linux-lts-trusty (3.13.0-185.236~12.04.1) precise; urgency=medium
* precise/linux-lts-trusty: 3.13.0-185.236~12.04.1 -proposed tracker
(LP: #1919170)
* Packaging resync (LP: #1786013)
- [Packaging] update update.conf
[ Ubuntu: 3.13.0-185.236 ]
* trusty/linux: 3.13.0-185.236 -proposed tracker (LP: #1919171)
* CVE-2021-27365
- scsi: iscsi: Verify lengths on passthrough PDUs
- sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output
- scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE
* CVE-2021-27363 // CVE-2021-27364
- scsi: iscsi: Restrict sessions and handles to admin capabilities
* CVE-2021-27364
- scsi: iscsi: respond to netlink with unicast when appropriate
[ Ubuntu: 3.13.0-184.235 ]
* trusty/linux: 3.13.0-184.235 -proposed tracker (LP: #1914232)
* CVE-2020-28374
- SAUCE: target: cleanup some boolean tests
- target: simplify XCOPY wwn->se_dev lookup helper
- xcopy: loop over devices using idr helper
- scsi: target: Fix XCOPY NAA identifier lookup
* Update kernel packaging to support forward porting kernels (LP: #1902957)
- [Debian] Update for leader included in BACKPORT_SUFFIX
linux-lts-trusty (3.13.0-183.234~12.04.1) precise; urgency=medium
[ Ubuntu: 3.13.0-183.234 ]
* CVE-2020-8694
- powercap: make attributes only readable by root
linux-lts-trusty (3.13.0-182.233~12.04.1) precise; urgency=medium
* Packaging resync (LP: #1786013)
- [Packaging] update update.conf
[ Ubuntu: 3.13.0-182.233 ]
* Packaging resync (LP: #1786013)
- [Packaging] update helper scripts
* CVE-2020-16119
- SAUCE: dccp: avoid double free of ccid on child socket
linux-lts-trusty (3.13.0-181.232~12.04.1) precise; urgency=medium
* precise/linux-lts-trusty: 3.13.0-181.232~12.04.1 -proposed tracker
(LP: #1882771)
[ Ubuntu: 3.13.0-181.232 ]
* trusty/linux: 3.13.0-181.232 -proposed tracker (LP: #1882772)
* Packaging resync (LP: #1786013)
- [Packaging] update helper scripts
* CVE-2020-0543
- UBUNTU/SAUCE: x86/speculation/srbds: do not try to turn mitigation off
when
not supported
linux-lts-trusty (3.13.0-180.231~12.04.1) precise; urgency=medium
[ Ubuntu: 3.13.0-180.231 ]
* CVE-2020-0543
- SAUCE: x86/cpu: Add a steppings field to struct x86_cpu_id
- SAUCE: x86/cpu: Add 'table' argument to cpu_matches()
- SAUCE: x86/speculation: Add Special Register Buffer Data Sampling (SRBDS)
mitigation
- SAUCE: x86/speculation: Add SRBDS vulnerability and mitigation
documentation
- SAUCE: x86/speculation: Add Ivy Bridge to affected list
linux-lts-trusty (3.13.0-177.228~12.04.1) precise; urgency=medium
* precise/linux-lts-trusty: 3.13.0-177.228~12.04.1 -proposed tracker
(LP: #1878874)
[ Ubuntu: 3.13.0-177.228 ]
* trusty/linux: 3.13.0-177.228 -proposed tracker (LP: #1878875)
* Packaging resync (LP: #1786013)
- [Packaging] resync getabis
- [Packaging] update helper scripts
* CVE-2020-12114
- fs/namespace.c: fix mountpoint reference counter race
- propagate_one(): mnt_set_mountpoint() needs mount_lock
* CVE-2020-12654
- mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status()
linux-lts-trusty (3.13.0-176.227~12.04.1) precise; urgency=medium
* precise/linux-lts-trusty: 3.13.0-176.227~12.04.1 -proposed tracker
(LP: #1858624)
[ Ubuntu: 3.13.0-176.227 ]
* trusty/linux: 3.13.0-176.227 -proposed tracker (LP: #1858625)
* multi-zone raid0 corruption (LP: #1850540)
- md/raid0: avoid RAID0 data corruption due to layout confusion.
- md: add feature flag MD_FEATURE_RAID0_LAYOUT
- SAUCE: md/raid0: Link to wiki with guidance on multi-zone RAID0 layout
migration
- SAUCE: md/raid0: Use kernel specific layout
linux-lts-trusty (3.13.0-175.226~12.04.1) precise; urgency=medium
[ Ubuntu: 3.13.0-175.226 ]
* CVE-2019-11135
- KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES
- kvm: x86: IA32_ARCH_CAPABILITIES is always supported
- KVM: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts
- KVM: x86: use Intel speculation bugs and features as derived in generic
x86
code
- x86/msr: Add the IA32_TSX_CTRL MSR
- x86/cpu: Add a helper function x86_read_arch_cap_msr()
- x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
- x86/speculation/taa: Add mitigation for TSX Async Abort
- x86/speculation/taa: Add sysfs reporting for TSX Async Abort
- kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
- x86/tsx: Add "auto" option to the tsx= cmdline parameter
- x86/speculation/taa: Add documentation for TSX Async Abort
- x86/tsx: Add config options to set tsx=on|off|auto
- SAUCE: x86/speculation/taa: Call tsx_init()
- SAUCE: x86/cpu: Include cpu header from bugs.c
- [Config] Disable TSX by default when possible
* CVE-2018-3646
- KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry
* Kernel Oops - unable to handle kernel paging request; RIP is at
wait_migrate_huge_page+0x51/0x70 (LP: #1813018)
- mm: numa: do not dereference pmd outside of the lock during NUMA hinting
fault
* The 3.13 kernel for Precise ESM does not provide the expected version number
(LP: #1838610)
- [debian] Fix regression with ABI subversions and backport
- [Packaging] uploadnum should be the remainder of the version
linux-lts-trusty (3.13.0-174.225~12.04.1) precise; urgency=medium
* precise/linux-lts-trusty: 3.13.0-174.225~12.04.1 -proposed tracker
(LP: #1846248)
[ Ubuntu: 3.13.0-174.225 ]
* trusty/linux: 3.13.0-174.225 -proposed tracker (LP: #1846250)
* Packaging resync (LP: #1786013)
- [Packaging] resync git-ubuntu-log
- [Packaging] resync getabis
- [Packaging] update helper scripts
* fanotify06 in LTP syscall test failed with T kernel (LP: #1775378)
- fanotify: fix notification of groups with inode & mount marks
* ixgbe{vf} - Physical Function gets IRQ when VF checks link state
(LP: #1836760)
- ixgbevf: Use cached link state instead of re-reading the value for ethtool
linux-lts-trusty (3.13.0-173.224~12.04.1) precise; urgency=medium
[ Ubuntu: 3.13.0-173.224 ]
* CVE-2019-14835
- vhost: make sure log_num < in_num
linux-lts-trusty (3.13.0-172.223~12.04.1) precise; urgency=medium
* linux-lts-trusty: 3.13.0-172.223~12.04.1 -proposed tracker (LP: #1835189)
[ Ubuntu: 3.13.0-172.223 ]
* linux: 3.13.0-172.223 -proposed tracker (LP: #1835190)
* Switch getabis to the new format (LP: #1829882)
- [Packaging] Switch getabis to the new format
* CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130 // CVE-2019-11091 // MDS:
CPU buffers are not cleared on all paths from kernel to userspace (LP:
#1833047)
- x86/asm: Error out if asm/jump_label.h is included inappropriately
- SAUCE: [Fix] x86/speculation/mds: Clear CPU buffers on exit to user
* CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130 // CVE-2019-11091
- SAUCE: Synchronize MDS mitigations with upstream
- Documentation: Correct the possible MDS sysfs values
- x86/speculation/mds: Fix documentation typo
- SAUCE: [Fix] UBUNTU: SAUCE: sched/smt: Introduce
sched_smt_{active,present}
* CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130 // CVE-2019-11091 // MDS:
Incorrect warning when booting with 'nosmt' (LP: #1830018)
- SAUCE: [Fix] x86/speculation/mds: Add SMT warning message
* CVE-2017-5715 // CVE-2018-3639
- x86/cpu: Re-apply forced caps every time CPU caps are re-read
- x86/speculataion: Mark command line parser data __initdata
- x86/cpu/bugs: Use __initconst for 'const' init data
* CVE-2017-5715 // CVE-2018-3615 // CVE-2018-3620 // CVE-2018-3639 //
CVE-2018-3646
- x86/speculation: Mark string arrays const correctly
* CVE-2018-3639
- x86/speculation: Rename SSBD update functions
* CVE-2017-5715
- x86/speculation: Clean up various Spectre related details
- SAUCE: x86/cpufeatures: Reorder feature bits
- SAUCE: x86/speculation, objtool: Remove unused macro
ANNOTATE_NOSPEC_ALTERNATIVE
- SAUCE: Move vmexit_fill_RSB()
- x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC
variant
- SAUCE: Rename restricted_branch_speculation_{start,end}
- SAUCE: Allow STIBP in MSR_SPEC_CTRL if supported
- x86/speculation: Clean up spectre_v2_parse_cmdline()
* CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
- x86/speculation: Remove redundant arch_smt_update() invocation
* CVE-2017-5754
- SAUCE: Show 'pti' in /proc/cpuinfo
* Guests using IBRS incur a large performance penalty (LP: #1764956) //
CVE-2017-5715
- SAUCE: Restore the IBRS host state on VMEXIT
* CVE-2019-11091
- x86/mds: Add MDSUM variant to the MDS documentation
* CVE-2018-3620 // CVE-2018-3646
- x86/speculation/l1tf: Suggest what to do on systems with too much RAM
* CVE-2019-11478
- tcp: refine memory limit test in tcp_fragment()
* Intel I210 Ethernet card not working after hotplug [8086:1533]
(LP: #1818490)
- igb: Fix WARN_ONCE on runtime suspend
* systemd cause kernel trace "BUG: unable to handle kernel paging request at
6db23a14" on Cosmic i386 (LP: #1813244)
- openvswitch: fix flow actions reallocation
linux-lts-trusty (3.13.0-171.222~12.04.1) precise; urgency=medium
* Switch getabis to the new format (LP: #1829882)
- [Packaging] Switch getabis to the new format
[ Ubuntu: 3.13.0-171.222 ]
* Remote denial of service (system crash) caused by integer overflow in TCP
SACK handling (LP: #1831637)
- SAUCE: tcp: limit payload size of sacked skbs
- SAUCE: tcp: fix fack_count accounting on tcp_shift_skb_data()
* Remote denial of service (resource exhaustion) caused by TCP SACK scoreboard
manipulation (LP: #1831638)
- SAUCE: tcp: tcp_fragment() should apply sane memory limits
linux-lts-trusty (3.13.0-170.220~12.04.2) precise; urgency=medium
* Packaging resync (LP: #1786013)
- [Packaging] update update.conf
[ Ubuntu: 3.13.0-170.220 ]
* Packaging resync (LP: #1786013)
- [Packaging] resync git-ubuntu-log
* CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
- KVM: x86: pass host_initiated to functions that read MSRs
- KVM: x86: remove data variable from kvm_get_msr_common
- x86/cpufeature: Move some of the scattered feature bits to x86_capability
- x86/cpufeature: Cleanup get_cpu_cap()
- x86/cpufeature: Use enum cpuid_leafs instead of magic numbers
- KVM: x86: remove magic number with enum cpuid_leafs
- SAUCE: KVM/VMX: Move spec_ctrl from kvm_vcpu_arch to vcpu_vmx
- KVM: VMX: fixes for vmentry_l1d_flush module parameter
- perf/x86/intel: Use Intel family macros for core perf events
- SAUCE: perf/x86/uncore: Use Intel Model name macros
- x86/speculation: Simplify the CPU bug detection logic
- x86/cpu: Sanitize FAM6_ATOM naming
- kvm: x86: Report STIBP on GET_SUPPORTED_CPUID
- bitops: avoid integer overflow in GENMASK(_ULL)
- locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a
new <linux/bits.h> file
- tools include: Adopt linux/bits.h
- x86/msr-index: Cleanup bit defines
- x86/speculation: Consolidate CPU whitelists
- x86/speculation/mds: Add basic bug infrastructure for MDS
- x86/speculation/mds: Add BUG_MSBDS_ONLY
- x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests
- x86/speculation/mds: Add mds_clear_cpu_buffers()
- locking/static_keys: Provide DECLARE and well as DEFINE macros
