setting of banding filter
    - media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data
    - staging: android: ashmem: Fix mmap size validation
    - drivers/tty: add error handling for pcmcia_loop_config
    - media: tm6000: add error handling for dvb_register_adapter
    - ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge
    - ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock
    - rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication()
    - wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout()
    - ARM: mvebu: declare asm symbols as character arrays in pmsu.c
    - HID: hid-ntrig: add error handling for sysfs_create_group
    - scsi: bnx2i: add error handling for ioremap_nocache
    - EDAC, i7core: Fix memleaks and use-after-free on probe and remove
    - ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs
    - module: exclude SHN_UNDEF symbols from kallsyms api
    - nfsd: fix corrupted reply to badly ordered compound
    - ARM: dts: dra7: fix DCAN node addresses
    - serial: cpm_uart: return immediately from console poll
    - spi: tegra20-slink: explicitly enable/disable clock
    - spi: sh-msiof: Fix invalid SPI use during system suspend
    - spi: sh-msiof: Fix handling of write value for SISTR register
    - spi: rspi: Fix invalid SPI use during system suspend
    - spi: rspi: Fix interrupted DMA transfers
    - USB: fix error handling in usb_driver_claim_interface()
    - USB: handle NULL config in usb_find_alt_setting()
    - slub: make ->cpu_partial unsigned int
    - Revert "UBUNTU: SAUCE: media: uvcvideo: Support realtek's UVC 1.5 device"
    - media: uvcvideo: Support realtek's UVC 1.5 device
    - USB: usbdevfs: sanitize flags more
    - USB: usbdevfs: restore warning for nonsensical flags
    - Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in
      service_outstanding_interrupt()"
    - USB: remove LPM management from usb_driver_claim_interface()
    - Input: elantech - enable middle button of touchpad on ThinkPad P72
    - IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop
    - scsi: target: iscsi: Use bin2hex instead of a re-implementation
    - serial: imx: restore handshaking irq for imx1
    - arm64: KVM: Tighten guest core register access from userspace
    - ext4: never move the system.data xattr out of the inode body
    - thermal: of-thermal: disable passive polling when thermal zone is disabled
    - net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES
    - e1000: check on netif_running() before calling e1000_up()
    - e1000: ensure to free old tx/rx rings in set_ringparam()
    - hwmon: (ina2xx) fix sysfs shunt resistor read access
    - hwmon: (adt7475) Make adt7475_read_word() return errors
    - i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus
    - arm64: cpufeature: Track 32bit EL0 support
    - arm64: KVM: Sanitize PSTATE.M when being set from userspace
    - media: v4l: event: Prevent freeing event subscriptions while accessed
    - KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function
    - mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X
    - mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X
    - gpio: adp5588: Fix sleep-in-atomic-context bug
    - mac80211: mesh: fix HWMP sequence numbering to follow standard
    -

Source diff to previous version
1793464 Kernel panic after the ubuntu_nbd_smoke_test on Xenial kernel
1797314 fscache: bad refcounting in fscache_op_complete leads to OOPS
1798110 xenial: virtio-scsi: CPU soft lockup due to loop in virtscsi_target_destroy()
1769937 Error reported when creating ZFS pool with \
1798770 Xenial update: 4.4.160 upstream stable release
1775068 Volume control not working Dell XPS 27 (7760)
1798617 Xenial update: 4.4.159 upstream stable release
1798587 Xenial update: 4.4.158 upstream stable release
1798539 Xenial update: 4.4.157 upstream stable release
1797563 Xenial update: 4.4.156 upstream stable release
CVE-2018-7755 An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a k

Version: 4.4.0-138.164 2018-10-22 17:06:44 UTC

  linux (4.4.0-138.164) xenial; urgency=medium

  * linux: 4.4.0-138.164 -proposed tracker (LP: #1795582)

  * Linux 4.4.155 stable release build is broken on ppc64 (LP: #1795662)
    - powerpc/fadump: Return error when fadump registration fails

  * Kernel hang on drive pull caused by regression introduced by commit
    287922eb0b18 (LP: #1791790)
    - block: Fix a race between blk_cleanup_queue() and timeout handling

