[ubuntu/xenial-proposed] python-apt 1.1.0~beta1ubuntu0.16.04.3 (Accepted)
python-apt (1.1.0~beta1ubuntu0.16.04.3) xenial; urgency=medium * Frontend locking and related locking improvements (LP: #1795407) - apt.Cache: Keep / Re-establish the system lock in commit() - apt.Cache: Keep archive locked during commit()/ in fetch_archives() - apt.Cache: Reinstate locks in a finally / run dpkg inside try - Introduce frontend locking - Convert apt.Cache.commit and apt_pkg.DepCache.commit to FE lock * Other changes to make that work: - travis CI: enable PPA for new apt versions * As always, updated mirror lists Date: Mon, 01 Oct 2018 16:00:14 +0200 Changed-By: Julian Andres Klode Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/+source/python-apt/1.1.0~beta1ubuntu0.16.04.3 Format: 1.8 Date: Mon, 01 Oct 2018 16:00:14 +0200 Source: python-apt Binary: python-apt python-apt-doc python-apt-dbg python-apt-dev python-apt-common python3-apt python3-apt-dbg Architecture: source Version: 1.1.0~beta1ubuntu0.16.04.3 Distribution: xenial Urgency: medium Maintainer: Ubuntu Developers Changed-By: Julian Andres Klode Description: python-apt - Python interface to libapt-pkg python-apt-common - Python interface to libapt-pkg (locales) python-apt-dbg - Python interface to libapt-pkg (debug extension) python-apt-dev - Python interface to libapt-pkg (development files) python-apt-doc - Python interface to libapt-pkg (API documentation) python3-apt - Python 3 interface to libapt-pkg python3-apt-dbg - Python 3 interface to libapt-pkg (debug extension) Launchpad-Bugs-Fixed: 1795407 Changes: python-apt (1.1.0~beta1ubuntu0.16.04.3) xenial; urgency=medium . * Frontend locking and related locking improvements (LP: #1795407) - apt.Cache: Keep / Re-establish the system lock in commit() - apt.Cache: Keep archive locked during commit()/ in fetch_archives() - apt.Cache: Reinstate locks in a finally / run dpkg inside try - Introduce frontend locking - Convert apt.Cache.commit and apt_pkg.DepCache.commit to FE lock * Other changes to make that work: - travis CI: enable PPA for new apt versions * As always, updated mirror lists Checksums-Sha1: 16c9d61d98260a493e5dca1d9882ad3cb34975bc 2543 python-apt_1.1.0~beta1ubuntu0.16.04.3.dsc 1268a4ef3845c8bc3cbfdc4a7828887b0b16cf8d 313556 python-apt_1.1.0~beta1ubuntu0.16.04.3.tar.xz 150f97dee9c8f4efcf4b14c78a783f9b7f745d32 11506 python-apt_1.1.0~beta1ubuntu0.16.04.3_source.buildinfo Checksums-Sha256: 2e927f919b903ad927a96731bad75de0affa21865e000627741b5a75bd195857 2543 python-apt_1.1.0~beta1ubuntu0.16.04.3.dsc 6baa7a9f9d9c0d9216fef82a617a05717fa86287d1e64dd19c730655a04cdb7c 313556 python-apt_1.1.0~beta1ubuntu0.16.04.3.tar.xz 163be9ac30cc434b36019711b5d54ba4602a68ff963fdefe4c23e3c8f207d9fb 11506 python-apt_1.1.0~beta1ubuntu0.16.04.3_source.buildinfo Files: 31e0254b83e9faa2ffb4afacb63e9074 2543 python standard python-apt_1.1.0~beta1ubuntu0.16.04.3.dsc c7b2ed521d74c8501cbe71036488d7dd 313556 python standard python-apt_1.1.0~beta1ubuntu0.16.04.3.tar.xz 67a3e7a8582ff0da25d94455940bad79 11506 python standard python-apt_1.1.0~beta1ubuntu0.16.04.3_source.buildinfo Original-Maintainer: APT Development Team -- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-proposed] apt 1.2.28 (Accepted)