- include/linux/jump_label.h: expose the reference count
- jump_label: Allow asm/jump_label.h to be included in assembly
- jump_label: Allow jump labels to be used in assembly
- x86/headers: Don't include asm/processor.h in asm/atomic.h
- SAUCE: locking/static_key: Mimick the new static key API
- x86/speculation/mds: Clear CPU buffers on exit to user
- x86/kvm/vmx: Add MDS protection when L1D Flush is not active
- x86/speculation/mds: Conditionally clear CPU buffers on idle entry
- SAUCE: sched: Expose cpu_smt_mask()
- SAUCE: jump_label: Introduce static_branch_{inc,dec}
- SAUCE: sched/smt: Introduce sched_smt_{active,present}
- SAUCE: Rename the Ubuntu-only spec_ctrl_mutex mutex
- SAUCE: x86/speculation: Introduce arch_smt_update()
- x86/speculation: Rework SMT state change
- x86/speculation: Reorder the spec_v2 code
- x86/speculation: Unify conditional spectre v2 print functions
- x86/speculation/mds: Add mitigation control for MDS
- x86/speculation/mds: Add sysfs reporting for MDS
- x86/speculation/mds: Add mitigation mode VMWERV
- Documentation: Move L1TF to separate directory
- Documentation: Add MDS vulnerability documentation
- x86/speculation/mds: Add mds=full,nosmt cmdline option
- x86/speculation: Move arch_smt_update() call to after mitigation decisions
- x86/speculation/mds: Add SMT warning message
- x86/speculation/mds: Fix comment
- x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
- x86/speculation/mds: Add 'mitigations=' support for MDS
* CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754 // CVE-2018-3639
- powerpc/speculation: Support 'mitigations=' cmdline option
* CVE-2017-5715 // CVE-2017-5754 // CVE-2018-3620 // CVE-2018-3639 //
CVE-2018-3646
- cpu/speculation: Add 'mitigations=' cmdline option
- x86/speculation: Support 'mitigations=' cmdline option
* CVE-2017-5715
- SAUCE: Fix 'check_fpu defined but not used' compiler warning on x86_64
- SAUCE: x86/speculation: Cleanup IBRS and IBPB runtime control handling
(v2)
- SAUCE: KVM/x86: Expose IBRS to guests
- SAUCE: x86/speculation: Use x86_spec_ctrl_base in entry/exit code
* CVE-2017-5715 // CVE-2018-3639
- SAUCE: KVM/x86: Use host_initiated when accessing MSRs
[ Ubuntu: 3.13.0-169.219 ]
* linux: 3.13.0-169.219 -proposed tracker (LP: #1822883)
* Packaging resync (LP: #1786013)
- [Packaging] update helper scripts
- [Packaging] resync retpoline extraction
linux-lts-trusty (3.13.0-168.218~precise1) precise; urgency=medium
* linux-lts-trusty: 3.13.0-168.218~precise1 -proposed tracker (LP: #1819662)
* Packaging resync (LP: #1786013)
- [Packaging] update update.conf
* Strip specific changes from update-from-*master (LP: #1817734)
- Packaging: Introduce copy-files and local-mangle
- Packaging: Make update-from-*master call copy-files
[ Ubuntu: 3.13.0-168.218 ]
* linux: 3.13.0-168.218 -proposed tracker (LP: #1819663)
* CVE-2019-9213
- mm: enforce min addr even if capable() in expand_downwards()
* CVE-2019-3460
- Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt
* CVE-2017-1000410
- Bluetooth: Prevent stack info leak from the EFS element.
* ixgbe: Kernel Oops when attempting to disable spoofchk in a non-existing VF
(LP: #1815501)
- ixgbe: check for vfs outside of sriov_num_vfs before dereference
* CVE-2018-19824
- ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in
card.c
* CVE-2019-3459
- Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer
* CVE-2019-7222
- KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222)
* CVE-2019-6974
- kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974)
* CVE-2017-18360
- USB: serial: io_ti: fix div-by-zero in set_termios
[ Ubuntu: 3.13.0-167.217 ]
* linux: 3.13.0-167.217 -proposed tracker (LP: #1819917)
* Packaging resync (LP: #1786013)
- [Packaging] resync getabis
- [Packaging] update helper scripts
- [Packaging] resync retpoline extraction
* linux-cloud-tools-common 3.13.0-166.216 in Trusty is missing contents of
/usr/sbin (LP: #1819869)
- Revert "UBUNTU: [Packaging] skip cloud tools packaging when not building
package"
linux-lts-trusty (3.13.0-166.216~precise1) precise; urgency=medium
* linux-lts-trusty: 3.13.0-166.216~precise1 -proposed tracker (LP: #1814646)
* linux-buildinfo: pull out ABI information into its own package
(LP: #1806380)
- [Config] resync flavour-control.stub
- [Config] hooks.mk -- add basic LTS hook configuration
* signing: only install a signed kernel (LP: #1764794)
- [debian] fix check for the reconstruct file
* Packaging resync (LP: #1786013)
- [Packaging] update helper scripts
[ Ubuntu: 3.13.0-166.216 ]
* linux: 3.13.0-166.216 -proposed tracker (LP: #1814645)
* linux-buildinfo: pull out ABI information into its own package
(LP: #1806380)
- [Packaging] limit preparation to linux-libc-dev in headers
- [Packaging] commonise debhelper invocation
- [Packaging] ABI -- accumulate abi information at the end of the build
- [Packaging] buildinfo -- add basic build information
- [Packaging] buildinfo -- add firmware information to the flavour ABI
- [Packaging] buildinfo -- add compiler information to the flavour ABI
- [Packaging] buildinfo -- add buildinfo support to getabis
- [Config] buildinfo -- add retpoline version markers
- [Packaging] getabis -- handle all known package combinations
- [Packaging] getabis -- support parsing a simple version
- [Packaging] autoreconstruct -- base tag is always primary mainline version
* signing: only install a signed kernel (LP: #1764794)
- [Debian] usbip tools packaging
- [Debian] Don't fail if a symlink already exists
- [Debian] perf -- build in the context of the full generated local headers
- [Debian] basic hook support
- [Debian] follow rename of DEB_BUILD_PROFILES
- [Debian] standardise on stage1 for the bootstrap stage in line with debian
- [Debian] set do_*_tools after stage1 or bootstrap is determined
- [Debian] initscripts need installing when making the package
- [Packaging] reconstruct -- automatically reconstruct against base tag
- [Debian] add feature interlock with mainline builds
- [Debian] Remove generated intermediate files on clean
- [Packaging] prevent linux-*-tools-common from being produced from non
linux
packages
- SAUCE: ubuntu: vbox -- elide the new symlinks and reconstruct on clean:
- [Debian] Update to new signing key type and location
- [Packaging] autoreconstruct -- generate extend-diff-ignore for links
- [Packaging] reconstruct -- update when inserting final changes
- [Packaging] update to Debian like control scripts
- [Packaging] switch to triggers for postinst.d postrm.d handling
- [Packaging] signing -- switch to raw-signing tarballs
- [Packaging] signing -- switch to linux-image as signed when available
- [Packaging] printenv -- add signing options
- [Packaging] fix invocation of header postinst hooks
- [Packaging] signing -- add support for signing Opal kernel binaries
- [Debian] Use src_pkg_name when constructing udeb control files
- [Debian] Dynamically determine linux udebs package name
- [Packaging] handle both linux-lts* and linux-hwe* as backports
- [Config] linux-source-* is in the primary linux namespace
- [Packaging] lookup the upstream tag
- [Packaging] switch up to debhelper 9
- [Packaging] autopkgtest -- disable d-i when dropping flavours
- [debian] support for ship_extras_package=false
- [Debian] do_common_tools should always be on
- [debian] do not force do_tools_common
- [Packaging] skip cloud tools packaging when not building package
- [debian] prep linux-libc-dev only if do_libc_dev_package=true
* Packaging resync (LP: #1786013)
- [Packaging] update helper scripts
* kernel oops in bcache module (LP: #1793901)
- SAUCE: bcache: never writeback a discard operation
* iptables connlimit allows more connections than the limit when using
multiple CPUs (LP: #1811094)
- netfilter: connlimit: improve packet-to-closed-connection logic
- netfilter: nf_conncount: fix garbage collection confirm race
- netfilter: nf_conncount: don't skip eviction when age is negative
* CVE-2019-6133
- fork: record start_time late
* test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS
(LP: #1813001)
- procfs: make /proc/*/{stack, syscall, personality} 0400
linux-lts-trusty (3.13.0-165.215~precise1) precise; urgency=medium
* linux-lts-trusty: 3.13.0-165.215~precise1 -proposed tracker (LP: #1811857)
* Packaging resync (LP: #1786013)
- [Packaging] update helper scripts
[ Ubuntu: 3.13.0-165.215 ]
* linux: 3.13.0-165.215 -proposed tracker (LP: #1811856)
* CVE-2018-17972
- proc: restrict kernel stack dumps to root
* CVE-2018-18281
- mremap: properly flush TLB before releasing the page
* 29d6d30f5c8aa58b04f40a58442df3bcaae5a1d5 in btrfs_kernel_fixes failed on T
(LP: #1809868)
- Btrfs: send, don't send rmdir for same target multiple times
* CVE-2018-9568
- net: Set sk_prot_creator when cloning sockets to the right proto
* CVE-2018-1066
- cifs: empty TargetInfo leads to crash on recovery
linux-lts-trusty (3.13.0-164.214~precise1) precise; urgency=medium
* linux-lts-trusty: 3.13.0-164.214~precise1 -proposed tracker (LP: #1806429)
* Packaging resync (LP: #1786013)
- [Packaging] update helper scripts
- [Packaging] update update.conf
[ Ubuntu: 3.13.0-164.214 ]
* linux: 3.13.0-164.214 -proposed tracker (LP: #1806428)
* CVE-2018-12896
- posix-timers: Sanitize overrun handling
* CVE-2018-16276
- USB: yurex: fix out-of-bounds uaccess in read handler
* CVE-2018-10902
- ALSA: rawmidi: Change resized buffers atomically
* CVE-2018-18386
- n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD)
* CVE-2017-5753
- x86/spectre_v1: Disable compiler optimizations over
array_index_mask_nospec()
- x86/speculation: Fix up array_index_nospec_mask() asm constraint
- ALSA: opl3: Hardening for potential Spectre v1
- ALSA: asihpi: Hardening for potential Spectre v1
- ALSA: hdspm: Hardening for potential Spectre v1
- ALSA: rme9652: Hardening for potential Spectre v1
- ALSA: control: Hardening for potential Spectre v1
- ALSA: seq: oss: Hardening for potential Spectre v1
- ALSA: hda: Hardening for potential Spectre v1
- net: atm: Fix potential Spectre v1
- atm: zatm: Fix potential Spectre v1
- perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_*
- perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map()
- kernel/sys.c: fix potential Spectre v1 issue
- HID: hiddev: fix potential Spectre v1
- atm: zatm: Fix potential Spectre v1
- net: cxgb3_main: fix potential Spectre v1
- netlink: Fix spectre v1 gadget in netlink_create()
- net: socket: fix potential spectre v1 gadget in socketcall
- libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store()
- ext4: fix spectre gadget in ext4_mb_regular_allocator()
- fs/quota: Fix spectre gadget in do_quotactl
- misc: hmc6352: fix potential Spectre v1
- tty: vt_ioctl: fix potential Spectre v1
* CVE-2018-18710
- cdrom: fix improper type cast, which can leat to information leak.
