linux (3.2.0-150.197) precise; urgency=medium

  * precise/linux: 3.2.0-150.197 -proposed tracker (LP: #1919172)

  * CVE-2021-27365
    - scsi: iscsi: Verify lengths on passthrough PDUs
    - sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output
    - scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE

  * CVE-2021-27363 // CVE-2021-27364
    - scsi: iscsi: Restrict sessions and handles to admin capabilities

  * CVE-2021-27364
    - scsi: iscsi: respond to netlink with unicast when appropriate
    - Add file_ns_capable() helper function for open-time capability checking
    - net: Add variants of capable for use on on sockets
    - netlink: Make the sending netlink socket availabe in NETLINK_CB

linux (3.2.0-149.196) precise; urgency=medium

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

  * CVE-2020-16119
    - SAUCE: dccp: avoid double free of ccid on child socket

linux (3.2.0-148.195) precise; urgency=medium

  * precise/linux: 3.2.0-148.195 -proposed tracker (LP: #1882773)

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

  * CVE-2020-0543
    - UBUNTU/SAUCE: x86/speculation/srbds: do not try to turn mitigation off 
when
      not supported

linux (3.2.0-147.194) precise; urgency=medium

  * CVE-2020-0543
    - x86, cpufeature: Add the RDSEED and ADX features
    - SAUCE: x86/cpu: Add a steppings field to struct x86_cpu_id
    - SAUCE: x86/cpu: Add 'table' argument to cpu_matches()
    - SAUCE: x86/speculation: Add Special Register Buffer Data Sampling (SRBDS)
      mitigation
    - SAUCE: x86/speculation: Add SRBDS vulnerability and mitigation 
documentation
    - SAUCE: x86/speculation: Add Ivy Bridge to affected list

linux (3.2.0-145.192) precise; urgency=medium

  * precise/linux: 3.2.0-145.192 -proposed tracker (LP: #1878876)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] resync getabis
    - [Packaging] update helper scripts

  * CVE-2020-12654
    - mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status()

linux (3.2.0-144.191) precise; urgency=medium

  * CVE-2019-11135
    - x86/msr: Add the IA32_TSX_CTRL MSR
    - x86/cpu: Add a helper function x86_read_arch_cap_msr()
    - x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
    - x86/speculation/taa: Add mitigation for TSX Async Abort
    - x86/speculation/taa: Add sysfs reporting for TSX Async Abort
    - x86/tsx: Add "auto" option to the tsx= cmdline parameter
    - x86/speculation/taa: Add documentation for TSX Async Abort
    - x86/tsx: Add config options to set tsx=on|off|auto
    - SAUCE: x86/speculation/taa: Call tsx_init()
    - SAUCE: x86/cpu: Include cpu header from bugs.c
    - [Config] Disable TSX by default when possible

  * The 3.13 kernel for Precise ESM does not provide the expected version number
    (LP: #1838610)
    - [debian] Allow for package revisions condusive for branching
    - [debian] Fix regression with ABI subversions and backport
    - [Packaging] uploadnum should be the remainder of the version

linux (3.2.0-143.190) precise; urgency=medium

  * CVE-2019-14835
    - vhost: make sure log_num < in_num

linux (3.2.0-142.189) precise; urgency=medium

  * linux: 3.2.0-142.189 -proposed tracker (LP: #1835270)

  * CVE-2017-5715 // MDS: CPU buffers are not cleared on all paths from kernel
    to userspace (LP: #1833047)
    - SAUCE: KVM: x86: Make use of x86_spec_ctrl_{set_guest,restore_host}

  * CVE-2017-5715 // x86/speculation: SPEC_CTRL MSR not properly set/restored on
    VMENTER/VMEXIT (LP: #1834635)
    - SAUCE: x86/speculation: Introduce x86_spec_ctrl_{set_guest,restore_host}