  * qeth: use vzalloc for QUERY OAT buffer (LP: #1793086)
    - s390/qeth: use vzalloc for QUERY OAT buffer

  * Page leaking in cachefiles_read_backing_file while vmscan is active
    (LP: #1793430)
    - SAUCE: cachefiles: Page leaking in cachefiles_read_backing_file while vmscan
      is active

  * Bugfix for handling of shadow doorbell buffer (LP: #1788222)
    - nvme-pci: add a memory barrier to nvme_dbbuf_update_and_check_event

  * Xenial update to 4.4.155 stable release (LP: #1792419)
    - net: 6lowpan: fix reserved space for single frames
    - net: mac802154: tx: expand tailroom if necessary
    - 9p/net: Fix zero-copy path in the 9p virtio transport
    - net: lan78xx: Fix misplaced tasklet_schedule() call
    - spi: davinci: fix a NULL pointer dereference
    - drm/i915/userptr: reject zero user_size
    - powerpc/fadump: handle crash memory ranges array index overflow
    - powerpc/pseries: Fix endianness while restoring of r3 in MCE handler.
    - fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed
    - 9p/virtio: fix off-by-one error in sg list bounds check
    - net/9p/client.c: version pointer uninitialized
    - net/9p/trans_fd.c: fix race-condition by flushing workqueue before the
      kfree()
    - dm cache metadata: save in-core policy_hint_size to on-disk superblock
    - iio: ad9523: Fix displayed phase
    - iio: ad9523: Fix return value for ad952x_store()
    - vmw_balloon: fix inflation of 64-bit GFNs
    - vmw_balloon: do not use 2MB without batching
    - vmw_balloon: VMCI_DOORBELL_SET does not check status
    - vmw_balloon: fix VMCI use when balloon built into kernel
    - tracing: Do not call start/stop() functions when tracing_on does not change
    - tracing/blktrace: Fix to allow setting same value
    - kthread, tracing: Don't expose half-written comm when creating kthreads
    - uprobes: Use synchronize_rcu() not synchronize_sched()
    - 9p: fix multiple NULL-pointer-dereferences
    - PM / sleep: wakeup: Fix build error caused by missing SRCU support
    - pnfs/blocklayout: off by one in bl_map_stripe()
    - ARM: tegra: Fix Tegra30 Cardhu PCA954x reset
    - mm/tlb: Remove tlb_remove_table() non-concurrent condition
    - iommu/vt-d: Add definitions for PFSID
    - iommu/vt-d: Fix dev iotlb pfsid use
    - osf_getdomainname(): use copy_to_user()
    - sys: don't hold uts_sem while accessing userspace memory
    - userns: move user access out of the mutex
    - ubifs: Fix memory leak in lprobs self-check
    - Revert "UBIFS: Fix potential integer overflow in allocation"
    - ubifs: Check data node size before truncate
    - ubifs: Fix synced_i_size calculation for xattr inodes
    - pwm: tiehrpwm: Fix disabling of output of PWMs
    - fb: fix lost console when the user unplugs a USB adapter
    - udlfb: set optimal write delay
    - getxattr: use correct xattr length
    - bcache: release dc->writeback_lock properly in bch_writeback_thread()
    - perf auxtrace: Fix queue resize
    - fs/quota: Fix spectre gadget in do_quotactl
    - x86/io: add interface to reserve io memtype for a resource range. (v1.1)
    - drm/drivers: add support for using the arch wc mapping API.
    - Linux 4.4.155