* CVE-2018-18690
- xfs: don't fail when converting shortform attr to long form during
ATTR_REPLACE
* CVE-2018-14734
- infiniband: fix a possible use-after-free bug
* CVE-2017-2647 // CVE-2017-2647 / CVE-2017-6951
- keys: Guard against null match function in keyring_search_aux()
linux-lts-trusty (3.13.0-163.213~precise1) precise; urgency=medium
* linux-lts-trusty: 3.13.0-163.213~precise1 -proposed tracker (LP: #1802772)
* linux: 3.13.0-163.213 -proposed tracker (LP: #1802769)
* Bypass of mount visibility through userns + mount propagation (LP: #1789161)
- mount: Retest MNT_LOCKED in do_umount
- mount: Don't allow copying MNT_UNBINDABLE|MNT_LOCKED mounts
* dev test in ubuntu_stress_smoke_test cause kernel oops on T-3.13
(LP: #1797546)
- drm: fix NULL pointer access by wrong ioctl
* Packaging resync (LP: #1786013)
- [Package] add support for specifying the primary makefile
linux (3.13.0-162.212) trusty; urgency=medium
* linux: 3.13.0-162.212 -proposed tracker (LP: #1799399)
* packet socket panic in Trusty 3.13.0-157 and later (LP: #1800254)
- SAUCE: (no-up) net/packet: fix erroneous dev_add_pack usage in fanout
* Cleanup Meltdown/Spectre implementation (LP: #1779848)
- x86/Documentation: Add PTI description
- Revert "x86/cpu/AMD: Make the LFENCE instruction serialized"
- x86/cpu/AMD: Make LFENCE a serializing instruction
- x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC
- x86/pti: Document fix wrong index
- x86/nospec: Fix header guards names
- x86/bugs: Drop one "mitigation" from dmesg
- x86/spectre: Check CONFIG_RETPOLINE in command line parser
- x86/spectre: Simplify spectre_v2 command line parsing
- x86/spectre: Fix an error message
- SAUCE: x86/cpufeatures: Reorder spectre-related feature bits
- x86/cpufeatures: Add AMD feature bits for Speculation Control
- SAUCE: x86/msr: Fix formatting of msr-index.h
- SAUCE: x86/msr: Rename MSR spec control feature bits
- x86/pti: Mark constant arrays as __initconst
- x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier)
support
- x86/cpufeatures: Clean up Spectre v2 related CPUID flags
- x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
- SAUCE: x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP
- SAUCE: x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS
- x86/speculation: Use IBRS if available before calling into firmware
- x86/speculation: Move firmware_restrict_branch_speculation_*() from C to
CPP
- SAUCE: x86/bugs: Fix re-use of SPEC_CTRL MSR boot value
- SAUCE: Move SSBD feature detection to common code
- SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code
- SAUCE: x86/speculation: Query individual feature flags when reloading
microcode
- xen: Add xen_arch_suspend()
- x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend
- SAUCE: x86/pti: Evaluate X86_BUG_CPU_MELTDOWN when pti=auto
- SAUCE: x86/speculation: Make use of indirect_branch_prediction_barrier()
- SAUCE: x86/speculation: Cleanup IBPB runtime control handling
- SAUCE: x86/speculation: Cleanup IBRS runtime control handling
* CVE-2016-9588
- kvm: nVMX: Allow L1 to intercept software exceptions (#BP and #OF)
* CVE-2017-16649
- net: cdc_ether: fix divide by 0 on bad descriptors
* CVE-2018-9363
- Bluetooth: hidp: buffer overflow in hidp_process_report
* CVE-2017-13168
- scsi: sg: mitigate read/write abuse
* xattr length returned by vfs_getxattr() is not correct in Trusty kernel
(LP: #1798013)
- getxattr: use correct xattr length
* CVE-2018-16658
- cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status
linux (3.13.0-161.211) trusty; urgency=medium
* linux: 3.13.0-161.211 -proposed tracker (LP: #1795595)
* CVE-2017-0794
- scsi: sg: protect accesses to 'reserved' page array
- scsi: sg: reset 'res_in_use' after unlinking reserved array
- scsi: sg: recheck MMAP_IO request length with lock held
* CVE-2017-15299
- KEYS: don't let add_key() update an uninstantiated key
* CVE-2015-8539
- KEYS: Fix handling of stored error in a negatively instantiated user key
* CVE-2018-7566
- ALSA: seq: Fix racy pool initializations
- ALSA: seq: More protection for concurrent write and ioctl races
* CVE-2018-1000004. // CVE-2018-7566
- ALSA: seq: Don't allow resizing pool in use
* CVE-2018-1000004
- ALSA: seq: Make ioctls race-free
* CVE-2017-18216
- ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent
* CVE-2016-7913
- tuner-xc2028: Don't try to sleep twice
- xc2028: avoid use after free
- xc2028: unlock on error in xc2028_set_config()
- xc2028: Fix use-after-free bug properly
* The VM hang happens because of pending interrupts not reinjected when
migrating the VM several times (LP: #1791286)
- KVM: ioapic: merge ioapic_deliver into ioapic_service
- KVM: ioapic: clear IRR for edge-triggered interrupts at delivery
- KVM: ioapic: extract body of kvm_ioapic_set_irq
- KVM: ioapic: reinject pending interrupts on KVM_SET_IRQCHIP
* CVE-2018-5390
- SAUCE: tcp: Correct the backport of the CVE-2018-5390 fix
* CVE-2018-9518
- NFC: llcp: Limit size of SDP URI
* Improvements to the kernel source package preparation (LP: #1793461)
- [Packaging] startnewrelease: add support for backport kernels
linux (3.13.0-160.210) trusty; urgency=medium
* CVE-2018-14633
- iscsi target: Use hex2bin instead of a re-implementation
* CVE-2018-14634
- exec: Limit arg stack to at most 75% of _STK_LIM
linux (3.13.0-159.209) trusty; urgency=medium
* linux: 3.13.0-159.209 -proposed tracker (LP: #1791754)
* L1TF mitigation not effective in some CPU and RAM combinations
(LP: #1788563) // CVE-2018-3620 // CVE-2018-3646
- x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
- x86/speculation/l1tf: Fix off-by-one error when warning that system has
too
much RAM
- x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+
* CVE-2018-15594
- x86/paravirt: Fix spectre-v2 mitigations for paravirt guests
* i40e NIC not recognized (LP: #1789215)
- SAUCE: i40e_bpo: Import the i40e driver from Xenial 4.4
- SAUCE: i40e_bpo: Add a compatibility layer
- SAUCE: i40e_bpo: Don't probe for NICs supported by the in-tree driver
- SAUCE: i40e_bpo: Rename the driver to i40e_bpo
- SAUCE: i40e_bpo: Hook the driver into the kernel tree
- [Config] Add CONFIG_I40E_BPO=m
* Probable regression with EXT3 file systems and CVE-2018-1093 patches
(LP: #1789131)
- ext4: fix bitmap position validation
* CVE-2018-3620 // CVE-2018-3646
- mm: x86 pgtable: drop unneeded preprocessor ifdef
- x86/asm: Move PUD_PAGE macros to page_types.h
- x86/asm: Add pud/pmd mask interfaces to handle large PAT bit
- x86/asm: Fix pud/pmd interfaces to handle large PAT bit
- x86/mm: Fix regression with huge pages on PAE
- SAUCE: x86/speculation/l1tf: Protect NUMA hinting PTEs against speculation
- Revert "UBUNTU: [Config] disable NUMA_BALANCING"
* CVE-2018-15572
- x86/retpoline: Fill RSB on context switch for affected CPUs
- x86/speculation: Protect against userspace-userspace spectreRSB
* CVE-2018-6555
- SAUCE: irda: Only insert new objects into the global database via
setsockopt
* CVE-2018-6554
- SAUCE: irda: Fix memory leak caused by repeated binds of irda socket
* BUG: soft lockup - CPU#0 stuck for 23s! [kworker/0:1:1119] (LP: #1788817)
- drm/ast: Fixed system hanged if disable P2A
* errors when scanning partition table of corrupted AIX disk (LP: #1787281)
- partitions/aix: fix usage of uninitialized lv_info and lvname structures
- partitions/aix: append null character to print data from disk
linux (3.13.0-158.208) trusty; urgency=medium
* linux: 3.13.0-158.208 -proposed tracker (LP: #1788764)
* CVE-2018-3620 // CVE-2018-3646
- SAUCE: x86/fremap: Invert the offset when converting to/from a PTE
* BUG: scheduling while atomic (Kernel : Ubuntu-3.13 + VMware: 6.0 and late)
(LP: #1780470)
- VSOCK: sock_put wasn't safe to call in interrupt context
- VSOCK: Fix lockdep issue.
- VSOCK: Detach QP check should filter out non matching QPs.
* CacheFiles: Error: Overlong wait for old active object to go away.
(LP: #1776254)
- cachefiles: Fix missing clear of the CACHEFILES_OBJECT_ACTIVE flag
- cachefiles: Wait rather than BUG'ing on "Unexpected object collision"
* fscache cookie refcount updated incorrectly during fscache object allocation
(LP: #1776277)
- fscache: Fix reference overput in fscache_attach_object() error handling
* FS-Cache: Assertion failed: FS-Cache: 6 == 5 is false (LP: #1774336)
- Revert "UBUNTU: SAUCE: CacheFiles: fix a read_waiter/read_copier race"
- fscache: Allow cancelled operations to be enqueued
- cachefiles: Fix refcounting bug in backing-file read monitoring
linux (3.13.0-157.207) trusty; urgency=medium
* linux: 3.13.0-157.207 -proposed tracker (LP: #1787982)
* CVE-2017-5715 (Spectre v2 retpoline)
- SAUCE: Fix "x86/retpoline/entry: Convert entry assembler indirect jumps"
* CVE-2017-2583
- KVM: x86: fix emulation of "MOV SS, null selector"
* CVE-2017-7518
- KVM: x86: fix singlestepping over syscall
* CVE-2017-18270
- KEYS: prevent creating a different user's keyrings
* Update to upstream's implementation of Spectre v1 mitigation (LP: #1774181)
- Documentation: Document array_index_nospec
- array_index_nospec: Sanitize speculative array de-references
- x86: Implement array_index_mask_nospec
- x86: Introduce barrier_nospec
- x86/get_user: Use pointer masking to limit speculation
- x86/syscall: Sanitize syscall table de-references under speculation
- vfs, fdtable: Prevent bounds-check bypass via speculative execution
- nl80211: Sanitize array index in parse_txq_params
- x86/spectre: Report get_user mitigation for spectre_v1
- x86/kvm: Update spectre-v1 mitigation
- nospec: Allow index argument to have const-qualified type
- nospec: Move array_index_nospec() parameter checking into separate macro
- nospec: Kill array_index_nospec_mask_check()
- SAUCE: Replace osb() calls with array_index_nospec()
- SAUCE: Rename osb() to barrier_nospec()
- SAUCE: x86: Use barrier_nospec in arch/x86/um/asm/barrier.h
* Prevent speculation on user controlled pointer (LP: #1775137)
- x86: reorganize SMAP handling in user space accesses
- x86: fix SMAP in 32-bit environments
- x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
- x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
- x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
* CVE-2016-10208
- ext4: validate s_first_meta_bg at mount time
- ext4: fix fencepost in s_first_meta_bg validation
* CVE-2018-10323
- xfs: set format back to extents if xfs_bmap_extents_to_btree
* CVE-2017-16911
- usbip: prevent vhci_hcd driver from leaking a socket pointer address
* CVE-2018-13406
- video: uvesafb: Fix integer overflow in allocation
* CVE-2018-10877
- ext4: verify the depth of extent tree in ext4_find_extent()
* CVE-2018-10881
- ext4: clear i_data in ext4_inode_info when removing inline data
* CVE-2018-1092
- ext4: fail ext4_iget for root directory if unallocated
* CVE-2018-1093
- ext4: fix block bitmap validation when bigalloc, ^flex_bg
- ext4: add validity checks for bitmap block numbers
* CVE-2018-12233
- jfs: Fix inconsistency between memory allocation and ea_buf->max_size
* CVE-2017-16912
- usbip: fix stub_rx: get_pipe() to validate endpoint number
* CVE-2018-10675
- mm/mempolicy: fix use after free when calling get_mempolicy
* CVE-2017-8831
- saa7164: fix sparse warnings
- saa7164: fix double fetch PCIe access condition
* CVE-2017-16533
- HID: usbhid: fix out-of-bounds bug
* CVE-2017-16538
- media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner
- media: dvb-usb-v2: lmedm04: Improve logic checking of warm start
* CVE-2017-16644
- hdpvr: Remove deprecated create_singlethread_workqueue
- media: hdpvr: Fix an error handling path in hdpvr_probe()
* CVE-2017-16645
- Input: ims-psu - check if CDC union descriptor is sane
* CVE-2017-5549
- USB: serial: kl5kusb105: fix line-state error handling
* CVE-2017-16532
- usb: usbtest: fix NULL pointer dereference
* CVE-2017-16537
- media: imon: Fix null-ptr-deref in imon_probe
* CVE-2017-11472
- ACPICA: Add additional debug info/statements
- ACPICA: Namespace: fix operand cache leak
* CVE-2017-16643
- Input: gtco - fix potential out-of-bound access
* CVE-2017-16531
- USB: fix out-of-bounds in usb_set_configuration
* CVE-2018-10124
- kernel/signal.c: avoid undefined behaviour in kill_something_info
* CVE-2017-6348
- irda: Fix lockdep annotations in hashbin_delete().