  * x86/speculation: SPEC_CTRL MSR not properly set/restored on VMENTER/VMEXIT
    (LP: #1834635)
    - SAUCE: KVM: VMX: Move spec_ctrl from kvm_vcpu_arch to vcpu_vmx

  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130 // CVE-2019-11091 // MDS:
    CPU buffers are not cleared on all paths from kernel to userspace (LP:
    #1833047)
    - x86/asm: Error out if asm/jump_label.h is included inappropriately
    - x86/asm: Make asm/alternative.h safe from assembly
    - x86/jump-label: Use best default nops for inital jump label calls
    - SAUCE: [Fix] x86/speculation/mds: Clear CPU buffers on exit to user

  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130 // CVE-2019-11091 // MDS:
    Incorrect warning when booting with 'nosmt' (LP: #1830018)
    - SAUCE: [Fix] x86/speculation/mds: Add SMT warning message

  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
    - x86/speculation: Remove redundant arch_smt_update() invocation
    - KVM: VMX: fixes for vmentry_l1d_flush module parameter

  * CVE-2017-5715
    - SAUCE: Reset the SPEC_CTRL MSR on secondary CPUs

  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130 // CVE-2019-11091
    - x86/kvm/vmx: Add MDS protection when L1D Flush is not active
    - SAUCE: Synchronize MDS mitigations with upstream
    - Documentation: Correct the possible MDS sysfs values
    - x86/speculation/mds: Fix documentation typo
    - SAUCE: [Fix] UBUNTU: SAUCE: sched/smt: Introduce 
sched_smt_{active,present}

  * CVE-2018-3615 // CVE-2018-3620 // CVE-2018-3646
    - x86/speculation: Mark string arrays const correctly

  * CVE-2017-5715 // CVE-2018-3639
    - x86/cpu: Re-apply forced caps every time CPU caps are re-read

  * CVE-2017-5754
    - SAUCE: Show 'pti' in /proc/cpuinfo

  * CVE-2019-11091
    - x86/mds: Add MDSUM variant to the MDS documentation

  * CVE-2018-3620 // CVE-2018-3646
    - x86/speculation/l1tf: Suggest what to do on systems with too much RAM

  * CVE-2019-11478
    - tcp: refine memory limit test in tcp_fragment()

  * Cleanup Meltdown/Spectre implementation (LP: #1779848) // CVE-2017-5754
    - x86/Documentation: Add PTI description
    - x86/pti: Document fix wrong index
    - SAUCE: x86/pti: Query MSR IA32_ARCH_CAPABILITIES for ARCH_CAP_RDCL_NO

  * Cleanup Meltdown/Spectre implementation (LP: #1779848) // CVE-2017-5715
    - SAUCE: x86/cpufeatures: Reorder auxiliary feature bits
    - SAUCE: x86/msr: Rename MSR spec control feature bits
    - SAUCE: x86/speculation: Introduce spectre_v2_select_mitigation() stub
    - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) 
support
    - SAUCE: x86/cpufeatures: Clean up Spectre v2 related feature bits
    - x86/speculation: Use IBRS if available before calling into firmware
    - SAUCE: x86/speculation: Use x86_spec_ctrl_base in entry/exit code
    - SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code
    - SAUCE: x86/speculation: Query individual feature flags when reloading
      microcode
    - SAUCE: x86/speculation: Make use of indirect_branch_prediction_barrier()
    - SAUCE: x86/speculation: Cleanup IBRS and IBPB runtime control handling

  * Cleanup Meltdown/Spectre implementation (LP: #1779848) // CVE-2017-5715 //
    CVE-2018-3639
    - SAUCE: x86/speculation: Introduce x86_spec_ctrl_base

  * intel-microcode 3.20180312.0 causes lockup at login screen (LP: #1759920) //
    Cleanup Meltdown/Spectre implementation (LP: #1779848) // CVE-2017-5715
    - Revert "UBUNTU: SAUCE: x86/mm: Only set IBPB when the new thread cannot
      ptrace current thread"
    - x86/speculation: Use Indirect Branch Prediction Barrier in context switch