apt (1.2.28) xenial; urgency=medium [ Julian Andres Klode ] * apt.conf.autoremove: Add linux-cloud-tools to list (LP: #1698159) * Add support for dpkg frontend lock (Closes: #869546) (LP: #1781169) * Set DPKG_FRONTEND_LOCKED as needed when doing selection changes * http: Stop pipeline after close only if it was not filled before (LP: #1794957) * pkgCacheFile: Only unlock in destructor if locked before (LP: #1794053) * Update libapt-pkg5.0 symbols for frontend locking [ David Kalnischkies ] * Support records larger than 32kb in 'apt show' (Closes: #905527) (LP: #1787120) Date: Fri, 28 Sep 2018 15:18:29 +0200 Changed-By: Julian Andres Klode Maintainer: APT Development Team https://launchpad.net/ubuntu/+source/apt/1.2.28 Format: 1.8 Date: Fri, 28 Sep 2018 15:18:29 +0200 Source: apt Binary: apt libapt-pkg5.0 libapt-inst2.0 apt-doc libapt-pkg-dev libapt-pkg-doc apt-utils apt-transport-https Architecture: source Version: 1.2.28 Distribution: xenial Urgency: medium Maintainer: APT Development Team Changed-By: Julian Andres Klode Description: apt- commandline package manager apt-doc- documentation for APT apt-transport-https - https download transport for APT apt-utils - package management related utility programs libapt-inst2.0 - deb package format runtime library libapt-pkg-dev - development files for APT's libapt-pkg and libapt-inst libapt-pkg-doc - documentation for APT development libapt-pkg5.0 - package management runtime library Closes: 869546 905527 Launchpad-Bugs-Fixed: 1698159 1781169 1787120 1794053 1794957 Changes: apt (1.2.28) xenial; urgency=medium . [ Julian Andres Klode ] * apt.conf.autoremove: Add linux-cloud-tools to list (LP: #1698159) * Add support for dpkg frontend lock (Closes: #869546) (LP: #1781169) * Set DPKG_FRONTEND_LOCKED as needed when doing selection changes * http: Stop pipeline after close only if it was not filled before (LP: #1794957) * pkgCacheFile: Only unlock in destructor if locked before (LP: #1794053) * Update libapt-pkg5.0 symbols for frontend locking . [ David Kalnischkies ] * Support records larger than 32kb in 'apt show' (Closes: #905527) (LP: #1787120) Checksums-Sha1: 1063bb7a6a6f30a9b8fb05e5357cc6a2e101ac2a 2392 apt_1.2.28.dsc 1cadc80619667fe7cc4cf4b06361d8f0c409f00e 2054516 apt_1.2.28.tar.xz Checksums-Sha256: 168726828e1c34024fd1cbe1efe8f48f9a19f8a0137520a0d66e974c1b0cd18b 2392 apt_1.2.28.dsc 7f73aad7a240d846941efcf4538b6651e7a10871d049ebdd2027426227faaa83 2054516 apt_1.2.28.tar.xz Files: 4cac4d90e9f6f437ebd367bc4f3860e3 2392 admin important apt_1.2.28.dsc 8fd7cbfbe537b1b297811764f1349fe4 2054516 admin important apt_1.2.28.tar.xz -- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] strongswan 5.3.5-1ubuntu3.8 (Accepted)
strongswan (5.3.5-1ubuntu3.8) xenial-security; urgency=medium * SECURITY UPDATE: Insufficient input validation in gmp plugin - debian/patches/strongswan-4.4.0-5.7.0_gmp-pkcs1-overflow.patch: fix buffer overflow with very small RSA keys in src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c. - CVE-2018-17540 Date: 2018-09-26 19:36:12.929845+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/strongswan/5.3.5-1ubuntu3.8 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] linux-hwe_4.15.0-36.39~16.04.1_ppc64el.tar.gz - (Accepted)