* CVE-2017-17558
- USB: core: prevent malicious bNumInterfaces overflow
* CVE-2017-5897
- ip6_gre: fix ip6gre_err() invalid reads
* CVE-2017-6345
- SAUCE: import sock_efree()
- net/llc: avoid BUG_ON() in skb_orphan()
* CVE-2017-7645
- nfsd: check for oversized NFSv2/v3 arguments
* CVE-2017-9984
- ALSA: msnd: Optimize / harden DSP and MIDI loops
* CVE-2018-1000204
- scsi: sg: allocate with __GFP_ZERO in sg_build_indirect()
* CVE-2018-10021
- scsi: libsas: defer ata device eh commands to libata
* CVE-2017-16914
- usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer
* CVE-2017-16913
- usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input
* CVE-2017-16535
- USB: core: fix out-of-bounds access bug in usb_get_bos_descriptor()
* CVE-2017-16536
- cx231xx-cards: fix NULL-deref on missing association descriptor
* CVE-2017-16650
- net: qmi_wwan: fix divide by 0 on bad descriptors
* CVE-2017-18255
- perf/core: Fix the perf_cpu_time_max_percent check
* CVE-2018-10940
- cdrom: information leak in cdrom_ioctl_media_changed()
* CVE-2018-13094
- xfs: don't call xfs_da_shrink_inode with NULL bp
* other users' coredumps can be read via setgid directory and killpriv bypass
(LP: #1779923) // CVE-2018-13405
- Fix up non-directory creation in SGID directories
* CVE-2017-16529
- ALSA: usb-audio: Check out-of-bounds access by corrupted buffer descriptor
* CVE-2017-2671
- ping: implement proper locking
* CVE-2017-15649
- packet: hold bind lock when rebinding to fanout hook
- packet: in packet_do_bind, test fanout with bind_lock held
* CVE-2017-16527
- ALSA: usb-audio: Kill stray URB at exiting
* CVE-2017-16526
- uwb: properly check kthread_run return value
* CVE-2017-11473
- x86/acpi: Prevent out of bound access caused by broken ACPI tables
* CVE-2017-14991
- scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE
* CVE-2017-2584
- KVM: x86: Introduce segmented_write_std
* CVE-2018-10087
- kernel/exit.c: avoid undefined behaviour when calling wait4()
* fscache: Fix hanging wait on page discarded by writeback (LP: #1777029)
- fscache: Fix hanging wait on page discarded by writeback
linux (3.13.0-156.206) trusty; urgency=medium
* linux: 3.13.0-156.206 -proposed tracker (LP: #1787187)
* java Corrupted page table (LP: #1787127)
- [Config] disable NUMA_BALANCING
* java Corrupted page table (LP: #1787127) // CVE-2018-3620 // CVE-2018-3646
- x86/mm: Simplify p[g4um]d_page() macros
* 3.13.0-155.205 Kernel Panic - divide by zero (LP: #1787258)
- x86/topology: Handle CPUID bogosity gracefully
linux (3.13.0-155.205) trusty; urgency=medium
* CVE-2017-18344
- posix-timer: Properly check sigevent->sigev_notify
* CVE-2018-5390
- tcp: avoid collapses in tcp_prune_queue() if possible
- tcp: detect malicious patterns in tcp_collapse_ofo_queue()
* CVE-2018-5391
- Revert "net: increase fragment memory usage limits"
* CVE-2018-3620 // CVE-2018-3646
- SAUCE: x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
- x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT
- x86/speculation/l1tf: Change order of offset/type in swap entry
- x86/speculation/l1tf: Protect swap entries against L1TF
- x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation
- x86/speculation/l1tf: Make sure the first page is always reserved
- x86/speculation/l1tf: Add sysfs reporting for l1tf
- x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings
- x86/speculation/l1tf: Limit swap file size to MAX_PA/2
- x86/topology: Create logical package id
- x86/topology: Fix logical package mapping
- x86/topology: Fix Intel HT disable
- x86/topology: Use total_cpus not nr_cpu_ids for logical packages
- x86/topology: Fix AMD core count
- x86/smp: Provide topology_is_primary_thread()
- x86/topology: Provide topology_smt_supported()
- cpu/hotplug: Split do_cpu_down()
- x86/topology: Add topology_max_smt_threads()
- cpu/hotplug: Provide knobs to control SMT
- [Config] updateconfigs - enable CONFIG_HOTPLUG_SMT
- x86/CPU: Modify detect_extended_topology() to return result
- x86/CPU/AMD: Derive CPU topology from CPUID function 0xB when available
- x86/cpu: Remove the pointless CPU printout
- x86/cpu/AMD: Remove the pointless detect_ht() call
- x86/cpu/common: Provide detect_ht_early()
- x86/cpu/topology: Provide detect_extended_topology_early()
- x86/cpu/intel: Evaluate smp_num_siblings early
- x86/cpu/AMD: Evaluate smp_num_siblings early
- x86/apic: Ignore secondary threads if nosmt=force
- x86/speculation/l1tf: Extend 64bit swap file size limit
- x86/cpufeatures: Add detection of L1D cache flush support.
- x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings
- x86/speculation/l1tf: Protect PAE swap entries against L1TF
- x86/speculation/l1tf: Fix up pte->pfn conversion for PAE
- Revert "x86/apic: Ignore secondary threads if nosmt=force"
- cpu/hotplug: Boot HT siblings at least once
- SAUCE: Alternative approach to boot nosmt
- SAUCE: x86/mce: Try register mce notifier earlier
- KVM: x86: Introducing kvm_x86_ops VM init/destroy hooks
- x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present.
- x86/KVM/VMX: Add module argument for L1TF mitigation
- x86/KVM/VMX: Add L1D flush algorithm
- x86/KVM/VMX: Add L1D MSR based flush
- KVM: add kvm_arch_sched_in
- x86/KVM/VMX: Add L1D flush logic
- x86/KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest
numbers
- x86/KVM/VMX: Add find_msr() helper function
- x86/KVM/VMX: Seperate the VMX AUTOLOAD guest/host number accounting
- x86/KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs
- x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required
- cpu/hotplug: Online siblings when SMT control is turned on
- x86/litf: Introduce vmx status variable
- x86/kvm: Drop L1TF MSR list approach
- x86/l1tf: Handle EPT disabled state proper
- x86/kvm: Move l1tf setup function
- x86/kvm: Add static key for flush always
- x86/kvm: Serialize L1D flush parameter setter
- x86/kvm: Allow runtime control of L1D flush
- cpu/hotplug: Expose SMT control init function
- cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early
- x86/bugs, kvm: Introduce boot-time control of L1TF mitigations
- Documentation: Add section about CPU vulnerabilities
- x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED
architectures
- x86/KVM/VMX: Initialize the vmx_l1d_flush_pages' content
- Documentation/l1tf: Fix typos
- cpu/hotplug: detect SMT disabled by BIOS
- x86/KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush()
- x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond'
- x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush()
- x86/irq: Demote irq_cpustat_t::__softirq_pending to u16
- x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d
- x86: Don't include linux/irq.h from asm/hardirq.h
- x86/apic: Order irq_enter/exit() calls correctly vs. ack_APIC_irq()
- SAUCE: Move __this_cpu_{read,write} to percpu-ubuntu.h
- x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d
- x86/KVM/VMX: Don't set l1tf_flush_l1d from vmx_handle_external_intr()
- Documentation/l1tf: Remove Yonah processors from not vulnerable list
- x86/speculation: Simplify sysfs report of VMX L1TF vulnerability
- x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry
- cpu/hotplug: Fix SMT supported evaluation
- x86/speculation/l1tf: Invert all not present mappings
- x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert
- x86/mm/pat: Ensure cpa->pfn only contains page frame numbers
- SAUCE: Add pfn_pud() and pud_mkhuge()
- x86/mm/pat: Make set_memory_np() L1TF safe
linux (3.13.0-153.203) trusty; urgency=medium
* linux: 3.13.0-153.203 -proposed tracker (LP: #1776819)
* CVE-2018-3665 (x86)
- x86/fpu: Print out whether we are doing lazy/eager FPU context switches
- x86/fpu: Default eagerfpu=on on all CPUs
- x86/fpu: Fix math emulation in eager fpu mode
linux (3.13.0-152.202) trusty; urgency=medium
* linux: 3.13.0-152.202 -proposed tracker (LP: #1776350)
* CVE-2017-15265
- ALSA: seq: Fix use-after-free at creating a port
* register on binfmt_misc may overflow and crash the system (LP: #1775856)
- fs/binfmt_misc.c: do not allow offset overflow
* CVE-2018-1130
- dccp: check sk for closed state in dccp_sendmsg()
- ipv6: dccp: add missing bind_conflict to dccp_ipv6_mapped
* add_key04 in LTP syscall test cause kernel oops (NULL pointer dereference)
with T kernel (LP: #1775316) // CVE-2017-12193
- assoc_array: Fix a buggy node-splitting case
* CVE-2017-12154
- kvm: nVMX: Don't allow L2 to access the hardware CR8
* CVE-2018-7757
- scsi: libsas: fix memory leak in sas_smp_get_phy_events()
* CVE-2018-6927
- futex: Prevent overflow by strengthen input validation
* FS-Cache: Assertion failed: FS-Cache: 6 == 5 is false (LP: #1774336)
- SAUCE: CacheFiles: fix a read_waiter/read_copier race
* CVE-2018-5803
- sctp: verify size of a new chunk in _sctp_make_chunk()
* WARNING: CPU: 28 PID: 34085 at /build/linux-
90Gc2C/linux-3.13.0/net/core/dev.c:1433 dev_disable_lro+0x87/0x90()
(LP: #1771480)
- net/core: generic support for disabling netdev features down stack
- SAUCE: Backport helper function netdev_upper_get_next_dev_rcu
* CVE-2018-7755
- SAUCE: floppy: Do not copy a kernel pointer to user memory in FDGETPRM
ioctl
* CVE-2018-5750
- ACPI: sbshc: remove raw pointer from printk() message
linux (3.13.0-151.201) trusty; urgency=medium
* linux: 3.13.0-151.201 -proposed tracker (LP: #1774190)
* CVE-2018-3639 (x86)
- SAUCE: Set generic SSBD feature for Intel cpus
- KVM: vmx: fix MPX detection
- KVM: x86: Fix MSR_IA32_BNDCFGS in msrs_to_save
- x86/cpu: Add CLZERO detection
* Trusty cannot load microcode for family 17h AMD processors (LP: #1774082)
- x86/microcode/AMD: Add support for fam17h microcode loading
linux (3.13.0-150.200) trusty; urgency=medium
* linux: 3.13.0-150.200 -proposed tracker (LP: #1772970)
* CVE-2018-3639 (x86)
- x86/cpu: Make alternative_msr_write work for 32-bit code
- x86/cpu/AMD: Fix erratum 1076 (CPB bit)
- x86/bugs: Fix the parameters alignment and missing void
- KVM: SVM: Move spec control call after restore of GS
- x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP
- x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS
- x86/cpufeatures: Disentangle SSBD enumeration
- x86/cpufeatures: Add FEATURE_ZEN
- x86/speculation: Handle HT correctly on AMD
- x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL
- x86/speculation: Add virtualized speculative store bypass disable support
- SAUCE: x86/cpu: Rename x86_amd_ssbd_enable
- x86/speculation: Rework speculative_store_bypass_update()
- x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host}
- x86/bugs: Expose x86_spec_ctrl_base directly
- x86/bugs: Remove x86_spec_ctrl_set()
- x86/bugs: Rework spec_ctrl base and mask logic
- x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG
- KVM: x86: introduce num_emulated_msrs
- KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD
- x86/bugs: Rename SSBD_NO to SSB_NO
- KVM: VMX: Expose SSBD properly to guests.