  * Xenial update to 4.4.154 stable release (LP: #1792392)
    - sched/sysctl: Check user input value of sysctl_sched_time_avg
    - Cipso: cipso_v4_optptr enter infinite loop
    - vti6: fix PMTU caching and reporting on xmit
    - xfrm: fix missing dst_release() after policy blocking lbcast and multicast
    - xfrm: free skb if nlsk pointer is NULL
    - mac80211: add stations tied to AP_VLANs during hw reconfig
    - nl80211: Add a missing break in parse_station_flags
    - drm/bridge: adv7511: Reset registers on hotplug
    - scsi: libiscsi: fix possible NULL pointer dereference in case of TMF
    - drm/imx: imx-ldb: disable LDB on driver bind
    - drm/imx: imx-ldb: check if channel is enabled before printing warning
    - usb: gadget: r8a66597: Fix two possible sleep-in-atomic-context bugs in
      init_controller()
    - usb: gadget: r8a66597: Fix a possible sleep-in-atomic-context bugs in
      r8a66597_queue()
    - usb/phy: fix PPC64 build errors in phy-fsl-usb.c
    - tools: usb: ffs-test: Fix build on big endian systems
    - usb: gadget: f_uac2: fix endianness of 'struct cntrl_*_lay3'
    - tools/power turbostat: fix -S on UP systems
    - net: caif: Add a missing rcu_read_unlock() in caif_flow_cb
    - qed: Fix possible race for the link state value.
    - atl1c: reserve min skb headroom
    - net: prevent ISA drivers from building on PPC32
    - can: mpc5xxx_can: check of_iomap return before use
    - i2c: davinci: Avoid zero value of CLKH
    - media: staging: omap4iss: Include asm/cacheflush.h after generic includes
    - bnx2x: Fix invalid memory access in rss hash config path.
    - net: axienet: Fix double deregister of mdio
    - selftests/ftrace: Add snapshot and tracing_on test case
    - zswap: re-check zswap_is_full() after do zswap_shrink()
    - tools/power turbostat: Read extended processor family from CPUID
    - Revert "MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum"
    - enic: handle mtu change for vf properly
    - arc: fix build errors in arc/include/asm/delay.h
    - arc: fix type warnings in arc/mm/cache.c
    - drivers: net: lmc: fix case value for target abort error
    - scsi: fcoe: drop frames in ELS LOGO error path
    - scsi: vmw_pvscsi: Return DID_RESET for status SAM_STAT_COMMAND_TERMINATED
    - mm/memory.c: check return value of ioremap_prot
    - cifs: add

Source diff to previous version
1795662 Linux 4.4.155 stable release build is broken on ppc64
1791790 Kernel hang on drive pull caused by regression introduced by commit 287922eb0b18
1793086 qeth: use vzalloc for QUERY OAT buffer
1793430 Page leaking in cachefiles_read_backing_file while vmscan is active
1788222 Bugfix for handling of shadow doorbell buffer
1792419 Xenial update to 4.4.155 stable release
1792392 Xenial update to 4.4.154 stable release
1792383 Xenial update to 4.4.153 stable release
1792377 Xenial update to 4.4.152 stable release
1792340 Xenial update to 4.4.151 stable release
1792336 Xenial update to 4.4.150 stable release
1792310 Xenial update to 4.4.149 stable release
1792174 Xenial update to 4.4.148 stable release
1792109 Xenial update to 4.4.147 stable release
1791953 Xenial update to 4.4.146 stable release
1791942 Xenial update to 4.4.145 stable release
1793753 kernel panic - null pointer dereference on ipset operations
1793461 Improvements to the kernel source package preparation
1792044 update ENA driver to latest mainline version
CVE-2018-9363 HID: Bluetooth: hidp: buffer overflow in hidp_process_report

Version: 4.4.0-137.163 2018-10-01 17:07:26 UTC

  linux (4.4.0-137.163) xenial; urgency=medium

  * CVE-2018-14633
    - iscsi target: Use hex2bin instead of a re-implementation

  * CVE-2018-17182
    - mm: get rid of vmacache_flush_all() entirely

Source diff to previous version
CVE-2018-14633 A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request f
CVE-2018-17182 An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An

Version: 4.4.0-134.160 2018-08-23 20:06:37 UTC

  linux (4.4.0-134.160) xenial; urgency=medium

  * linux: 4.4.0-134.160 -proposed tracker (LP: #1787177)

  * locking sockets broken due to missing AppArmor socket mediation patches
    (LP: #1780227)
    - UBUNTU SAUCE: apparmor: fix apparmor mediating locking non-fs, unix sockets

  * Backport namespaced fscaps to xenial 4.4 (LP: #1778286)
    - Introduce v3 namespaced file capabilities
    - commoncap: move assignment of fs_ns to avoid null pointer dereference
    - capabilities: fix buffer overread on very short xattr
    - commoncap: Handle memory allocation failure.

