UbuntuUpdates.org

Package "linux-kvm"

Name: linux-kvm

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Header files related to Linux kernel version 4.4.0
  • Header files related to Linux kernel version 4.4.0
  • Header files related to Linux kernel version 4.4.0
  • Header files related to Linux kernel version 4.4.0

Latest version: 4.4.0-1054.61
Release: xenial (16.04)
Level: updates
Repository: main

Links

Save this URL for the latest version of "linux-kvm": https://www.ubuntuupdates.org/linux-kvm



Other versions of "linux-kvm" in Xenial

Repository Area Version
security main 4.4.0-1054.61
updates universe 4.4.0-1007.12
proposed main 4.4.0-1055.62
PPA: Canonical Kernel Team 4.4.0-1055.62

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 4.4.0-1054.61 2019-08-13 13:07:12 UTC

  linux-kvm (4.4.0-1054.61) xenial; urgency=medium

  [ Ubuntu: 4.4.0-159.187 ]

  * CVE-2019-1125
    - x86/cpufeatures: Carve out CQM features retrieval
    - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word
    - x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations
    - x86/speculation: Enable Spectre v1 swapgs mitigations
    - x86/entry/64: Use JMP instead of JMPQ
    - x86/speculation/swapgs: Exclude ATOMs from speculation through SWAPGS

Source diff to previous version
CVE-2019-1125 RESERVED

Version: 4.4.0-1052.59 2019-07-24 22:06:37 UTC

  linux-kvm (4.4.0-1052.59) xenial; urgency=medium

  * linux-kvm: 4.4.0-1052.59 -proposed tracker (LP: #1834909)

  * Xenial update: 4.4.180 upstream stable release (LP: #1830176)
    - [Config]: enable CONFIG_SCHED_SMT

  * q-r-t security test wants SCHED_STACK_END_CHECK to be enabled in KVM kernels
    (LP: #1812159)
    - [Config]: enable SCHED_STACK_END_CHECK

  [ Ubuntu: 4.4.0-155.182 ]