* CVE-2018-7492
- rds: Fix NULL pointer dereference in __rds_rdma_map
* CVE-2017-0627
- media: uvcvideo: Prevent heap overflow when accessing mapped controls
* CVE-2018-8781
- drm: udl: Properly check framebuffer mmap offsets
* CVE-2018-1068
- netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets
linux (3.13.0-149.199) trusty; urgency=medium
* CVE-2018-3639 (powerpc)
- SAUCE: rfi-flush: update H_CPU_* macro names to upstream
- SAUCE: rfi-flush: update plpar_get_cpu_characteristics() signature to
upstream
- powerpc/pseries: Support firmware disable of RFI flush
- powerpc/powernv: Support firmware disable of RFI flush
- powerpc/64s: Allow control of RFI flush via debugfs
- powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
- powerpc/rfi-flush: Always enable fallback flush on pseries
- powerpc/rfi-flush: Differentiate enabled and patched flush types
- powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
- powerpc: Add security feature flags for Spectre/Meltdown
- powerpc/pseries: Set or clear security feature flags
- powerpc/powernv: Set or clear security feature flags
- powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
- powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
- powerpc/pseries: Fix clearing of security feature flags
- powerpc: Move default security feature flags
- powerpc/pseries: Restore default security feature flags on setup
- powerpc/64s: Add support for a store forwarding barrier at kernel
entry/exit
- SAUCE: powerpc/64s: Move the data access exception out-of-line
* CVE-2018-3639 (x86)
- arch: Introduce post-init read-only memory
- SAUCE: Add X86_FEATURE_ARCH_CAPABILITIES
- SAUCE: x86: Add alternative_msr_write
- x86/nospec: Simplify alternative_msr_write()
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
- x86/bugs: Concentrate bug detection into a separate function
- x86/bugs: Concentrate bug reporting into a separate function
- x86/msr: Add definitions for new speculation control MSRs
- x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- x86/bugs, KVM: Support the combination of guest and host IBRS
- x86/bugs: Expose /sys/../spec_store_bypass
- x86/cpufeatures: Add X86_FEATURE_RDS
- x86/bugs: Provide boot parameters for the spec_store_bypass_disable
mitigation
- x86/bugs/intel: Set proper CPU features and setup RDS
- x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
- x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- x86/speculation: Create spec-ctrl.h to avoid include hell
- prctl: Add speculation control prctls
- x86/process: Allow runtime control of Speculative Store Bypass
- x86/speculation: Add prctl for Speculative Store Bypass mitigation
- nospec: Allow getting/setting on non-current task
- proc: Provide details on speculation flaw mitigations
- seccomp: Enable speculation flaw mitigations
- SAUCE: x86/bugs: Honour SPEC_CTRL default
- x86/bugs: Make boot modes __ro_after_init
- prctl: Add force disable speculation
- seccomp: Use PR_SPEC_FORCE_DISABLE
- seccomp: Add filter flag to opt-out of SSB mitigation
- seccomp: Move speculation migitation control to arch code
- x86/speculation: Make "seccomp" the default mode for Speculative Store
Bypass
- x86/bugs: Rename _RDS to _SSBD
- proc: Use underscores for SSBD in 'status'
- Documentation/spec_ctrl: Do some minor cleanups
- x86/bugs: Fix __ssb_select_mitigation() return type
- x86/bugs: Make cpu_show_common() static
linux (3.13.0-148.197) trusty; urgency=medium
* linux: 3.13.0-148.197 -proposed tracker (LP: #1769077)
* CVE-2017-18208
- mm/madvise.c: fix madvise() infinite loop under special circumstances
* CVE-2018-8822
- staging: ncpfs: memory corruption in ncp_read_kernel()
* CVE-2017-18221
- mlock: fix mlock count can not decrease in race condition
* CVE-2017-12134
- xen: fix bio vec merging
* CVE-2017-18203
- dm: fix race between dm_get_from_kobject() and __dm_destroy()
* CVE-2017-17449
- netlink: Add netns check on taps
* CVE-2017-13220
- Bluetooth: hidp_connection_add() unsafe use of l2cap_pi()
* CVE-2017-18204
- ocfs2: should wait dio before inode lock in ocfs2_setattr()
* CVE-2017-13305
- KEYS: encrypted: fix buffer overread in valid_master_desc()
* CVE-2017-18079
- Input: i8042 - fix crash at boot time
* "ip a" command on a guest VM shows UNKNOWN status (LP: #1761534)
- virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS
* ibrs/ibpb fixes result in excessive kernel logging (LP: #1755627)
- SAUCE: remove ibrs_dump sysctl interface
linux (3.13.0-147.196) trusty; urgency=medium
* CVE-2018-8897
- x86/traps: Enable DEBUG_STACK after cpu_init() for TRAP_DB/BP
- x86/entry/64: Don't use IST entry for #BP stack
* CVE-2018-1087
- KVM: VMX: Fix DR6 update on #DB exception
- KVM: VMX: Advance rip to after an ICEBP instruction
- kvm/x86: fix icebp instruction handling
* CVE-2018-1000199
- perf/hwbp: Simplify the perf-hwbp code, fix documentation
linux (3.13.0-145.194) trusty; urgency=medium
* linux: 3.13.0-145.194 -proposed tracker (LP: #1761430)
* intel-microcode 3.20180312.0 causes lockup at login screen(w/ linux-
image-4.13.0-37-generic) (LP: #1759920) // CVE-2017-5715 (Spectre v2 Intel)
- Revert "UBUNTU: SAUCE: x86/mm: Only set IBPB when the new thread cannot
ptrace current thread"
- x86/speculation: Use Indirect Branch Prediction Barrier in context switch
* DKMS driver builds fail with: Cannot use CONFIG_STACK_VALIDATION=y, please
install libelf-dev, libelf-devel or elfutils-libelf-devel (LP: #1760876)
- [Packaging] include the retpoline extractor in the headers
* retpoline hints: primary infrastructure and initial hints (LP: #1758856)
- [Packaging] retpoline-extract: flag *0xNNN(%reg) branches
- x86/speculation, objtool: Annotate indirect calls/jumps for objtool
- x86/speculation, objtool: Annotate indirect calls/jumps for objtool on
32bit
- x86/paravirt, objtool: Annotate indirect calls
- x86/asm: Stop depending on ptrace.h in alternative.h
- [Packaging] retpoline -- add safe usage hint support
- [Packaging] retpoline-check -- only report additions
- [Packaging] retpoline -- widen indirect call/jmp detection
- [Packaging] retpoline -- elide %rip relative indirections
- [Packaging] retpoline -- clear hint information from packages
- SAUCE: modpost: add discard to non-allocatable whitelist
- KVM: x86: Make indirect calls in emulator speculation safe
- KVM: VMX: Make indirect call speculation safe
- x86/boot, objtool: Annotate indirect jump in secondary_startup_64()
- SAUCE: early/late -- annotate indirect calls in early/late initialisation
code
- SAUCE: vga_set_mode -- avoid jump tables
- [Config] retpoline -- switch to new format
- [Packaging] retpoline hints -- handle missing files when RETPOLINE not
enabled
- [Packaging] final-checks -- remove check for empty retpoline files
* retpoline: ignore %cs:0xNNN constant indirections (LP: #1752655)
- [Packaging] retpoline -- elide %cs:0xNNNN constants on i386
* Boot crash with Trusty 3.13 (LP: #1757193)
- Revert "UBUNTU: SAUCE: x86, extable: fix uaccess fixup detection"
- x86/mm: Expand the exception table logic to allow new handling options
* Segmentation fault in ldt_gdt_64 (LP: #1755817) // CVE-2017-5754
- x86/kvm: Rename VMX's segment access rights defines
- x86/signal/64: Fix SS if needed when delivering a 64-bit signal
linux (3.13.0-144.193) trusty; urgency=medium
* linux: 3.13.0-144.193 -proposed tracker (LP: #1755227)
* CVE-2017-12762
- isdn/i4l: fix buffer overflow
* CVE-2017-17807
- KEYS: add missing permission check for request_key() destination
* bnx2x_attn_int_deasserted3:4323 MC assert! (LP: #1715519) //
CVE-2018-1000026
- net: Add ndo_gso_check
- net: create skb_gso_validate_mac_len()
- bnx2x: disable GSO where gso_size is too big for hardware
* CVE-2017-17448
- netfilter: nfnetlink_cthelper: Add missing permission checks
* CVE-2017-11089
- cfg80211: Define nla_policy for NL80211_ATTR_LOCAL_MESH_POWER_MODE
* CVE-2018-5332
- RDS: Heap OOB write in rds_message_alloc_sgs()
* ppc64el: Do not call ibm,os-term on panic (LP: #1736954)
- powerpc: Do not call ppc_md.panic in fadump panic notifier
* CVE-2017-17805
- crypto: salsa20 - fix blkcipher_walk API usage
* [Hyper-V] storvsc: do not assume SG list is continuous when doing bounce
buffers (LP: #1742480)
- SAUCE: storvsc: do not assume SG list is continuous when doing bounce
buffers
* Shutdown hang on 16.04 with iscsi targets (LP: #1569925)
- scsi: libiscsi: Allow sd_shutdown on bad transport
* CVE-2017-17741
- KVM: Fix stack-out-of-bounds read in write_mmio
* CVE-2017-5715 (Spectre v2 Intel)
- [Packaging] pull in retpoline files
linux (3.13.0-143.192) trusty; urgency=medium
* linux: 3.13.0-143.192 -proposed tracker (LP: #1751838)
* CVE-2017-5715 (Spectre v2 retpoline)
- x86/alternatives: Fix ALTERNATIVE_2 padding generation properly
- x86/alternatives: Fix alt_max_short macro to really be a max()
- x86/alternatives: Guard NOPs optimization
- x86/alternatives: Switch AMD F15h and later to the P6 NOPs
- x86/alternatives: Make optimize_nops() interrupt safe and synced
- x86/alternatives: Fix optimize_nops() checking
- x86/cpuid: Provide get_scattered_cpuid_leaf()
- x86/cpu: Factor out application of forced CPU caps
- x86/cpufeatures: Make CPU bugs sticky
- x86/cpufeatures: Add X86_BUG_CPU_INSECURE
- x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN
- x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]
- x86/cpu, x86/pti: Do not enable PTI on AMD processors
- x86/cpu: Merge bugs.c and bugs_64.c
- sysfs/cpu: Add vulnerability folder
- x86/cpu: Implement CPU vulnerabilites sysfs functions
- x86/alternatives: Add missing '\n' at end of ALTERNATIVE inline asm
- x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier
- x86/asm: Use register variable to get stack pointer value
- x86/kbuild: enable modversions for symbols exported from asm
- x86/asm: Make asm/alternative.h safe from assembly