  * Xenial update to 4.4.140 stable release (LP: #1784409)
    - usb: cdc_acm: Add quirk for Uniden UBC125 scanner
    - USB: serial: cp210x: add CESINEL device ids
    - USB: serial: cp210x: add Silicon Labs IDs for Windows Update
    - n_tty: Fix stall at n_tty_receive_char_special().
    - staging: android: ion: Return an ERR_PTR in ion_map_kernel
    - n_tty: Access echo_* variables carefully.
    - x86/boot: Fix early command-line parsing when matching at end
    - ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode
    - i2c: rcar: fix resume by always initializing registers before transfer
    - ipv4: Fix error return value in fib_convert_metrics()
    - kprobes/x86: Do not modify singlestep buffer while resuming
    - nvme-pci: initialize queue memory before interrupts
    - netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_chain()
    - ARM: dts: imx6q: Use correct SDMA script for SPI5 core
    - ubi: fastmap: Correctly handle interrupted erasures in EBA
    - mm: hugetlb: yield when prepping struct pages
    - tracing: Fix missing return symbol in function_graph output
    - scsi: sg: mitigate read/write abuse
    - s390: Correct register corruption in critical section cleanup
    - drbd: fix access after free
    - cifs: Fix infinite loop when using hard mount option
    - jbd2: don't mark block as modified if the handle is out of credits
    - ext4: make sure bitmaps and the inode table don't overlap with bg
      descriptors
    - ext4: always check block group bounds in ext4_init_block_bitmap()
    - ext4: only look at the bg_flags field if it is valid
    - ext4: verify the depth of extent tree in ext4_find_extent()
    - ext4: include the illegal physical block in the bad map ext4_error msg
    - ext4: clear i_data in ext4_inode_info when removing inline data
    - ext4: add more inode number paranoia checks
    - ext4: add more mount time checks of the superblock
    - ext4: check superblock mapped prior to committing
    - HID: i2c-hid: Fix "incomplete report" noise
    - HID: hiddev: fix potential Spectre v1
    - HID: debug: check length before copy_to_user()
    - x86/mce: Detect local MCEs properly
    - x86/mce: Fix incorrect "Machine check from unknown source" message
    - media: cx25840: Use subdev host data for PLL override
    - mm, page_alloc: do not break __GFP_THISNODE by zonelist reset
    - dm bufio: avoid sleeping while holding the dm_bufio lock
    - dm bufio: drop the lock when doing GFP_NOIO allocation
    - mtd: rawnand: mxc: set spare area size register explicitly
    - dm bufio: don't take the lock in dm_bufio_shrink_count
    - mtd: cfi_cmdset_0002: Change definition naming to retry write operation
    - mtd: cfi_cmdset_0002: Change erase functions to retry for error
    - mtd: cfi_cmdset_0002: Change erase functions to check chip good only
    - netfilter: nf_log: don't hold nf_log_mutex during user access
    - staging: comedi: quatech_daqp_cs: fix no-op loop daqp_ao_insn_write()
    - Linux 4.4.140