  * Cleanup Meltdown/Spectre implementation (LP: #1779848) // CVE-2018-12126 //
    CVE-2018-12127 // CVE-2018-12130
    - SAUCE: x86/msr: Fix formatting of msr-index.h

  * Cleanup Meltdown/Spectre implementation (LP: #1779848) // CVE-2017-5753
    - Revert "UBUNTU: SAUCE: x86/cpu/AMD: Make the LFENCE instruction 
serialized"
    - x86/cpu/AMD: Make LFENCE a serializing instruction
    - x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC

linux (3.2.0-141.188) precise; urgency=medium

  * Remote denial of service (system crash) caused by integer overflow in TCP
    SACK handling (LP: #1831637)
    - SAUCE: tcp: limit payload size of sacked skbs
    - SAUCE: tcp: fix fack_count accounting on tcp_shift_skb_data()

  * Remote denial of service (resource exhaustion) caused by TCP SACK scoreboard
    manipulation (LP: #1831638)
    - SAUCE: tcp: tcp_fragment() should apply sane memory limits

  * Switch getabis to the new format (LP: #1829882)
    - [Packaging] Switch getabis to the new format

linux (3.2.0-140.186) precise; urgency=medium

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] update helper scripts
    - [Packaging] Sync in-tree getabis script

  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
    - x86/cpufeature: Move some of the scattered feature bits to x86_capability
    - x86/cpufeature: Cleanup get_cpu_cap()
    - x86/cpufeature: Use enum cpuid_leafs instead of magic numbers
    - KVM: x86: remove magic number with enum cpuid_leafs
    - perf/x86/intel: Use Intel family macros for core perf events
    - x86/cpu: Sanitize FAM6_ATOM naming
    - locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a
      new <linux/bits.h> file
    - x86/msr-index: Cleanup bit defines
    - x86/speculation: Consolidate CPU whitelists
    - x86/speculation/mds: Add basic bug infrastructure for MDS
    - x86/speculation/mds: Add BUG_MSBDS_ONLY
    - x86/speculation/mds: Add mds_clear_cpu_buffers()
    - locking/static_keys: Provide DECLARE and well as DEFINE macros
    - include/linux/jump_label.h: expose the reference count
    - jump_label: Allow asm/jump_label.h to be included in assembly
    - jump_label: Allow jump labels to be used in assembly
    - x86/headers: Don't include asm/processor.h in asm/atomic.h
    - SAUCE: locking/jump_label_key: Mimick the new static key API
    - x86/speculation/mds: Clear CPU buffers on exit to user
    - x86/speculation/mds: Conditionally clear CPU buffers on idle entry
    - SAUCE: sched: Expose cpu_smt_mask()
    - SAUCE: sched/smt: Introduce sched_smt_{active,present}
    - SAUCE: Rename the Ubuntu-only spec_ctrl_mutex mutex
    - SAUCE: x86/speculation: Introduce arch_smt_update()
    - x86/speculation: Rework SMT state change
    - x86/speculation/mds: Add mitigation control for MDS
    - x86/speculation/mds: Add sysfs reporting for MDS
    - x86/speculation/mds: Add mitigation mode VMWERV
    - Documentation: Move L1TF to separate directory
    - Documentation: Add MDS vulnerability documentation
    - x86/speculation/mds: Add mds=full,nosmt cmdline option
    - x86/speculation/mds: Add SMT warning message
    - x86/speculation/mds: Fix comment
    - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
    - x86/speculation/mds: Add 'mitigations=' support for MDS
    - KVM: Add x86_hyper_kvm to complete detect_hypervisor_platform check

  * CVE-2017-5715 // CVE-2017-5754 // CVE-2018-3620 // CVE-2018-3639 //
    CVE-2018-3646
    - cpu/speculation: Add 'mitigations=' cmdline option
    - x86/speculation: Support 'mitigations=' cmdline option