  * linux: 4.4.0-155.182 -proposed tracker (LP: #1834918)
  * Geneve tunnels don't work when ipv6 is disabled (LP: #1794232)
    - geneve: correctly handle ipv6.disable module parameter
  * Kernel modules generated incorrectly when system is localized to a non-
    English language (LP: #1828084)
    - scripts: override locale from environment when running recordmcount.pl
  * Handle overflow in proc_get_long of sysctl (LP: #1833935)
    - sysctl: handle overflow in proc_get_long
  * Xenial update: 4.4.181 upstream stable release (LP: #1832661)
    - x86/speculation/mds: Revert CPU buffer clear on double fault exit
    - x86/speculation/mds: Improve CPU buffer clear documentation
    - ARM: exynos: Fix a leaked reference by adding missing of_node_put
    - crypto: vmx - fix copy-paste error in CTR mode
    - crypto: crct10dif-generic - fix use via crypto_shash_digest()
    - crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest()
    - ALSA: usb-audio: Fix a memory leak bug
    - ALSA: hda/hdmi - Consider eld_valid when reporting jack event
    - ALSA: hda/realtek - EAPD turn on later
    - ASoC: max98090: Fix restore of DAPM Muxes
    - ASoC: RT5677-SPI: Disable 16Bit SPI Transfers
    - mm/mincore.c: make mincore() more conservative
    - ocfs2: fix ocfs2 read inode data panic in ocfs2_iget
    - mfd: da9063: Fix OTP control register names to match datasheets for
      DA9063/63L
    - tty/vt: fix write/write race in ioctl(KDSKBSENT) handler
    - ext4: actually request zeroing of inode table after grow
    - ext4: fix ext4_show_options for file systems w/o journal
    - Btrfs: do not start a transaction at iterate_extent_inodes()
    - bcache: fix a race between cache register and cacheset unregister
    - bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim()
    - ipmi:ssif: compare block number correctly for multi-part return messages
    - crypto: gcm - Fix error return code in crypto_gcm_create_common()
    - crypto: gcm - fix incompatibility between "gcm" and "gcm_base"
    - crypto: chacha20poly1305 - set cra_name correctly
    - crypto: salsa20 - don't access already-freed walk.iv
    - crypto: arm/aes-neonbs - don't access already-freed walk.iv
    - writeback: synchronize sync(2) against cgroup writeback membership switches
    - fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going
      into workqueue when umount
    - ALSA: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug
    - KVM: x86: Skip EFER vs. guest CPUID checks for host-initiated writes
    - net: avoid weird emergency message
    - net/mlx4_core: Change the error print to info print
    - ppp: deflate: Fix possible crash in deflate_init
    - tipc: switch order of device registration to fix a crash
    - tipc: fix modprobe tipc failed after switch order of device registration
    - stm class: Fix channel free in stm output free path
    - md: add mddev->pers to avoid potential NULL pointer dereference
    - intel_th: msu: Fix single mode with IOMMU
    - of: fix clang -Wunsequenced for be32_to_cpu()
    - cifs: fix strcat buffer overflow and reduce raciness in
      smb21_set_oplock_level()
    - media: ov6650: Fix sensor possibly not detected on probe
    - NFS4: Fix v4.0 client state corruption when mount
    - clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider
    - fuse: fix writepages on 32bit
    - fuse: honor RLIMIT_FSIZE in fuse_file_fallocate
    - iommu/tegra-smmu: Fix invalid ASID bits on Tegra30/114
    - ceph: flush dirty inodes before proceeding with remount
    - tracing: Fix partial reading of trace event's id file
    - memory: tegra: Fix integer overflow on tick value calculation
    - perf intel-pt: Fix instructions sampling rate
    - perf intel-pt: Fix improved sample timestamp
    - perf intel-pt: Fix sample timestamp wrt non-taken branches
    - fbdev: sm712fb: fix brightness control on reboot, don't set SR30
    - fbdev: sm712fb: fix VRAM detection, don't set SR70/71/74/75
    - fbdev: sm712fb: fix white screen of death on reboot, don't set CR3B-CR3F
    - fbdev: sm712fb: fix boot screen glitch when sm712fb replaces VGA
    - fbdev: sm712fb: fix crashes during framebuffer writes by correctly mapping
      VRAM
    - fbdev: sm712fb: fix support for 1024x768-16 mode
    - fbdev: sm712fb: use 1024x768 by default on non-MIPS, fix garbled display
    - fbdev: sm712fb: fix crashes and garbled display during DPMS modesetting
    - PCI: Mark Atheros AR9462 to avoid bus reset
    - dm delay: fix a crash when invalid device is specified
    - xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink
    - xfrm6_tunnel: Fix potential panic when unloading xfrm6_tunnel module
    - vti4: ipip tunnel deregistration fixes.
    - xfrm4: Fix uninitialized memory read in _decode_session4
    - KVM: arm/arm64: Ensure vcpu target is unset on reset failure
    - power: supply: sysfs: prevent endless uevent loop with
      CONFIG_POWER_SUPPLY_DEBUG
    - ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour
    - perf bench numa: Add define for RUSAGE_THREAD if not present
    - Revert "Don't jump to compute_result state from check_result state"
    - md/raid: raid5 preserve the writeback action after the parity check
    - btrfs: Honour FITRIM range constraints during free space trim
    - fbdev: sm712fb: fix memory frequency by avoiding a switch/case fallthrough
    - ext4: do not delete unlinked inode from orphan list on failed truncate
    - KVM: x86: fix return value for reserved EFER
    - bio: fix improper use of

Source diff to previous version
1830176 Xenial update: 4.4.180 upstream stable release
1812159 q-r-t security test wants SCHED_STACK_END_CHECK to be enabled in KVM kernels
1794232 Geneve tunnels don't work when ipv6 is disabled
1828084 Kernel modules generated incorrectly when system is localized to a non-English language
1833935 Handle overflow in proc_get_long of sysctl
1832661 Xenial update: 4.4.181 upstream stable release
1834315 Revert x86/vdso linker changes from #1830890 as this causes glibc 2.29-0ubuntu3 FTBFS on eoan
1834499 [linux-azure] Block Layer Commits Requested in Azure Kernels
1824864 CONFIG_LOG_BUF_SHIFT set to 14 is too low on arm64
1833410 idle-page oopses when accessing page frames that are out of range
1833319 Performance degradation when copying from LVM snapshot backed by NVMe disk
1833698 Bluetooth regressions with Xenial kernel 4.4.0-152.179
1824687 4.4.0-145-generic Kernel Panic ip6_expire_frag_queue
1826416 [Xenial] Customer can not SSH to Linux VM due to \
CVE-2019-2054 In the seccomp implementation prior to kernel version 4.8, there is a possible seccomp bypass due to seccomp policies that allow the use of ptrace. T
CVE-2018-12126 MSBDS Microarchitectural Store Buffer Data Sampling
CVE-2018-12127 MLPDS Microarchitectural Load Port Data Sampling
CVE-2018-12130 MFBDS Microarchitectural Fill Buffer Data Sampling
CVE-2019-11833 fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local user
CVE-2019-11091 MDSUM Microarchitectural Data Sampling Uncacheable Memory