  * Xenial update to 4.4.139 stable release (LP: #1784382)
    - xfrm6: avoid potential infinite loop in _decode_session6()
    - netfilter: ebtables: handle string from userspace with care
    - ipvs: fix buffer overflow with sync daemon and service
    - atm: zatm: fix memcmp casting
    - net: qmi_wwan: Add Netgear Aircard 779S
    - net/sonic: Use dma_mapping_error()
    - Revert "Btrfs: fix scrub to repair raid6 corruption"
    - tcp: do not overshoot window_clamp in tcp_rcv_space_adjust()
    - Btrfs: make raid6 rebuild retry more
    - usb: musb: fix remote wakeup racing with suspend
    - bonding: re-evaluate force_primary when the primary slave name changes
    - tcp: verify the checksum of the first data segment in a new connection
    - ext4: update mtime in ext4_punch_hole even if no blocks are released
    - ext4: fix fencepost error in check for inode count overflow during resize
    - driver core: Don't ignore class_dir_create_and_add() failure.
    - btrfs: scrub: Don't use inode pages for device replace
    - ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream()
    - ALSA: hda: add dock and led support for HP EliteBook 830 G5
    - ALSA: hda: add dock and led support for HP ProBook 640 G4
    - cpufreq: Fix new policy initialization during limits updates via sysfs
    - libata: zpodd: make arrays cdb static, reduces object code size
    - libata: zpodd: small read overflow in eject_tray()
    - libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk
    - w1: mxc_w1: Enable clock before calling clk_get_rate() on it
    - x86/spectre_v1: Disable compiler optimizations over
      array_index_mask_nospec()
    - m68k/mm: Adjust VM area to be unmapped by gap size for __iounmap()
    - serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding version
    - signal/xtensa: Consistenly use SIGBUS in do_unaligned_user
    - usb: do not reset if a low-speed or full-speed device timed out
    - 1wire: family module autoload fails because of upper/lower case mismatch.
    - ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it
    - ASoC: cirrus: i2s: Fix LRCLK configuration
    - ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup
    - lib/vsprintf: Remove atomic-unsafe support for %pCr
    - mips: ftrace: fix static function graph tracing
    - branch-check: fix long->int truncation when profiling branches
    - i

Source diff to previous version
1780227 locking sockets broken due to missing AppArmor socket mediation patches
1778286 Backport namespaced fscaps to xenial 4.4
1784409 Xenial update to 4.4.140 stable release
1784382 Xenial update to 4.4.139 stable release
1620762 Support AverMedia DVD EZMaker 7 USB video capture dongle
1779830 vfio/pci: cannot assign a i40e pf device to a vm using vfio-pci
1781364 Kernel error \
1759848 Allow multiple mounts of zfs datasets
1773410 Redpine: Observed kernel panic while running wireless tests in regression mode
1777850 Redpine: Observed kernel panic while running soft-ap tests
1783241 [HMS] Upgrades to Support SocketCAN over USB on Dell IoT 300x Gateways
1779923 other users' coredumps can be read via setgid directory and killpriv bypass
1782116 snapcraft.yaml: missing ubuntu-retpoline-extract-one script breaks the build
1783152 Enable basic support for Solarflare 8000 series NIC
1777858 Redpine: Observed kernel panic while running wireless regressions tests
1777389 Xenial update to 4.4.138 stable release
1773400 Redpine: wifi-ap stopped working after restart
1777063 Xenial update to 4.4.137 stable release
1776177 Xenial update to 4.4.136 stable release
1776158 Xenial update to 4.4.135 stable release
CVE-2018-12233 In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twic
CVE-2018-13094 An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da
CVE-2018-13405 The inode_init_owner function in fs/inode.c in the Linux kernel through 4.17.4 allows local users to create files with an unintended group ownership,

Version: 4.4.0-133.159 2018-08-14 21:07:34 UTC

  linux (4.4.0-133.159) xenial; urgency=medium

  * CVE-2018-5390
    - tcp: avoid collapses in tcp_prune_queue() if possible
    - tcp: detect malicious patterns in tcp_collapse_ofo_queue()

  * CVE-2018-5391
    - Revert "net: increase fragment memory usage limits"