  * CVE-2018-3639 (x86)
    - x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP

  * ibrs/ibpb fixes result in excessive kernel logging  (LP: #1755627) //
    CVE-2017-5715
    - SAUCE: remove ibrs_dump sysctl interface

linux (3.2.0-139.185) precise; urgency=medium

  * linux: 3.2.0-139.185 -proposed tracker (LP: #1806430)

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

  * Update to upstream's implementation of Spectre v1 mitigation
    (LP: #1774181) // CVE-2017-5753
    - SAUCE: x86/speculation: Add X86_BUG_SPECTRE_V[12] and sysfs show functions
    - Documentation: Document array_index_nospec
    - array_index_nospec: Sanitize speculative array de-references
    - x86: Implement array_index_mask_nospec
    - x86/spectre_v1: Disable compiler optimizations over
      array_index_mask_nospec()
    - x86/speculation: Fix up array_index_nospec_mask() asm constraint
    - SAUCE: Drop gmb() in favor of array_index_nospec()
    - Revert "UBUNTU: SAUCE: x86/cpu/AMD: Remove now unused definition of
      MFENCE_RDTSC feature"
    - x86: Introduce barrier_nospec
    - x86/get_user: Use pointer masking to limit speculation
    - x86/syscall: Sanitize syscall table de-references under speculation
    - nl80211: Sanitize array index in parse_txq_params
    - x86/spectre: Report get_user mitigation for spectre_v1
    - ALSA: opl3: Hardening for potential Spectre v1
    - ALSA: asihpi: Hardening for potential Spectre v1
    - ALSA: hdspm: Hardening for potential Spectre v1
    - ALSA: rme9652: Hardening for potential Spectre v1
    - ALSA: control: Hardening for potential Spectre v1
    - ALSA: seq: oss: Hardening for potential Spectre v1
    - ALSA: hda: Hardening for potential Spectre v1
    - net: atm: Fix potential Spectre v1
    - atm: zatm: Fix potential Spectre v1
    - perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_*
    - perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map()
    - kernel/sys.c: fix potential Spectre v1 issue
    - HID: hiddev: fix potential Spectre v1
    - atm: zatm: Fix potential Spectre v1
    - net: cxgb3_main: fix potential Spectre v1
    - netlink: Fix spectre v1 gadget in netlink_create()
    - net: socket: fix potential spectre v1 gadget in socketcall
    - libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store()
    - ext4: fix spectre gadget in ext4_mb_regular_allocator()
    - fs/quota: Fix spectre gadget in do_quotactl
    - misc: hmc6352: fix potential Spectre v1
    - tty: vt_ioctl: fix potential Spectre v1

  * Update to upstream's implementation of Spectre v1 mitigation
    (LP: #1774181) // Prevent speculation on user controlled pointer
    (LP: #1775137) // CVE-2017-5753
    - x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
    - x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec

linux (3.2.0-138.184) precise; urgency=medium

  * linux: 3.2.0-138.184 -proposed tracker (LP: #1802777)

  * CVE-2017-5754
    - SAUCE: x86/pti: Add X86_BUG_CPU_MELTDOWN and sysfs show function

linux (3.2.0-137.183) precise; urgency=medium

  * linux: 3.2.0-137.183 -proposed tracker (LP: #1799398)

  * L1TF mitigation not effective in some CPU and RAM combinations
    (LP: #1788563) // CVE-2018-3620 // CVE-2018-3646
    - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
    - x86/speculation/l1tf: Fix off-by-one error when warning that system has 
too
      much RAM
    - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+