- EXPORT_SYMBOL() for asm
- kconfig.h: use __is_defined() to check if MODULE is defined
- x86/retpoline: Add initial retpoline support
- x86/spectre: Add boot time option to select Spectre v2 mitigation
- x86/retpoline/crypto: Convert crypto assembler indirect jumps
- x86/retpoline/entry: Convert entry assembler indirect jumps
- x86/retpoline/ftrace: Convert ftrace assembler indirect jumps
- x86/retpoline/hyperv: Convert assembler indirect jumps
- x86/retpoline/xen: Convert Xen hypercall indirect jumps
- x86/retpoline/checksum32: Convert assembler indirect jumps
- x86/retpoline/irq32: Convert assembler indirect jumps
- x86/retpoline: Fill return stack buffer on vmexit
- x86/retpoline: Remove compile time warning
- x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros
- module: Add retpoline tag to VERMAGIC
- x86/mce: Make machine check speculation protected
- retpoline: Introduce start/end markers of indirect thunk
- kprobes/x86: Disable optimizing on the function jumps to indirect thunk
- x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
- [Config] CONFIG_RETPOLINE=y
- [Packaging] retpoline -- add call site validation
- [Packaging] retpoline files must be sorted
- [Config] disable retpoline for the first upload
- [Config] updateconfigs - enable CONFIG_GENERIC_CPU_VULNERABILITIES
* retpoline abi files are empty on i386 (LP: #1751021)
- [Packaging] retpoline-extract -- instantiate retpoline files for i386
- [Packaging] final-checks -- sanity checking ABI contents
- [Packaging] final-checks -- check for empty retpoline files
* CVE-2017-5715 (Spectre v2 Intel)
- x86, microcode: Share native MSR accessing variants
- kvm: vmx: Scrub hardware GPRs at VM-exit
- SAUCE: x86/feature: Enable the x86 feature to control Speculation
- SAUCE: x86/feature: Report presence of IBPB and IBRS control
- SAUCE: x86/enter: MACROS to set/clear IBRS and set IBPB
- SAUCE: x86/enter: Use IBRS on syscall and interrupts
- SAUCE: x86/idle: Disable IBRS entering idle and enable it on wakeup
- SAUCE: x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
- SAUCE: x86/mm: Set IBPB upon context switch
- SAUCE: x86/mm: Only set IBPB when the new thread cannot ptrace current
thread
- SAUCE: x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
- SAUCE: x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
- SAUCE: x86/kvm: Set IBPB when switching VM
- SAUCE: x86/kvm: Toggle IBRS on VM entry and exit
- SAUCE: x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
- SAUCE: x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb
control
- SAUCE: x86/cpu/AMD: Add speculative control support for AMD
- SAUCE: x86/microcode: Extend post microcode reload to support IBPB feature
- SAUCE: KVM: SVM: Do not intercept new speculative control MSRs
- SAUCE: x86/svm: Set IBRS value on VM entry and exit
- SAUCE: x86/svm: Set IBPB when running a different VCPU
- SAUCE: KVM: x86: Add speculative control CPUID support for guests
- SAUCE: x86/entry: Fixup 32bit compat call locations
- SAUCE: KVM: Fix spec_ctrl CPUID support for guests
- SAUCE: x86/cpuid: Fix ordering of scattered feature list
- SAUCE: turn off IBRS when full retpoline is present
* CVE-2017-5753 (Spectre v1 Intel)
- x86: Add another set of MSR accessor functions
- x86/cpu/AMD: Make the LFENCE instruction serialized
- SAUCE: x86/cpu/AMD: switch to lfence rather than mfence
- locking/barriers: introduce new observable speculation barrier
- bpf: prevent speculative execution in eBPF interpreter
- uvcvideo: prevent speculative execution
- carl9170: prevent speculative execution
- qla2xxx: prevent speculative execution
- fs: prevent speculative execution
- udf: prevent speculative execution
- userns: prevent speculative execution
- SAUCE: claim mitigation via observable speculation barrier
- powerpc: add osb barrier
- s390/spinlock: add osb memory barrier
- arm64: no osb() implementation yet
- arm: no osb() implementation yet
* CVE-2017-5715 (revert embargoed) // CVE-2017-5753 (revert embargoed)
- Revert "UBUNTU: SAUCE: x86/cpuid: Fix ordering of scattered feature list"
- Revert "UBUNTU: SAUCE: KVM: Fix spec_ctrl CPUID support for guests"
- Revert "UBUNTU: SAUCE: x86/entry: Fixup 32bit compat call locations"
- Revert "UBUNTU: SAUCE: powerpc: no gmb() implementation yet"
- Revert "UBUNTU: SAUCE: arm: no gmb() implementation yet"
- Revert "UBUNTU: SAUCE: arm64: no gmb() implementation yet"
- Revert "UBUNTU: SAUCE: x86/kvm: Fix stuff_RSB() for 32-bit"
- Revert "UBUNTU: SAUCE: x86/cpu/AMD: Remove now unused definition of
MFENCE_RDTSC feature"
- Revert "UBUNTU: SAUCE: x86/cpu/AMD: Make the LFENCE instruction
serialized"
- Revert "UBUNTU: SAUCE: x86/svm: Add code to clobber the RSB on VM exit"
- Revert "UBUNTU: SAUCE: KVM: x86: Add speculative control CPUID support for
guests"
- Revert "UBUNTU: SAUCE: x86/svm: Set IBPB when running a different VCPU"
- Revert "UBUNTU: SAUCE: x86/svm: Set IBRS value on VM entry and exit"
- Revert "UBUNTU: SAUCE: KVM: SVM: Do not intercept new speculative control
MSRs"
- Revert "UBUNTU: SAUCE: x86/microcode: Extend post microcode reload to
support IBPB feature"
- Revert "UBUNTU: SAUCE: x86/cpu/AMD: Add speculative control support for
AMD"
- Revert "UBUNTU: SAUCE: x86/entry: Use retpoline for syscall's indirect
calls"
- Revert "UBUNTU: SAUCE: x86/spec_ctrl: Add lock to serialize changes to
ibrs
and ibpb control"
- Revert "UBUNTU: SAUCE: x86/spec_ctrl: Add sysctl knobs to enable/disable
SPEC_CTRL feature"
- Revert "UBUNTU: SAUCE: x86/kvm: Pad RSB on VM transition"
- Revert "UBUNTU: SAUCE: x86/kvm: Toggle IBRS on VM entry and exit"
- Revert "UBUNTU: SAUCE: x86/kvm: Set IBPB when switching VM"
- Revert "UBUNTU: SAUCE: x86/kvm: add MSR_IA32_SPEC_CTRL and
MSR_IA32_PRED_CMD
to kvm"
- Revert "UBUNTU: SAUCE: x86/entry: Stuff RSB for entry to kernel for
non-SMEP
platform"
- Revert "UBUNTU: SAUCE: x86/mm: Only set IBPB when the new thread cannot
ptrace current thread"
- Revert "UBUNTU: SAUCE: x86/mm: Set IBPB upon context switch"
- Revert "UBUNTU: SAUCE: x86/idle: Disable IBRS when offlining cpu and re-
enable on wakeup"
- Revert "UBUNTU: SAUCE: x86/idle: Disable IBRS entering idle and enable it
on
wakeup"
- Revert "UBUNTU: SAUCE: x86/enter: Use IBRS on syscall and interrupts"
- Revert "UBUNTU: SAUCE: x86/enter: MACROS to set/clear IBRS and set IBPB"
- Revert "UBUNTU: SAUCE: x86/feature: Report presence of IBPB and IBRS
control"
- Revert "UBUNTU: SAUCE: x86/feature: Enable the x86 feature to control
Speculation"
- Revert "UBUNTU: SAUCE: udf: prevent speculative execution"
- Revert "UBUNTU: SAUCE: fs: prevent speculative execution"
- Revert "UBUNTU: SAUCE: userns: prevent speculative execution"
- Revert "UBUNTU: SAUCE: cw1200: prevent speculative execution"
- Revert "UBUNTU: SAUCE: qla2xxx: prevent speculative execution"
- Revert "UBUNTU: SAUCE: p54: prevent speculative execution"
- Revert "UBUNTU: SAUCE: carl9170: prevent speculative execution"
- Revert "UBUNTU: SAUCE: uvcvideo: prevent speculative execution"
- Revert "UBUNTU: SAUCE: locking/barriers: introduce new memory barrier
gmb()"
- Revert "kvm: vmx: Scrub hardware GPRs at VM-exit"
- Revert "x86/cpuid: Provide get_scattered_cpuid_leaf()"
- Revert "x86: Add another set of MSR accessor functions"
- Revert "x86, microcode: Share native MSR accessing variants"
* stress-ng enosys stressor triggers a kernel BUG (LP: #1750786)
- SAUCE: x86, extable: fix uaccess fixup detection
linux (3.13.0-142.191) trusty; urgency=medium
* linux: 3.13.0-142.191 -proposed tracker (LP: #1746900)
* CVE-2017-17806
- crypto: hmac - require that the underlying hash algorithm is unkeyed
* CVE-2017-18017
- netfilter: xt_TCPMSS: add more sanity tests on tcph->doff
* CVE-2017-17450
- netfilter: xt_osf: Add missing permission checks
* CVE-2018-5344
- loop: fix concurrent lo_open/lo_release
* CVE-2017-5715 (Spectre v2 embargoed) // CVE-2017-5753 (Spectre v1 embargoed)
- x86/asm/msr: Make wrmsrl_safe() a function
* CVE-2017-1000407
- KVM: VMX: remove I/O port 0x80 bypass on Intel hosts
* CVE-2017-0861
- ALSA: pcm: prevent UAF in snd_pcm_info
* CVE-2017-14051
- scsi: qla2xxx: Fix an integer overflow in sysfs code
* CVE-2017-15868
- Bluetooth: bnep: bnep_add_connection() should verify that it's dealing
with
l2cap socket
* CVE-2018-5333
- RDS: null pointer dereference in rds_atomic_free_op
* powerpc: flush L1D on return to use (LP: #1742772) // CVE-2017-5754
(Meltdown)
- SAUCE: powerpc: Prevent Meltdown attack with L1-D$ flush
- SAUCE: powerpc: Remove dead code in sycall entry
- SAUCE: rfi-flush: Add barriers to the fallback L1D flushing
- SAUCE: rfi-flush: Fallback flush add load dependency
- SAUCE: rfi-flush: Fix the 32-bit KVM build
- SAUCE: rfi-flush: Fix some RFI conversions in the KVM code
- SAUCE: rfi-flush: Make the fallback robust against memory corruption
- SAUCE: powerpc/kernel: Does not use sync
- SAUCE: rfi-flush: Factor out init_fallback_flush()
- SAUCE: rfi-flush: Make setup_rfi_flush() not __init
- SAUCE: rfi-flush: Move the logic to avoid a redo into the sysfs code
- SAUCE: rfi-flush: Make it possible to call setup_rfi_flush() again
- SAUCE: rfi-flush: Call setup_rfi_flush() after LPM migration
- SAUCE: rfi-flush: Fix fallback on distros using bootmem
- SAUCE: rfi-flush: fix package build error (unused variable limit)
- SAUCE: rfi-flush: Fix kernel package build using bootmem
- SAUCE: rfi-flush: Move rfi_flush_fallback_area to end of paca
- SAUCE: rfi-flush: Fix rename of pseries_setup_rfi_flush()
- SAUCE: rfi-flush: Mark DEBUG_RFI as BROKEN
- SAUCE: rfi-flush: Switch to new linear fallback flush
- SAUCE: powerpc/kernel: Remove unused variable
- SAUCE: powerpc/kernel: Fix typo on variable
- SAUCE: powerpc/kernel: Fix instructions usage
- SAUCE: powerpc/kernel: Define PACA_L1D_FLUSH_SIZE
- SAUCE: rfi-flush: Fix for kernel crash.