Version: 4.4.0-1051.58 2019-06-27 22:07:04 UTC

  linux-kvm (4.4.0-1051.58) xenial; urgency=medium

  * linux-kvm: 4.4.0-1051.58 -proposed tracker (LP: #1834021)

  [ Ubuntu: 4.4.0-154.181 ]

  * linux: 4.4.0-154.181 -proposed tracker (LP: #1834030)
  * CVE-2019-11478
    - tcp: refine memory limit test in tcp_fragment()
  * CVE-2019-11479
    - SAUCE: tcp: add tcp_min_snd_mss sysctl
    - SAUCE: tcp: enforce tcp_min_snd_mss in tcp_mtu_probing()

 -- Connor Kuehl <email address hidden> Tue, 25 Jun 2019 11:01:45 -0700

Source diff to previous version
CVE-2019-11478 Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling cer
CVE-2019-11479 Jonathan Looney discovered that the Linux kernel default MSS is hard-c ...

Version: 4.4.0-1048.55 2019-06-17 21:07:09 UTC

  linux-kvm (4.4.0-1048.55) xenial; urgency=medium

  [ Ubuntu: 4.4.0-151.178 ]

  * Remote denial of service (system crash) caused by integer overflow in TCP
    SACK handling (LP: #1831637)
    - SAUCE: tcp: limit payload size of sacked skbs
    - SAUCE: tcp: fix fack_count accounting on tcp_shift_skb_data()
  * Remote denial of service (resource exhaustion) caused by TCP SACK scoreboard
    manipulation (LP: #1831638)
    - SAUCE: tcp: tcp_fragment() should apply sane memory limits

  [ Ubuntu: 4.4.0-150.176 ]

  * linux: 4.4.0-150.176 -proposed tracker (LP: #1830941)
  * glibc 2.23-0ubuntu11 ADT test failure with linux 4.4.0-149.175
    (LP: #1830890)
    - x86/vdso: Pass --eh-frame-hdr to the linker

 -- Stefan Bader <email address hidden> Tue, 11 Jun 2019 11:10:53 +0200

Source diff to previous version
1831637 Remote denial of service (system crash) caused by integer overflow in TCP SACK handling
1831638 Remote denial of service (resource exhaustion) caused by TCP SACK scoreboard manipulation
1830890 glibc 2.23-0ubuntu11 ADT test failure with linux 4.4.0-149.175

Version: 4.4.0-1047.53 2019-06-04 13:07:07 UTC

  linux-kvm (4.4.0-1047.53) xenial; urgency=medium

  * linux-kvm: 4.4.0-1047.53 -proposed tracker (LP: #1829195)

  * Xenial update: 4.4.179 upstream stable release (LP: #1828420)
    - [Config]: add CONFIG_LDISC_AUTOLOAD=y
    - [Config]: remove CONFIG_R3964

  [ Ubuntu: 4.4.0-149.175 ]