  * CVE-2018-3620 // CVE-2018-3646
    - mm: x86 pgtable: drop unneeded preprocessor ifdef
    - x86/asm: Move PUD_PAGE macros to page_types.h
    - x86/asm: Add pud/pmd mask interfaces to handle large PAT bit
    - x86/asm: Fix pud/pmd interfaces to handle large PAT bit
    - x86/mm: Fix regression with huge pages on PAE
    - x86/mm: Simplify p[g4um]d_page() macros
    - x86/cpu: Merge bugs.c and bugs_64.c
    - x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT
    - x86/speculation/l1tf: Change order of offset/type in swap entry
    - x86/speculation/l1tf: Protect swap entries against L1TF
    - x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation
    - x86/speculation/l1tf: Make sure the first page is always reserved
    - SAUCE: x86/fremap: Invert the offset when converting to/from a PTE
    - x86: Fix 32-bit *_cpu_data initializers
    - x86, cpu: Expand cpufeature facility to include cpu bugs
    - x86, cpu: Convert F00F bug detection
    - x86, cpu: Convert FDIV bug detection
    - x86, cpu: Convert Cyrix coma bug detection
    - x86, cpu: Convert AMD Erratum 383
    - x86, cpu: Convert AMD Erratum 400
    - x86/cpu/intel: Introduce macros for Intel family numbers
    - x86/cpu: Factor out application of forced CPU caps
    - x86/cpufeatures: Make CPU bugs sticky
    - SAUCE: x86/cpu: Introduce x86_match_cpu()
    - SAUCE: sysfs/cpu: Add vulnerability folder
    - [Config] updateconfigs - enable CONFIG_GENERIC_CPU_VULNERABILITIES
    - x86/speculation/l1tf: Add sysfs reporting for l1tf
    - x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings
    - x86/speculation/l1tf: Limit swap file size to MAX_PA/2
    - x86: fix boot on uniprocessor systems
    - ACPI / processor: Introduce apic_id in struct processor to save parsed 
APIC
      id
    - ACPI processor: Remove unneeded variable passed by
      acpi_processor_hotadd_init V2
    - ACPI / processor: use apic_id and remove duplicated _MAT evaluation
    - x86 / ACPI: simplify _acpi_map_lsapic()
    - x86/topology: Create logical package id
    - x86/topology: Fix logical package mapping
    - x86/topology: Fix Intel HT disable
    - x86/topology: Use total_cpus not nr_cpu_ids for logical packages
    - x86/topology: Handle CPUID bogosity gracefully
    - x86/topology: Fix AMD core count
    - x86/smp: Provide topology_is_primary_thread()
    - x86/topology: Provide topology_smt_supported()
    - cpu/hotplug: Split do_cpu_down()
    - x86/topology: Add topology_max_smt_threads()
    - SAUCE: Introduce lock/unlock device hotplug functions
    - cpu/hotplug: Provide knobs to control SMT
    - [Config] updateconfigs - enable CONFIG_HOTPLUG_SMT
    - x86/CPU: Modify detect_extended_topology() to return result
    - x86/CPU/AMD: Derive CPU topology from CPUID function 0xB when available
    - x86/cpu: Remove the pointless CPU printout
    - x86/cpu/AMD: Remove the pointless detect_ht() call
    - x86/cpu/common: Provide detect_ht_early()
    - x86/cpu/topology: Provide detect_extended_topology_early()
    - x86/cpu/intel: Evaluate smp_num_siblings early
    - x86/cpu/AMD: Evaluate smp_num_siblings early
    - x86/apic: Ignore secondary threads if nosmt=force
    - x86/speculation/l1tf: Extend 64bit swap file size limit
    - SAUCE: x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
    - x86/cpufeatures: Add detection of L1D cache flush support.
    - x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings
    - x86/speculation/l1tf: Protect PAE swap entries against L1TF
    - SAUCE: Work-around for gcc 4.6.3 segmentation fault
    - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE
    - Revert "x86/apic: Ignore secondary threads if nosmt=force"
    - cpu/hotplug: Boot HT siblings at least once
    - SAUCE: Alternative approach to boot nosmt
    - SAUCE: x86/mce: Try register mce notifier earlier
    - KVM: x86: Introducing kvm_x86_ops VM init/destroy hooks
    - x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present.
    - x86/KVM/VMX: Add module argument for L1TF mitigation
    - x86/KVM/VMX: Add L1D flush algorithm
    - x86/KVM/VMX: Add L1D MSR based flush
    - KVM: add kvm_arch_sched_in
    - x86/KVM/VMX: Add L1D flush logic
    - x86/KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest 
numbers
    - x86/KVM/VMX: Add find_msr() helper function
    - x86/KVM/VMX: Seperate the VMX AUTOLOAD guest/host number accounting
    - x86/KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs
    - x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required
    - cpu/hotplug: Online siblings when SMT control is turned on
    - arch: Introduce post-init read-only memory
    - x86/litf: Introduce vmx status variable
    - x86/kvm: Drop L1TF MSR list approach
    - x86/l1tf: Handle EPT disabled state proper
    - x86/kvm: Move l1tf setup function
    - x86/kvm: Add static key for flush always
    - x86/kvm: Serialize L1D flush parameter setter
    - x86/kvm: Allow runtime control of L1D flush
    - cpu/hotplug: Expose SMT control init function
    - cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early
    - x86/bugs, kvm: Introduce boot-time control of L1TF mitigations
    - Documentation: Add section about CPU vulnerabilities
    - x86/KVM/VMX: Initialize the vmx_l1d_flush_pages' content
    - Documentation/l1tf: Fix typos
    - cpu/hotplug: detect SMT disabled by BIOS
    - x86/KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush()
    - x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond'
    - x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush()
    - x86/irq: Demote irq_cpustat_t::__softirq_pending to u16
    - x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d
    - x86: Don't include linux/irq.h from asm/hardirq.h
    - SAUCE: Move __this_cpu_{read,write} to percpu-ubuntu.h
    - x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d
    - Documentation/l1tf: Remove Yonah processors from not vulnerable list
    - x86/speculation: Simplify sysfs report of VMX L1TF vulnerability
    - x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry
    - cpu/hotplug: Fix SMT supported evaluation
    - x86/speculation/l1tf: Invert all not present mappings
    - x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert

linux (3.2.0-136.182) precise; urgency=medium

  * CVE-2018-14633
    - iscsi target: Use hex2bin instead of a re-implementation

  * CVE-2018-14634
    - exec: Limit arg stack to at most 75% of _STK_LIM

  * CVE-2018-5390
    - SAUCE: tcp: Correct the backport of the CVE-2018-5390 fix

  * Improvements to the kernel source package preparation (LP: #1793461)
    - [Packaging] startnewrelease: add support for backport kernels

linux (3.2.0-135.181) precise; urgency=medium

  * linux: 3.2.0-135.181 -proposed tracker (LP: #1788762)

  * CVE-2018-5390
    - tcp: avoid collapses in tcp_prune_queue() if possible
    - tcp: detect malicious patterns in tcp_collapse_ofo_queue()

linux (3.2.0-134.180) precise; urgency=medium

  * CVE-2018-8897
    - x86/traps: Enable DEBUG_STACK after cpu_init() for TRAP_DB/BP
    - x86/entry/64: Don't use IST entry for #BP stack

  * CVE-2018-1087
    - KVM: VMX: Fix DR6 update on #DB exception
    - KVM: VMX: Advance rip to after an ICEBP instruction
    - kvm/x86: fix icebp instruction handling

  * CVE-2018-1000199
    - perf/hwbp: Simplify the perf-hwbp code, fix documentation

linux (3.2.0-133.179) precise; urgency=medium

  * linux: 3.2.0-133.179 -proposed tracker (LP: #1745959)

  * upload urgency should be medium by default (LP: #1745338)
    - [Packaging] update urgency to medium by default

  * Do not duplicate changelog entries assigned to more than one bug or CVE
    (LP: #1743383)
    - [Packaging] git-ubuntu-log -- handle multiple bugs/cves better