* upload urgency should be medium by default (LP: #1745338)
- [Packaging] update urgency to medium by default
* CVE-2017-12190
- fix unbalanced page refcounting in bio_map_user_iov
- more bio_map_user_iov() leak fixes
* CVE-2017-15274
- KEYS: fix dereferencing NULL payload with nonzero length
* CVE-2017-14140
- Sanitize 'move_pages()' permission checks
* CVE-2017-15115
- sctp: do not peel off an assoc from one netns to another one
* CVE-2017-14489
- scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't parse
nlmsg properly
* CVE-2017-12153
- nl80211: check for the required netlink attributes presence
* CVE-2017-16525
- USB: serial: console: fix use-after-free after failed setup
- USB: serial: console: fix use-after-free on disconnect
* CVE-2017-7542
- ipv6: avoid overflow of offset in ip6_find_1stfragopt
- ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt()
* CVE-2017-15102
- usb: misc: legousbtower: Fix NULL pointer deference
* CVE-2017-12192
- KEYS: prevent KEYCTL_READ on negative key
* CVE-2017-14156
- video: fbdev: aty: do not leak uninitialized padding in clk to userspace
* CVE-2017-5669
- ipc/shm: Fix shmat mmap nil-page protection
* CVE-2017-0750
- f2fs: do more integrity verification for superblock
* CVE-2017-7889
- mm: Tighten x86 /dev/mem with zeroing reads
* CVE-2017-8824
- dccp: CVE-2017-8824: use-after-free in DCCP code
linux (3.13.0-141.190) trusty; urgency=low
* linux: 3.13.0-141.190 -proposed tracker (LP: #1744308)
* ubuntu_32_on_64 test crash Trusty 3.13.0-140 amd64 system (LP: #1744199) //
test_too_early_vsyscall from ubuntu_qrt_kernel_panic crashes Trusty
3.13.0-140 amd64 system (LP: #1744226) // CVE-2017-5715 // CVE-2017-5753
- SAUCE: x86/entry: Fixup 32bit compat call locations
* CVE-2017-5715 // CVE-2017-5753
- SAUCE: x86/cpuid: Fix ordering of scattered feature list
- SAUCE: KVM: Fix spec_ctrl CPUID support for guests
* CVE-2017-5754
- kaiser: Set _PAGE_NX only if supported
- kaiser: Set _PAGE_NX only if supported
linux (3.13.0-140.189) trusty; urgency=low
* linux: 3.13.0-140.189 -proposed tracker (LP: #1743375)
[ Stefan Bader ]
* CVE-2017-5715 // CVE-2017-5753
- x86, microcode: Share native MSR accessing variants
- x86: Add another set of MSR accessor functions
- x86/cpuid: Provide get_scattered_cpuid_leaf()
- kvm: vmx: Scrub hardware GPRs at VM-exit
- SAUCE: locking/barriers: introduce new memory barrier gmb()
- SAUCE: uvcvideo: prevent speculative execution
- SAUCE: carl9170: prevent speculative execution
- SAUCE: p54: prevent speculative execution
- SAUCE: qla2xxx: prevent speculative execution
- SAUCE: cw1200: prevent speculative execution
- SAUCE: userns: prevent speculative execution
- SAUCE: fs: prevent speculative execution
- SAUCE: udf: prevent speculative execution
- SAUCE: x86/feature: Enable the x86 feature to control Speculation
- SAUCE: x86/feature: Report presence of IBPB and IBRS control
- SAUCE: x86/enter: MACROS to set/clear IBRS and set IBPB
- SAUCE: x86/enter: Use IBRS on syscall and interrupts
- SAUCE: x86/idle: Disable IBRS entering idle and enable it on wakeup
- SAUCE: x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
- SAUCE: x86/mm: Set IBPB upon context switch
- SAUCE: x86/mm: Only set IBPB when the new thread cannot ptrace current
thread
- SAUCE: x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
- SAUCE: x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
- SAUCE: x86/kvm: Set IBPB when switching VM
- SAUCE: x86/kvm: Toggle IBRS on VM entry and exit
- SAUCE: x86/kvm: Pad RSB on VM transition
- SAUCE: x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
- SAUCE: x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb
control
- SAUCE: x86/entry: Use retpoline for syscall's indirect calls
- SAUCE: x86/cpu/AMD: Add speculative control support for AMD
- SAUCE: x86/microcode: Extend post microcode reload to support IBPB feature
- SAUCE: KVM: SVM: Do not intercept new speculative control MSRs
- SAUCE: x86/svm: Set IBRS value on VM entry and exit
- SAUCE: x86/svm: Set IBPB when running a different VCPU
- SAUCE: KVM: x86: Add speculative control CPUID support for guests
- SAUCE: x86/svm: Add code to clobber the RSB on VM exit
- SAUCE: x86/cpu/AMD: Make the LFENCE instruction serialized
- SAUCE: x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature
- SAUCE: x86/kvm: Fix stuff_RSB() for 32-bit
- SAUCE: arm64: no gmb() implementation yet
- SAUCE: arm: no gmb() implementation yet
- SAUCE: powerpc: no gmb() implementation yet
* Do not duplicate changelog entries assigned to more than one bug or CVE
(LP: #1743383)
- [Packaging] git-ubuntu-log -- handle multiple bugs/cves better
linux (3.13.0-139.188) trusty; urgency=low
* linux: 3.13.0-139.188 -proposed tracker (LP: #1741609)
* CVE-2017-5754
- perf/x86: Correctly use FEATURE_PDCM
- arch: Introduce smp_load_acquire(), smp_store_release()
- mm, x86: Account for TLB flushes only when debugging
- x86/mm: Clean up inconsistencies when flushing TLB ranges
- x86/mm: Eliminate redundant page table walk during TLB range flushing
- mm, x86: Revisit tlb_flushall_shift tuning for page flushes except on
IvyBridge
- x86/mm: Clean up the TLB flushing code
- x86/mm: Rip out complicated, out-of-date, buggy TLB flushing
- x86/mm: Fix missed global TLB flush stat
- x86/mm: New tunable for single vs full TLB flush
- x86/mm: Set TLB flush tunable to sane value (33)
- x86/mm: Fix sparse 'tlb_single_page_flush_ceiling' warning and make the
variable read-mostly
- rcu: Provide counterpart to rcu_dereference() for non-RCU situations
- rcu: Move lockless_dereference() out of rcupdate.h
- x86/ldt: Make modify_ldt synchronous
- x86/ldt: Correct LDT access in single stepping logic
- x86/ldt: Correct FPU emulation access to LDT
- x86/ldt: Further fix FPU emulation
- x86/mm: Disable preemption during CR3 read+write
- x86: Clean up cr4 manipulation
- x86/mm: Add INVPCID helpers
- x86/mm: Fix INVPCID asm constraint
- x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID
- x86/mm: If INVPCID is available, use it to flush global mappings
- mm/mmu_context, sched/core: Fix mmu_context.h assumption
- sched/core: Add switch_mm_irqs_off() and use it in the scheduler
- x86/mm: Build arch/x86/mm/tlb.c even on !SMP
- x86/mm, sched/core: Uninline switch_mm()
- x86/mm, sched/core: Turn off IRQs in switch_mm()
- sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off()
- x86/irq: Do not substract irq_tlb_count from irq_call_count
- x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly()
- x86/mm: Remove flush_tlb() and flush_tlb_current_task()
- x86/mm: Make flush_tlb_mm_range() more predictable
- x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range()
- x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP
code
- x86/mm: Disable PCID on 32-bit kernels
- x86/mm: Add the 'nopcid' boot option to turn off PCID
- x86/mm: Enable CR4.PCIDE on supported systems
- x86/mm/64: Fix reboot interaction with CR4.PCIDE
- KAISER: Kernel Address Isolation
- x86/mm/kaiser: re-enable vsyscalls
- kaiser: user_map __kprobes_text too
- kaiser: alloc_ldt_struct() use get_zeroed_page()
- x86/alternatives: Cleanup DPRINTK macro
- x86/alternatives: Add instruction padding
- x86/alternatives: Make JMPs more robust
- x86/alternatives: Use optimized NOPs for padding
- kaiser: add "nokaiser" boot option, using ALTERNATIVE
- x86, boot: Carve out early cmdline parsing function
- x86/boot: Fix early command-line parsing when matching at end
- x86/boot: Fix early command-line parsing when partial word matches
- x86/boot: Simplify early command line parsing
- x86/boot: Pass in size to early cmdline parsing
- x86/boot: Add early cmdline parsing for options with arguments
- x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling
- x86/kaiser: Check boottime cmdline params
- kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush
- kaiser: asm/tlbflush.h handle noPGE at lower level
- kaiser: kaiser_flush_tlb_on_return_to_user() check PCID
- x86/paravirt: Dont patch flush_tlb_single
- x86/kaiser: Reenable PARAVIRT
- kaiser: disabled on Xen PV
- x86/kaiser: Move feature detection up
- KPTI: Rename to PAGE_TABLE_ISOLATION
- KPTI: Report when enabled
- kvmclock: export kvmclock clocksource and data pointers
- x86/mm/kaiser: remove paravirt clock warning
- kaiser: x86: Fix NMI handling
- [Config] updateconfigs - enable PAGE_TABLE_ISOLATION
linux (3.13.0-137.186) trusty; urgency=low
* linux: 3.13.0-137.186 -proposed tracker (LP: #1736194)
* CVE-2017-1000405
- mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d()
* CVE-2017-16939
- netlink: add a start callback for starting a netlink dump
- ipsec: Fix aborted xfrm policy dump crash
linux (3.13.0-136.185) trusty; urgency=low
* linux: 3.13.0-136.185 -proposed tracker (LP: #1734733)
* NVMe timeout is too short (LP: #1729119)
- NVMe: Make I/O timeout a module parameter
- nvme: update timeout module parameter type
linux (3.13.0-135.184) trusty; urgency=low
* linux: 3.13.0-135.184 -proposed tracker (LP: #1724500)
* Trusty NVMe boot fails on some systems (LP: #1720867)
- NVMe: RCU protected access to io queues
- NVMe: IOCTL path RCU protect queue access
- powerpc/mm: fix ".__node_distance" undefined
- NVMe: per-cpu io queues
- nvme: Use pci_enable_msi_range() and pci_enable_msix_range()
- NVMe: make setup work for devices that don't do INTx
- NVMe: Always use MSI/MSI-x interrupts
linux (3.13.0-134.183) trusty; urgency=low
* linux: 3.13.0-134.183 -proposed tracker (LP: #1722335)
[ Thadeu Lima de Souza Cascardo ]
* CVE-2017-10661
- timerfd: Protect the might cancel mechanism proper
* CVE-2017-10662
- f2fs: sanity check segment count
* CVE-2017-10663
- f2fs: sanity check checkpoint segno and blkoff
* CVE-2017-14340
- xfs: XFS_IS_REALTIME_INODE() should be false if no rt device present
* CVE-2017-10911
- xen-blkback: don't leak stack data via response ring
* CVE-2017-11176
- mqueue: fix a use-after-free in sys_mq_notify()
* CVE-2016-8632
- tipc: check minimum bearer MTU
linux (3.13.0-133.182) trusty; urgency=low
* linux: 3.13.0-133.182 -proposed tracker (LP: #1718159)
[ Stefan Bader ]
* CVE-2016-8633
- firewire: net: guard against rx buffer overflows
* CVE-2017-14106
- tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0
linux (3.13.0-132.181) trusty; urgency=low
* linux: 3.13.0-132.181 -proposed tracker (LP: #1716634)
* CVE-2017-1000251
- Bluetooth: Properly check L2CAP config option output buffer length
linux (3.13.0-131.180) trusty; urgency=low
* linux: 3.13.0-131.180 -proposed tracker (LP: #1715439)
* CVE-2016-7097
- posix_acl: Clear SGID bit when setting file permissions
* CVE-2016-9083
- vfio/pci: Fix integer overflows, bitmask check
* CVE-2016-9084
- vfio/pci: Fix integer overflows, bitmask check
* CVE-2016-9604
- KEYS: Disallow keyrings beginning with '.' to be joined as session
keyrings
* CVE-2016-9191
- sysctl: Drop reference added by grab_header in proc_sys_readdir
* CVE-2016-9178
- fix minor infoleak in get_user_ex()
* CVE-2016-8650
- mpi: Fix NULL ptr dereference in mpi_powm() [ver #3]
* CVE-2016-10044
- vfs: Commit to never having exectuables on proc and sysfs.