linux-hwe (4.15.0-36.39~16.04.1) xenial; urgency=medium * CVE-2018-14633 - iscsi target: Use hex2bin instead of a re-implementation * CVE-2018-17182 - mm: get rid of vmacache_flush_all() entirely Date: Tue, 25 Sep 2018 09:46:43 +0200 Changed-By: Kleber Sacilotto de Souza Maintainer: Launchpad Build Daemon Format: 1.8 Date: Tue, 25 Sep 2018 09:46:43 +0200 Source: linux-hwe Binary: linux-source-4.15.0 linux-headers-4.15.0-36 linux-hwe-tools-4.15.0-36 linux-hwe-cloud-tools-4.15.0-36 linux-image-unsigned-4.15.0-36-generic linux-modules-4.15.0-36-generic linux-modules-extra-4.15.0-36-generic linux-headers-4.15.0-36-generic linux-image-unsigned-4.15.0-36-generic-dbgsym linux-tools-4.15.0-36-generic linux-cloud-tools-4.15.0-36-generic linux-hwe-udebs-generic linux-image-unsigned-4.15.0-36-generic-lpae linux-modules-4.15.0-36-generic-lpae linux-modules-extra-4.15.0-36-generic-lpae linux-headers-4.15.0-36-generic-lpae linux-image-unsigned-4.15.0-36-generic-lpae-dbgsym linux-tools-4.15.0-36-generic-lpae linux-cloud-tools-4.15.0-36-generic-lpae linux-hwe-udebs-generic-lpae linux-image-unsigned-4.15.0-36-lowlatency linux-modules-4.15.0-36-lowlatency linux-modules-extra-4.15.0-36-lowlatency linux-headers-4.15.0-36-lowlatency linux-image-unsigned-4.15.0-36-lowlatency-dbgsym linux-tools-4.15.0-36-lowlatency linux-cloud-tools-4.15.0-36-lowlatency linux-hwe-udebs-lowlatency kernel-image-4.15.0-36-generic-di floppy-modules-4.15.0-36-generic-di fs-core-modules-4.15.0-36-generic-di fs-secondary-modules-4.15.0-36-generic-di input-modules-4.15.0-36-generic-di md-modules-4.15.0-36-generic-di nic-modules-4.15.0-36-generic-di nic-usb-modules-4.15.0-36-generic-di nic-shared-modules-4.15.0-36-generic-di parport-modules-4.15.0-36-generic-di plip-modules-4.15.0-36-generic-di ppp-modules-4.15.0-36-generic-di sata-modules-4.15.0-36-generic-di scsi-modules-4.15.0-36-generic-di storage-core-modules-4.15.0-36-generic-di nfs-modules-4.15.0-36-generic-di block-modules-4.15.0-36-generic-di message-modules-4.15.0-36-generic-di crypto-modules-4.15.0-36-generic-di virtio-modules-4.15.0-36-generic-di vlan-modules-4.15.0-36-generic-di ipmi-modules-4.15.0-36-generic-di multipath-modules-4.15.0-36-generic-di Architecture: ppc64el ppc64el_translations Version: 4.15.0-36.39~16.04.1 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Kleber Sacilotto de Souza Description: block-modules-4.15.0-36-generic-di - Block storage devices (udeb) crypto-modules-4.15.0-36-generic-di - crypto modules (udeb) floppy-modules-4.15.0-36-generic-di - Floppy driver support (udeb) fs-core-modules-4.15.0-36-generic-di - Base filesystem modules (udeb) fs-secondary-modules-4.15.0-36-generic-di - Extra filesystem modules (udeb) input-modules-4.15.0-36-generic-di - Support for various input methods (udeb) ipmi-modules-4.15.0-36-generic-di - ipmi modules (udeb) kernel-image-4.15.0-36-generic-di - kernel image and system map (udeb) linux-cloud-tools-4.15.0-36-generic - Linux kernel version specific cloud tools for version 4.15.0-36 linux-cloud-tools-4.15.0-36-generic-lpae - Linux kernel version specific cloud tools for version 4.15.0-36 linux-cloud-tools-4.15.0-36-lowlatency - Linux kernel version specific cloud tools for version 4.15.0-36 linux-headers-4.15.0-36 - Header files related to Linux kernel version 4.15.0 linux-headers-4.15.0-36-generic - Linux kernel headers for version 4.15.0 on PowerPC 64el SMP linux-headers-4.15.0-36-generic-lpae - Linux kernel headers for version 4.15.0 on PowerPC 64el SMP linux-headers-4.15.0-36-lowlatency - Linux kernel headers for version 4.15.0 on PowerPC 64el SMP linux-hwe-cloud-tools-4.15.0-36 - Linux kernel version specific cloud tools for version 4.15.0-36 linux-hwe-tools-4.15.0-36 - Linux kernel version specific