  * linux: 4.4.0-149.175 -proposed tracker (LP: #1829209)
  * disable a.out support (LP: #1818552)
    - [Config] Disable a.out support
  * autopkgtests run too often, too much and don't skip enough (LP: #1823056)
    - [Debian] Set +x on rebuild testcase.
    - [Debian] Skip rebuild test, for regression-suite deps.
    - [Debian] Make ubuntu-regression-suite skippable on unbootable kernels.
    - [Debian] make rebuild use skippable error codes when skipping.
    - [Debian] Only run regression-suite, if requested to.
  * Xenial update: 4.4.179 upstream stable release (LP: #1828420)
    - arm64: debug: Don't propagate UNKNOWN FAR into si_code for debug signals
    - arm64: debug: Ensure debug handlers check triggering exception level
    - ext4: cleanup bh release code in ext4_ind_remove_space()
    - lib/int_sqrt: optimize initial value compute
    - tty/serial: atmel: Add is_half_duplex helper
    - mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified
    - i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA
    - Bluetooth: Fix decrementing reference count twice in releasing socket
    - tty/serial: atmel: RS485 HD w/DMA: enable RX after TX is stopped
    - CIFS: fix POSIX lock leak and invalid ptr deref
    - h8300: use cc-cross-prefix instead of hardcoding h8300-unknown-linux-
    - tracing: kdb: Fix ftdump to not sleep
    - gpio: gpio-omap: fix level interrupt idling
    - sysctl: handle overflow for file-max
    - enic: fix build warning without CONFIG_CPUMASK_OFFSTACK
    - mm/cma.c: cma_declare_contiguous: correct err handling
    - mm/page_ext.c: fix an imbalance with kmemleak
    - mm/vmalloc.c: fix kernel BUG at mm/vmalloc.c:512!
    - mm/slab.c: kmemleak no scan alien caches
    - ocfs2: fix a panic problem caused by o2cb_ctl
    - f2fs: do not use mutex lock in atomic context
    - fs/file.c: initialize init_files.resize_wait
    - cifs: use correct format characters
    - dm thin: add sanity checks to thin-pool and external snapshot creation
    - cifs: Fix NULL pointer dereference of devname
    - fs: fix guard_bio_eod to check for real EOD errors
    - tools lib traceevent: Fix buffer overflow in arg_eval
    - usb: chipidea: Grab the (legacy) USB PHY by phandle first
    - scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c
    - coresight: etm4x: Add support to enable ETMv4.2
    - ARM: 8840/1: use a raw_spinlock_t in unwind
    - mmc: omap: fix the maximum timeout setting
    - e1000e: Fix -Wformat-truncation warnings
    - IB/mlx4: Increase the timeout for CM cache
    - scsi: megaraid_sas: return error when create DMA pool failed
    - perf test: Fix failure of 'evsel-tp-sched' test on s390
    - SoC: imx-sgtl5000: add missing put_device()
    - media: sh_veu: Correct return type for mem2mem buffer helpers
    - media: s5p-jpeg: Correct return type for mem2mem buffer helpers
    - media: s5p-g2d: Correct return type for mem2mem buffer helpers
    - media: mx2_emmaprp: Correct return type for mem2mem buffer helpers
    - leds: lp55xx: fix null deref on firmware load failure
    - kprobes: Prohibit probing on bsearch()
    - ARM: 8833/1: Ensure that NEON code always compiles with Clang
    - ALSA: PCM: check if ops are defined before suspending PCM
    - bcache: fix input overflow to cache set sysfs file io_error_halflife
    - bcache: fix input overflow to sequential_cutoff
    - bcache: improve sysfs_strtoul_clamp()
    - fbdev: fbmem: fix memory access if logo is bigger than the screen
    - cdrom: Fix race condition in cdrom_sysctl_register
    - ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe
    - soc: qcom: gsbi: Fix error handling in gsbi_probe()
    - mt7601u: bump supported EEPROM version
    - ARM: avoid Cortex-A9 livelock on tight dmb loops
    - tty: increase the default flip buffer limit to 2*640K
    - media: mt9m111: set initial frame size other than 0x0
    - hwrng: virtio - Avoid repeated init of completion
    - soc/tegra: fuse: Fix illegal free of IO base address
    - hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable
    - dmaengine: imx-dma: fix warning comparison of distinct pointer types
    - netfilter: physdev: relax br_netfilter dependency
    - media: s5p-jpeg: Check for fmt_ver_flag when doing fmt enumeration
    - regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting
    - wlcore: Fix memory leak in case wl12xx_fetch_firmware failure
    - x86/build: Mark per-CPU symbols as absolute explicitly for LLD
    - dmaengine: tegra: avoid overflow of byte tracking
    - drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers
    - binfmt_elf: switch to new creds when switching to new mm
    - kbuild: clang: choose GCC_TOOLCHAIN_DIR not on LD
    - x86/build: Specify elf_i386 linker emulation explicitly for i386 objects
    - x86: vdso: Use $LD instead of $CC to link
    - x86/vdso: Drop implicit common-page-size linker flag
    - lib/string.c: implement a basic bcmp
    - tty: mark Siemens R3964 line discipline as BROKEN
    - [Config]: remove CONFIG_R3964
    - [Config]: add CONFIG_LDISC_AUTOLOAD=y
    - tty: ldisc: add sysctl to prevent autoloading of ldiscs
    - ipv6: Fix dangling pointer when ipv6 fragment
    - ipv6: sit: reset ip header pointer in ipip6_rcv
    - net: rds: force to destroy connection if t_sock is NULL in
      rds_tcp_kill_sock().
    - qmi_wwan: add Olicard 600
    - sctp: initialize _pad of sockaddr_in before copying to user memory
    - tcp: Ensure DCTCP reacts to losses
    - netns: provide pure entropy for net_hash_mix()
    - net: ethtool: not call vzalloc for zero sized memory request
    - ip6_tunnel: Match to ARPHRD_TUNNEL6

1828420 Xenial update: 4.4.179 upstream stable release
1818552 disable a.out support
1823056 autopkgtests run too often, too much and don't skip enough
1826212 Xenial update: 4.4.178 upstream stable release
1825780 Kprobe event string type argument failed in ftrace from ubuntu_kernel_selftests on B/C i386
1825777 False positive test result in run_netsocktests from net in ubuntu_kernel_selftest



About   -   Send Feedback to @ubuntu_updates