- aio: mark AIO pseudo-fs noexec
linux (3.13.0-130.179) trusty; urgency=low
* linux: 3.13.0-130.179 -proposed tracker (LP: #1713456)
* CVE-2016-10200
- l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{, 6}_bind()
* CVE-2016-9754
- ring-buffer: Prevent overflow of size in ring_buffer_resize()
* CVE-2017-5970
- ipv4: keep skb->dst around in presence of IP options
* CVE-2017-6346
- packet: fix races in fanout_add()
* CVE-2017-6214
- tcp: avoid infinite loop in tcp_splice_read()
* CVE-2017-6951
- KEYS: Change the name of the dead type to ".dead" to prevent user access
* CVE-2017-7472
- KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings
* CVE-2017-7187
- scsi: sg: check length passed to SG_NEXT_CMD_LEN
* CVE-2017-7541
- brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx()
* sort ABI files with C.UTF-8 locale (LP: #1712345)
- [Packaging] sort ABI files with C.UTF-8 locale
* Please only recommend or suggest initramfs-tools | linux-initramfs-tool for
kernels able to boot without initramfs (LP: #1700972)
- [Debian] Don't depend on initramfs-tools
linux (3.13.0-129.178) trusty; urgency=low
* linux: 3.13.0-129.178 -proposed tracker (LP: #1709292)
* CVE-2017-1000112
- Revert "udp: consistently apply ufo or fragmentation"
- udp: consistently apply ufo or fragmentation
* CVE-2017-1000111
- Revert "net-packet: fix race in packet_set_ring on PACKET_RESERVE"
- packet: fix tp_reserve race in packet_set_ring
* Adt tests of src:linux time out often on armhf lxc containers (LP: #1705495)
- [Packaging] tests -- reduce rebuild test to one flavour
* CVE-2016-7914
- assoc_array: don't call compare_object() on a node
* CVE-2017-7616
- mm/mempolicy.c: fix error handling in set_mempolicy and mbind.
* CVE-2017-7261
- drm/vmwgfx: NULL pointer dereference in vmw_surface_define_ioctl()
* CVE-2017-7273
- HID: hid-cypress: validate length of report
* CVE-2017-7487
- ipx: call ipxitf_put() in ioctl error path
* CVE-2017-7495
- ext4: fix data exposure after a crash
linux (3.13.0-128.177) trusty; urgency=low
* CVE-2017-1000112
- ipv4: Should use consistent conditional judgement for ip fragment in
__ip_append_data and ip_finish_output
- ipv6: Don't use ufo handling on later transformed packets
- ipv6: Should use consistent conditional judgement for ip6 fragment between
__ip6_append_data and ip6_finish_output
- udp: avoid ufo handling on IP payload compression packets
- net: account for current skb length when deciding about UFO
- udp: consistently apply ufo or fragmentation
* CVE-2017-1000111
- net-packet: fix race in packet_set_ring on PACKET_RESERVE
linux (3.13.0-126.175) trusty; urgency=low
* linux: 3.13.0-126.175 -proposed tracker (LP: #1704994)
* CVE-2017-1000364
- mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack
- mm/mmap.c: expand_downwards: don't require the gap if !vm_prev
* CVE-2017-7482
- rxrpc: Fix several cases where a padded len isn't checked in ticket decode
* CVE-2017-1000365
- fs/exec.c: account for argv/envp pointers
* CVE-2016-8405
- fbdev: color map copying bounds checking
* CVE-2017-2618
- selinux: fix off-by-one in setprocattr
* update ENA driver to 1.2.0k from net-next (LP: #1701575)
- lib: devres: add a helper function for ioremap_wc
- net: ena: remove superfluous check in ena_remove()
- net: ena: fix rare uncompleted admin command false alarm
- net: ena: add missing return when ena_com_get_io_handlers() fails
- net: ena: fix race condition between submit and completion admin command
- net: ena: add missing unmap bars on device removal
- net: ena: fix theoretical Rx hang on low memory systems
- net: ena: disable admin msix while working in polling mode
- net: ena: bug fix in lost tx packets detection mechanism
- net: ena: update ena driver to version 1.1.7
- net: ena: change return value for unsupported features unsupported return
value
- net: ena: add hardware hints capability to the driver
- net: ena: change sizeof() argument to be the type pointer
- net: ena: add reset reason for each device FLR
- net: ena: add support for out of order rx buffers refill
- net: ena: separate skb allocation to dedicated function
- net: ena: use lower_32_bits()/upper_32_bits() to split dma address
- net: ena: update driver's rx drop statistics
- net: ena: update ena driver to version 1.2.0
linux (3.13.0-125.174) trusty; urgency=low
* linux: 3.13.0-125.174 -proposed tracker (LP: #1703396)
* NULL pointer dereference triggered by openvswitch autopkg testcase
(LP: #1703401)
- Revert "rtnl/do_setlink(): notify when a netdev is modified"
- Revert "rtnl/do_setlink(): last arg is now a set of flags"
- Revert "rtnl/do_setlink(): set modified when IFLA_LINKMODE is updated"
- Revert "rtnl/do_setlink(): set modified when IFLA_TXQLEN is updated"
- Revert "rtnetlink: provide api for getting and setting slave info"
linux (3.13.0-124.173) trusty; urgency=low
* linux: 3.13.0-124.173 -proposed tracker (LP: #1701042)
* CVE-2017-7895
- nfsd: Remove assignments inside conditions
- svcrdma: Do not add XDR padding to xdr_buf page vector
- nfsd4: minor NFSv2/v3 write decoding cleanup
- nfsd: stricter decoding of write-like NFSv2/v3 ops
* CVE-2017-9605
- drm/vmwgfx: Make sure backup_handle is always valid
* CVE-2017-1000380
- ALSA: timer: Fix race between read and ioctl
- ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT
* linux <3.18: netlink notification is missing when an interface is modified
(LP: #1690094)
- rtnetlink: provide api for getting and setting slave info
- rtnl/do_setlink(): set modified when IFLA_TXQLEN is updated
- rtnl/do_setlink(): set modified when IFLA_LINKMODE is updated
- rtnl/do_setlink(): last arg is now a set of flags
- rtnl/do_setlink(): notify when a netdev is modified
* CVE-2015-8944
- Make file credentials available to the seqfile interfaces
- /proc/iomem: only expose physical resource addresses to privileged users
* CVE-2016-10088
- sg_write()/bsg_write() is not fit to be called under KERNEL_DS
* CVE-2017-7346
- drm/vmwgfx: limit the number of mip levels in
vmw_gb_surface_define_ioctl()
* CVE-2015-8966
- arm: fix handling of F_OFD_... in oabi_fcntl64()
* Missing IOTLB flush causes DMAR errors with SR-IOV (LP: #1697053)
- iommu/vt-d: Fix missing IOTLB flush in intel_iommu_unmap()
* CVE-2017-8924
- USB: serial: io_ti: fix information leak in completion handler
* CVE-2017-8925
- USB: serial: omninet: fix reference leaks at open
* CVE-2015-8967
- arm64: make sys_call_table const
* CVE-2015-8964
- tty: Prevent ldisc drivers from re-using stale tty fields
* CVE-2015-8955
- arm64: perf: reject groups spanning multiple HW PMUs
* CVE-2015-8962
- sg: Fix double-free when drives detach during SG_IO
* CVE-2015-8963
- perf: Fix race in swevent hash
* CVE-2017-9074
- ipv6: Check ip6_find_1stfragopt() return value properly.
* CVE-2014-9900
- net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol()
linux (3.13.0-123.172) trusty; urgency=low
* linux: 3.13.0-123.172 -proposed tracker (LP: #1700558)
* CVE-2017-1000364
- Revert "UBUNTU: SAUCE: mm: Only expand stack if guard area is hit"
- Revert "mm: do not collapse stack gap into THP"
- Revert "mm: enlarge stack guard gap"
- mm: vma_adjust: remove superfluous confusing update in remove_next == 1
case
- mm: larger stack guard gap, between vmas
- mm: fix new crash in unmapped_area_topdown()
- Allow stack to grow up to address space limit
linux (3.13.0-122.171) trusty; urgency=low
* linux: 3.13.0-122.171 -proposed tracker (LP: #1699047)
* CVE-2017-1000364
- SAUCE: mm: Only expand stack if guard area is hit
* CVE-2014-9940
- regulator: core: Fix regualtor_ena_gpio_free not to access pin after
freeing
* CVE-2017-100363
- char: lp: fix possible integer overflow in lp_setup()
* CVE-2017-9242
- ipv6: fix out of bound writes in __ip6_append_data()
* CVE-2017-9075
- sctp: do not inherit ipv6_{mc|ac|fl}_list from parent
* CVE-2017-9074
- ipv6: Prevent overrun when parsing v6 header options
* CVE-2017-9076
- ipv6/dccp: do not inherit ipv6_mc_list from parent
* CVE-2017-9077
- ipv6/dccp: do not inherit ipv6_mc_list from parent
* CVE-2017-8890
- dccp/tcp: do not inherit mc_list from parent
* CVE-2017-0605
- tracing: Use strlcpy() instead of strcpy() in __trace_find_cmdline()
* CVE-2017-7294
- drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl()
linux (3.13.0-121.170) trusty; urgency=low
* CVE-2017-1000364
- mm: enlarge stack guard gap
- mm: do not collapse stack gap into THP
linux (3.13.0-119.166) trusty; urgency=low
* linux: 3.13.0-119.166 -proposed tracker (LP: #1687718)
* CVE-2016-8645: Linux kernel mishandles socket buffer (skb) truncation
(LP: #1687107)
- rose: limit sk_filter trim to payload
- tcp: take care of truncations done by sk_filter()
linux (3.13.0-118.165) trusty; urgency=low
* linux: 3.13.0-118.165 -proposed tracker (LP: #1686154)
* linux_3.13.0-*.*: nVMX: Check current_vmcs12 before accessing in
handle_invept() (LP: #1678676)
- SAUCE: KVM has a flaw in INVEPT emulation that could crash the host
* Please backport fix to reference leak in cgroup blkio throttle
(LP: #1683976)
- block: fix module reference leak on put_disk() call for cgroups throttle
linux (3.13.0-117.164) trusty; urgency=low
* linux: 3.13.0-117.164 -proposed tracker (LP: #1680733)
* CVE-2017-6353
- sctp: deny peeloff operation on asocs with threads sleeping on it
* CVE-2017-5986
- sctp: avoid BUG_ON on sctp_wait_for_sndbuf
* Update ENA driver to 1.1.2 from net-next (LP: #1664312)
- net: ena: Remove unnecessary pci_set_drvdata()
- net: ena: Fix error return code in ena_device_init()
- net: ena: change the return type of ena_set_push_mode() to be void.
- net: ena: use setup_timer() and mod_timer()
- net/ena: remove ntuple filter support from device feature list
- net/ena: fix queues number calculation
- net/ena: fix ethtool RSS flow configuration
- net/ena: fix RSS default hash configuration
- net/ena: fix NULL dereference when removing the driver after device reset
failed
- net/ena: refactor ena_get_stats64 to be atomic context safe
- net/ena: fix potential access to freed memory during device reset
- net/ena: use READ_ONCE to access completion descriptors
- net/ena: reduce the severity of ena printouts
- net/ena: change driver's default timeouts
- net/ena: change condition for host attribute configuration
- net/ena: update driver version to 1.1.2
* [Xenial - 16.04 ]Bonding driver - stack corruption when trying to copy 20
bytes to a sockaddr (LP: #1668042)
- net/bonding: Enforce active-backup policy for IPoIB bonds
* stress_smoke_test passing and exiting rc=9 (linux 4.9.0-12.13 ADT test
failure with linux 4.9.0-12.13) (LP: #1658633)
- ext4: lock the xattr block before checksuming it
* vmxnet3 LRO IPv6 performance issues (stalling TCP) (LP: #1605494)
- Driver: Vmxnet3: set CHECKSUM_UNNECESSARY for IPv6 packets
* move aufs.ko from -extra to linux-image package (LP: #1673498)
- [config] aufs.ko moved to linux-image package
* lsattr 32bit does not work on 64bit kernel (Inappropriate ioctl error)
(LP: #1619918)
- btrfs: fix btrfs_compat_ioctl failures on non-compat ioctls
Date: 2021-03-18 15:43:09.304736+00:00
Changed-By: Stefan Bader <stefan.ba...@canonical.com>
Signed-By: Steve Langasek <steve.langa...@canonical.com>
https://launchpad.net/ubuntu/+source/linux-lts-trusty/3.13.0-185.236~12.04.1
Sorry, changesfile not available.
--
Precise-changes mailing list
Precise-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/precise-changes