  * CVE-2018-3620 // CVE-2018-3646
    - KVM: x86: introduce linear_{read,write}_system
    - KVM: x86: pass kvm_vcpu to kvm_read_guest_virt and
      kvm_write_guest_virt_system
    - kvm: x86: use correct privilege level for sgdt/sidt/fxsave/fxrstor access
    - x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT
    - x86/speculation/l1tf: Change order of offset/type in swap entry
    - x86/speculation/l1tf: Protect swap entries against L1TF
    - x86/mm: Simplify p[g4um]d_page() macros
    - x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation
    - x86/speculation/l1tf: Make sure the first page is always reserved
    - SAUCE: x86/cpu: Add Knights Mill/Gemini Lake
    - x86/speculation/l1tf: Add sysfs reporting for l1tf
    - x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings
    - x86/speculation/l1tf: Limit swap file size to MAX_PA/2
    - x86/smp: Provide topology_is_primary_thread()
    - x86/topology: Provide topology_smt_supported()
    - cpu/hotplug: Split do_cpu_down()
    - x86/topology: Add topology_max_smt_threads()
    - cpu/hotplug: Provide knobs to control SMT
    - x86/CPU: Modify detect_extended_topology() to return result
    - x86/cpu: Remove the pointless CPU printout
    - x86/cpu/AMD: Remove the pointless detect_ht() call
    - x86/cpu/common: Provide detect_ht_early()
    - x86/cpu/topology: Provide detect_extended_topology_early()
    - x86/cpu/intel: Evaluate smp_num_siblings early
    - x86/cpu/AMD: Evaluate smp_num_siblings early
    - x86/apic: Ignore secondary threads if nosmt=force
    - x86/speculation/l1tf: Extend 64bit swap file size limit
    - x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings
    - x86/cpufeatures: Add detection of L1D cache flush support.
    - x86/speculation/l1tf: Protect PAE swap entries against L1TF
    - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE
    - Revert "x86/apic: Ignore secondary threads if nosmt=force"
    - SAUCE: x86/mce: register mce notifier earlier
    - cpu/hotplug: Boot HT siblings at least once
    - KVM: x86: Introducing kvm_x86_ops VM init/destroy hooks
    - x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present.
    - x86/KVM/VMX: Add module argument for L1TF mitigation
    - x86/KVM/VMX: Add L1D flush algorithm
    - x86/KVM/VMX: Add L1D MSR based flush
    - x86/KVM/VMX: Add L1D flush logic
    - x86/KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers
    - x86/KVM/VMX: Add find_msr() helper function
    - x86/KVM/VMX: Seperate the VMX AUTOLOAD guest/host number accounting.
    - x86/KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs
    - x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required
    - cpu/hotplug: Online siblings when SMT control is turned on
    - x86/litf: Introduce vmx status variable
    - x86/kvm: Drop L1TF MSR list approach
    - x86/l1tf: Handle EPT disabled state proper
    - x86/kvm: Move l1tf setup function
    - x86/kvm: Add static key for flush always
    - x86/kvm: Serialize L1D flush parameter setter
    - x86/kvm: Allow runtime control of L1D flush
    - cpu/hotplug: Expose SMT control init function
    - cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early
    - x86/bugs, kvm: Introduce boot-time control of L1TF mitigations
    - Documentation: Add section about CPU vulnerabilities
    - x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures
    - x86/KVM/VMX: Initialize the vmx_l1d_flush_pages' content
    - Documentation/l1tf: Fix typos
    - cpu/hotplug: detect SMT disabled by BIOS
    - x86/KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush()
    - x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond'
    - x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush()
    - x86/irq: Demote irq_cpustat_t::__softirq_pending to u16
    - x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d
    - x86: Don't include linux/irq.h from asm/hardirq.h
    - x86/apic: Order irq_enter/exit() calls correctly vs. ack_APIC_irq()
    - x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d
    - x86/KVM/VMX: Don't set l1tf_flush_l1d from vmx_handle_external_intr()
    - Documentation/l1tf: Remove Yonah processors from not vulnerable list
    - x86/speculation: Simplify sysfs report of VMX L1TF vulnerability
    - x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry
    - KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES
    - KVM: x86: Add a framework for supporting MSR-based features
    - KVM: X86: Introduce kvm_get_msr_feature()
    - KVM: VMX: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR
    - KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry
    - cpu/hotplug: Fix SMT supported evaluation
    - x86/speculation/l1tf: Invert all not present mappings
    - x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert
    - x86/mm/pat: Ensure cpa->pfn only contains page frame numbers
    - SAUCE: Add pfn_pud() and pud_mkhuge()
    - x86/mm/pat: Make set_memory_np() L1TF safe

 -- Stefan Bader <email address hidden> Wed, 08 Aug 2018 12:04:38 +0200

CVE-2018-5390 Linux Kernel TCP implementation vulnerable to Denial of Service
CVE-2018-5391 RESERVED
CVE-2018-3620 L1 Terminal Fault-OS/SMM Foreshadow-NG
CVE-2018-3646 L1 Terminal Fault-VMM



About   -   Send Feedback to @ubuntu_updates