  * CVE-2017-5715 // CVE-2017-5753
    - SAUCE: locking/barriers: introduce new memory barrier gmb()
    - SAUCE: uvcvideo: prevent speculative execution
    - SAUCE: carl9170: prevent speculative execution
    - SAUCE: p54: prevent speculative execution
    - SAUCE: qla2xxx: prevent speculative execution
    - SAUCE: fs: prevent speculative execution
    - SAUCE: udf: prevent speculative execution
    - SAUCE: x86/feature: Enable the x86 feature to control Speculation
    - SAUCE: x86/feature: Report presence of IBPB and IBRS control
    - SAUCE: x86/enter: MACROS to set/clear IBRS and set IBPB
    - x86, alternative: Add header guards to <asm/alternative-asm.h>
    - SAUCE: x86/enter: Use IBRS on syscall and interrupts
    - x86, microcode: Share native MSR accessing variants
    - SAUCE: x86/idle: Disable IBRS entering idle and enable it on wakeup
    - SAUCE: x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
    - SAUCE: x86/mm: Set IBPB upon context switch
    - Fix race in process_vm_rw_core
    - ptrace: mark __ptrace_may_access() static
    - SAUCE: x86/mm: Only set IBPB when the new thread cannot ptrace current
      thread
    - SAUCE: x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
    - SAUCE: x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
    - SAUCE: x86/kvm: Set IBPB when switching VM
    - SAUCE: x86/kvm: Toggle IBRS on VM entry and exit
    - SAUCE: x86/kvm: Pad RSB on VM transition
    - x86 / msr: add 64bit _on_cpu access functions
    - SAUCE: x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
    - SAUCE: x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb 
control
    - SAUCE: x86/entry: Use retpoline for syscall's indirect calls
    - bitops: Introduce BIT_ULL
    - SAUCE: x86/cpu/AMD: Add speculative control support for AMD
    - SAUCE: x86/microcode: Extend post microcode reload to support IBPB feature
    - SAUCE: KVM: SVM: Do not intercept new speculative control MSRs
    - SAUCE: x86/svm: Set IBRS value on VM entry and exit
    - SAUCE: x86/svm: Set IBPB when running a different VCPU
    - x86/cpuid: Provide get_scattered_cpuid_leaf()
    - SAUCE: KVM: x86: Add speculative control CPUID support for guests
    - SAUCE: x86/svm: Add code to clobber the RSB on VM exit
    - kvm: vmx: Scrub hardware GPRs at VM-exit
    - x86/bitops: Move BIT_64() for a wider use
    - x86, pvops: Remove hooks for {rd,wr}msr_safe_regs
    - x86, cpu: Fix show_msr MSR accessing function
    - x86, cpu, amd: Fix crash as Xen Dom0 on AMD Trinity systems
    - x86, cpu, amd: Deprecate AMD-specific MSR variants
    - x86, cpu: Rename checking_wrmsrl() to wrmsrl_safe()
    - x86: Add another set of MSR accessor functions
    - x86/asm/msr: Make wrmsrl_safe() a function
    - SAUCE: x86/cpu/AMD: Make the LFENCE instruction serialized
    - SAUCE: x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature
    - SAUCE: arm: no gmb() implementation yet
    - SAUCE: powerpc: no gmb() implementation yet

  * CVE-2017-5754
    - kaiser: Set _PAGE_NX only if supported
    - kaiser: Set _PAGE_NX only if supported

linux (3.2.0-132.178) precise; urgency=low

  * linux: 3.2.0-132.178 -proposed tracker (LP: #1741612)