tools for version 4.15.0-36 linux-hwe-udebs-generic - Metapackage depending on kernel udebs (udeb) linux-hwe-udebs-generic-lpae - Metapackage depending on kernel udebs (udeb) linux-hwe-udebs-lowlatency - Metapackage depending on kernel udebs (udeb) linux-image-unsigned-4.15.0-36-generic - Linux kernel image for version 4.15.0 on PowerPC 64el SMP linux-image-unsigned-4.15.0-36-generic-dbgsym - Linux kernel debug image for version 4.15.0 on PowerPC 64el SMP linux-image-unsigned-4.15.0-36-generic-lpae - Linux kernel image for version 4.15.0 on PowerPC 64el SMP linux-image-unsigned-4.15.0-36-generic-lpae-dbgsym - Linux kernel debug image for version 4.15.0 on PowerPC 64el SMP linux-image-unsigned-4.15.0-36-lowlatency - Linux kernel image for version 4.15.0 on PowerPC 64el SMP linux-image-unsigned-4.15.0-36-lowlatency-dbgsym - Linux kernel debug image for version 4.15.0 on PowerPC 64el SMP linux-modules-4.15.0-36-generic - Linux kernel extra modules for version 4.15.0 on PowerPC 64el SMP linux-modules-4.15.0-36-generic-lpae - Linux kernel extra modules for version 4.15.0 on PowerPC 64el SMP
[ubuntu/xenial-updates] linux-hwe_4.15.0-36.39~16.04.1_amd64.tar.gz - (Accepted)
linux-hwe (4.15.0-36.39~16.04.1) xenial; urgency=medium * CVE-2018-14633 - iscsi target: Use hex2bin instead of a re-implementation * CVE-2018-17182 - mm: get rid of vmacache_flush_all() entirely Date: Tue, 25 Sep 2018 09:46:43 +0200 Changed-By: Kleber Sacilotto de Souza Maintainer: Launchpad Build Daemon Format: 1.8 Date: Tue, 25 Sep 2018 09:46:43 +0200 Source: linux-hwe Binary: linux-source-4.15.0 linux-headers-4.15.0-36 linux-hwe-tools-4.15.0-36 linux-hwe-cloud-tools-4.15.0-36 linux-image-unsigned-4.15.0-36-generic linux-modules-4.15.0-36-generic linux-modules-extra-4.15.0-36-generic linux-headers-4.15.0-36-generic linux-image-unsigned-4.15.0-36-generic-dbgsym linux-tools-4.15.0-36-generic linux-cloud-tools-4.15.0-36-generic linux-hwe-udebs-generic linux-image-unsigned-4.15.0-36-generic-lpae linux-modules-4.15.0-36-generic-lpae linux-modules-extra-4.15.0-36-generic-lpae linux-headers-4.15.0-36-generic-lpae linux-image-unsigned-4.15.0-36-generic-lpae-dbgsym linux-tools-4.15.0-36-generic-lpae linux-cloud-tools-4.15.0-36-generic-lpae linux-hwe-udebs-generic-lpae linux-image-unsigned-4.15.0-36-lowlatency linux-modules-4.15.0-36-lowlatency linux-modules-extra-4.15.0-36-lowlatency linux-headers-4.15.0-36-lowlatency linux-image-unsigned-4.15.0-36-lowlatency-dbgsym linux-tools-4.15.0-36-lowlatency linux-cloud-tools-4.15.0-36-lowlatency linux-hwe-udebs-lowlatency kernel-image-4.15.0-36-generic-di fat-modules-4.15.0-36-generic-di fb-modules-4.15.0-36-generic-di firewire-core-modules-4.15.0-36-generic-di floppy-modules-4.15.0-36-generic-di fs-core-modules-4.15.0-36-generic-di fs-secondary-modules-4.15.0-36-generic-di input-modules-4.15.0-36-generic-di irda-modules-4.15.0-36-generic-di md-modules-4.15.0-36-generic-di nic-modules-4.15.0-36-generic-di nic-pcmcia-modules-4.15.0-36-generic-di nic-usb-modules-4.15.0-36-generic-di nic-shared-modules-4.15.0-36-generic-di parport-modules-4.15.0-36-generic-di pata-modules-4.15.0-36-generic-di pcmcia-modules-4.15.0-36-generic-di pcmcia-storage-modules-4.15.0-36-generic-di plip-modules-4.15.0-36-generic-di ppp-modules-4.15.0-36-generic-di sata-modules-4.15.0-36-generic-di scsi-modules-4.15.0-36-generic-di serial-modules-4.15.0-36-generic-di