[Group.of.nepali.translators] [Bug 1765010] Re: Xenial update to 4.4.128 stable release
This bug was fixed in the package linux - 4.4.0-127.153 --- linux (4.4.0-127.153) xenial; urgency=medium * CVE-2018-3639 (powerpc) - powerpc/pseries: Support firmware disable of RFI flush - powerpc/powernv: Support firmware disable of RFI flush - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again - powerpc/rfi-flush: Always enable fallback flush on pseries - powerpc/rfi-flush: Differentiate enabled and patched flush types - powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags - powerpc: Add security feature flags for Spectre/Meltdown - powerpc/pseries: Set or clear security feature flags - powerpc/powernv: Set or clear security feature flags - powerpc/64s: Move cpu_show_meltdown() - powerpc/64s: Enhance the information in cpu_show_meltdown() - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() - powerpc/64s: Wire up cpu_show_spectre_v1() - powerpc/64s: Wire up cpu_show_spectre_v2() - powerpc/pseries: Fix clearing of security feature flags - powerpc: Move default security feature flags - powerpc/pseries: Restore default security feature flags on setup - SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit * CVE-2018-3639 (x86) - SAUCE: Clean up IBPB and IBRS control functions and macros - SAUCE: Fix up IBPB and IBRS kernel parameters documentation - SAUCE: Remove #define X86_FEATURE_PTI - x86/cpufeature: Move some of the scattered feature bits to x86_capability - x86/cpufeature: Cleanup get_cpu_cap() - x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6 - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf - x86/cpufeatures: Add Intel feature bits for Speculation Control - SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf - x86/cpufeatures: Add AMD feature bits for Speculation Control - x86/msr: Add definitions for new speculation control MSRs - SAUCE: x86/msr: Rename MSR spec control feature bits - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support - x86/speculation: Add dependency - x86/cpufeatures: Clean up Spectre v2 related CPUID flags - x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel - SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code - SAUCE: x86: Add alternative_msr_write - SAUCE: x86/nospec: Simplify alternative_msr_write() - SAUCE: x86/bugs: Concentrate bug detection into a separate function - SAUCE: x86/bugs: Concentrate bug reporting into a separate function - arch: Introduce post-init read-only memory - SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - SAUCE: x86/bugs, KVM: Support the combination of guest and host IBRS - SAUCE: x86/bugs: Expose /sys/../spec_store_bypass - SAUCE: x86/cpufeatures: Add X86_FEATURE_RDS - SAUCE: x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - SAUCE: x86/bugs/intel: Set proper CPU features and setup RDS - SAUCE: x86/bugs: Whitelist allowed SPEC_CTRL MSR values - SAUCE: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - SAUCE: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - SAUCE: x86/speculation: Create spec-ctrl.h to avoid include hell - SAUCE: prctl: Add speculation control prctls - x86/process: Optimize TIF checks in __switch_to_xtra() - SAUCE: x86/process: Allow runtime control of Speculative Store Bypass - SAUCE: x86/speculation: Add prctl for Speculative Store Bypass mitigation - SAUCE: nospec: Allow getting/setting on non-current task - SAUCE: proc: Provide details on speculation flaw mitigations - SAUCE: seccomp: Enable speculation flaw mitigations - SAUCE: x86/bugs: Honour SPEC_CTRL default - SAUCE: x86/bugs: Make boot modes __ro_after_init - SAUCE: prctl: Add force disable speculation - SAUCE: seccomp: Use PR_SPEC_FORCE_DISABLE - selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC - SAUCE: seccomp: Add filter flag to opt-out of SSB mitigation - SAUCE: seccomp: Move speculation migitation control to arch code - SAUCE: x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - SAUCE: x86/bugs: Rename _RDS to _SSBD - SAUCE: proc: Use underscores for SSBD in 'status' - SAUCE: Documentation/spec_ctrl: Do some minor cleanups - SAUCE: x86/bugs: Fix __ssb_select_mitigation() return type - SAUCE: x86/bugs: Make cpu_show_common() static
[Group.of.nepali.translators] [Bug 1765010] Re: Xenial update to 4.4.128 stable release