  * CVE-2017-5754
    - perf/x86: Correctly use FEATURE_PDCM
    - x86/mm: Disable preemption during CR3 read+write
    - x86, cpufeature: Add CPU features from Intel document 319433-012A
    - x86/mm: Add INVPCID helpers
    - x86/mm: Fix INVPCID asm constraint
    - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID
    - x86/mm: If INVPCID is available, use it to flush global mappings
    - mm/mmu_context, sched/core: Fix mmu_context.h assumption
    - sched/core: Add switch_mm_irqs_off() and use it in the scheduler
    - x86/mm: Build arch/x86/mm/tlb.c even on !SMP
    - x86/mm, sched/core: Uninline switch_mm()
    - x86/mm, sched/core: Turn off IRQs in switch_mm()
    - sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off()
    - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP
      code
    - x86/mm: Disable PCID on 32-bit kernels
    - x86/mm: Add the 'nopcid' boot option to turn off PCID
    - x86/mm: Enable CR4.PCIDE on supported systems
    - x86/mm/64: Fix reboot interaction with CR4.PCIDE
    - KAISER: Kernel Address Isolation
    - x86/mm/kaiser: re-enable vsyscalls
    - kaiser: user_map __kprobes_text too
    - kaiser: alloc_ldt_struct() use get_zeroed_page()
    - x86/alternatives: Cleanup DPRINTK macro
    - x86/alternatives: Add instruction padding
    - x86/alternatives: Make JMPs more robust
    - x86/alternatives: Use optimized NOPs for padding
    - kaiser: add "nokaiser" boot option, using ALTERNATIVE
    - x86, boot: Carve out early cmdline parsing function
    - x86/boot: Fix early command-line parsing when matching at end
    - x86/boot: Fix early command-line parsing when partial word matches
    - x86/boot: Simplify early command line parsing
    - x86/boot: Pass in size to early cmdline parsing
    - x86/boot: Add early cmdline parsing for options with arguments
    - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling
    - x86/kaiser: Check boottime cmdline params
    - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush
    - kaiser: asm/tlbflush.h handle noPGE at lower level
    - kaiser: kaiser_flush_tlb_on_return_to_user() check PCID
    - x86/paravirt: Dont patch flush_tlb_single
    - x86/kaiser: Reenable PARAVIRT
    - kaiser: disabled on Xen PV
    - x86/kaiser: Move feature detection up
    - KPTI: Rename to PAGE_TABLE_ISOLATION
    - KPTI: Report when enabled
    - [Config] updateconfigs - enable PAGE_TABLE_ISOLATION
    - x86/pti: Do not enable PTI on AMD processors

linux (3.2.0-131.177) precise; urgency=low

  * linux: 3.2.0-131.177 -proposed tracker (LP: #1716644)

  * CVE-2017-1000251
    - Bluetooth: Properly check L2CAP config option output buffer length

linux (3.2.0-130.176) precise; urgency=low

  * linux: 3.2.0-130.176 -proposed tracker (LP: #1704996)

  * CVE-2017-1000364
    - mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack
    - mm/mmap.c: expand_downwards: don't require the gap if !vm_prev

linux (3.2.0-129.174) precise; urgency=low

  * linux: 3.2.0-129.174 -proposed tracker (LP: #1700563)

  * CVE-2017-1000364
    - Revert "mm: do not collapse stack gap into THP"
    - Revert "mm: enlarge stack guard gap"
    - mm: larger stack guard gap, between vmas
    - Allow stack to grow up to address space limit

linux (3.2.0-128.173) precise; urgency=low

  * CVE-2016-4997
    - netfilter: x_tables: add and use xt_check_entry_offsets
    - netfilter: x_tables: kill check_entry helper
    - netfilter: x_tables: add compat version of xt_check_entry_offsets
    - netfilter: x_tables: check for bogus target offset

  * CVE-2017-1000364
    - mm: enlarge stack guard gap
    - mm: do not collapse stack gap into THP

Date: 2021-04-05 22:22:09.691838+00:00
Changed-By: Thadeu Lima de Souza Cascardo <thadeu.casca...@canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-ro...@lists.canonical.com>
https://launchpad.net/ubuntu/+source/linux/3.2.0-150.197
Sorry, changesfile not available.
-- 
Precise-changes mailing list
Precise-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/precise-changes

Reply via email to