** Also affects: linux (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: linux (Ubuntu Xenial) Importance: Undecided => Medium ** Changed in: linux (Ubuntu Xenial) Status: New => In Progress -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1765010 Title: Xenial update to 4.4.128 stable release Status in linux package in Ubuntu: Invalid Status in linux source package in Xenial: In Progress Bug description: SRU Justification Impact: The upstream process for stable tree updates is quite similar in scope to the Ubuntu SRU process, e.g., each patch has to demonstrably fix a bug, and each patch is vetted by upstream by originating either directly from a mainline/stable Linux tree or a minimally backported form of that patch. The 4.4.128 upstream stable stable patch set is now available. It should be included in the Ubuntu kernel as well. git://git.kernel.org/ TEST CASE: TBD The following patches from the 4.4.128 stable release shall be applied: * Linux 4.4.128 * Revert "xhci: plat: Register shutdown for xhci_plat" * vrf: Fix use after free and double free in vrf_finish_output * ipv6: the entire IPv6 header chain must fit the first fragment * net/ipv6: Increment OUTxxx counters after netfilter hook * net sched actions: fix dumping which requires several messages to user space * r8169: fix setting driver_data after register_netdev * vti6: better validate user provided tunnel names * ip6_tunnel: better validate user provided tunnel names * ip6_gre: better validate user provided tunnel names * ipv6: sit: better validate user provided tunnel names * ip_tunnel: better validate user provided tunnel names * net: fool proof dev_valid_name() * bonding: process the err returned by dev_set_allmulti properly in bond_enslave * bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave * bonding: fix the err path for dev hwaddr sync in bond_enslave * vlan: also check phy_driver ts_info for vlan's real device * vhost: correctly remove wait queue during poll failure * sky2: Increase D3 delay to sky2 stops working after suspend * sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6 * sctp: do not leak kernel memory to user space * pptp: remove a buggy dst release in pptp_connect() * net/sched: fix NULL dereference in the error path of tcf_bpf_init() * netlink: make sure nladdr has correct size in netlink_connect() * net/ipv6: Fix route leaking between VRFs * net: fix possible out-of-bound read in skb_network_protocol() * arp: fix arp_filter on l3slave devices * Kbuild: provide a __UNIQUE_ID for clang * futex: Remove requirement for lock_page() in get_futex_key() * random: use lockless method of accessing and updating f->reg_idx * virtio_net: check return value of skb_to_sgvec in one more location * virtio_net: check return value of skb_to_sgvec always * rxrpc: check return value of skb_to_sgvec always * ipsec: check return value of skb_to_sgvec always * perf tools: Fix copyfile_offset update of output offset * cxgb4vf: Fix SGE FL buffer initialization logic for 64K pages * EDAC, mv64x60: Fix an error handling path * tty: n_gsm: Allow ADM response in addition to UA for control dlci * blk-mq: fix kernel oops in blk_mq_tag_idle() * scsi: libsas: initialize sas_phy status according to response of DISCOVER * scsi: libsas: fix error when getting phy events * scsi: libsas: fix memory leak in sas_smp_get_phy_events() * bcache: segregate flash only volume write streams * bcache: stop writeback thread after detaching * vxlan: dont migrate permanent fdb entries during learn * s390/dasd: fix hanging safe offline * ACPICA: Disassembler: Abort on an invalid/unknown AML opcode * ACPICA: Events: Add runtime stub support for event APIs * cpuidle: dt: Add missing 'of_node_put()' * Bluetooth: Send HCI Set Event Mask Page 2 command only when needed * iio: magnetometer: st_magn_spi: fix spi_device_id table * sparc64: ldc abort during vds iso boot * sctp: fix recursive locking warning in sctp_do_peeloff * bnx2x: Allow vfs to disable txvlan offload * xen: avoid type warning in xchg_xen_ulong * skbuff: only inherit relevant tx_flags * perf tests: Decompress kernel module before objdump * net: emac: fix reset timeout with AR8035 phy * Fix loop device flush before configure v3 * MIPS: kprobes: flush_insn_slot should flush only if probe initialised * MIPS: mm: adjust PKMAP location * MIPS: mm: fixed mappings: correct initialisation * perf/core: Correct event