storage-core-modules-4.15.0-36-generic-di usb-modules-4.15.0-36-generic-di nfs-modules-4.15.0-36-generic-di block-modules-4.15.0-36-generic-di message-modules-4.15.0-36-generic-di crypto-modules-4.15.0-36-generic-di virtio-modules-4.15.0-36-generic-di mouse-modules-4.15.0-36-generic-di vlan-modules-4.15.0-36-generic-di ipmi-modules-4.15.0-36-generic-di multipath-modules-4.15.0-36-generic-di Architecture: amd64 all amd64_translations Version: 4.15.0-36.39~16.04.1 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Kleber Sacilotto de Souza Description: block-modules-4.15.0-36-generic-di - Block storage devices (udeb) crypto-modules-4.15.0-36-generic-di - crypto modules (udeb) fat-modules-4.15.0-36-generic-di - FAT filesystem support (udeb) fb-modules-4.15.0-36-generic-di - Framebuffer modules (udeb) firewire-core-modules-4.15.0-36-generic-di - Firewire (IEEE-1394) Support (udeb) floppy-modules-4.15.0-36-generic-di - Floppy driver support (udeb) fs-core-modules-4.15.0-36-generic-di - Base filesystem modules (udeb) fs-secondary-modules-4.15.0-36-generic-di - Extra filesystem modules (udeb) input-modules-4.15.0-36-generic-di - Support for various input methods (udeb) ipmi-modules-4.15.0-36-generic-di - ipmi modules (udeb) irda-modules-4.15.0-36-generic-di - Support for Infrared protocols (udeb) kernel-image-4.15.0-36-generic-di - kernel image and system map (udeb) linux-cloud-tools-4.15.0-36-generic - Linux kernel version specific cloud tools for version 4.15.0-36 linux-cloud-tools-4.15.0-36-generic-lpae - Linux kernel version specific cloud tools for version 4.15.0-36 linux-cloud-tools-4.15.0-36-lowlatency - Linux kernel version specific cloud tools for version 4.15.0-36 linux-headers-4.15.0-36 - Header files related to Linux kernel version 4.15.0 linux-headers-4.15.0-36-generic - Linux kernel headers for version 4.15.0 on 64 bit x86 SMP linux-headers-4.15.0-36-generic-lpae - Linux kernel headers for version 4.15.0 on 64 bit x86 SMP linux-headers-4.15.0-36-lowlatency - Linux kernel headers for version 4.15.0 on 64 bit x86 SMP linux-hwe-cloud-tools-4.15.0-36 - Linux kernel version specific cloud tools for version 4.15.0-36 linux-hwe-tools-4.15.0-36 - Linux kernel version specific tools for version 4.15.0-36 linux-hwe-udebs-generic - Metapackage depending on kernel udebs (udeb) linux-hwe-udebs-generic-lpae - Metapackage depending on kernel udebs (udeb) linux-hwe-udebs-lowlatency - Metapackage depending on kernel udebs (udeb) linux-image-unsigned-4.15.0-36-generic - Linux kernel image for version 4.15.0 on 64 bit x86 SMP linux-image-unsigned-4.15.0-36-generic-dbgsym - Linux kernel debug image for version 4.15.0 on 64 bit x86
[ubuntu/xenial-updates] linux-gcp_4.15.0-1021.22~16.04.1_amd64.tar.gz - (Accepted)
linux-gcp (4.15.0-1021.22~16.04.1) xenial; urgency=medium [ Ubuntu: 4.15.0-36.39 ] * CVE-2018-14633 - iscsi target: Use hex2bin instead of a re-implementation * CVE-2018-17182 - mm: get rid of vmacache_flush_all() entirely Date: Tue, 25 Sep 2018 13:09:01 +0200 Changed-By: Kleber Sacilotto de Souza Maintainer: Launchpad Build Daemon Format: 1.8 Date: Tue, 25 Sep 2018 13:09:01 +0200 Source: linux-gcp Binary: linux-gcp-headers-4.15.0-1021 linux-gcp-tools-4.15.0-1021 linux-image-unsigned-4.15.0-1021-gcp linux-modules-4.15.0-1021-gcp linux-modules-extra-4.15.0-1021-gcp linux-headers-4.15.0-1021-gcp linux-image-unsigned-4.15.0-1021-gcp-dbgsym linux-tools-4.15.0-1021-gcp Architecture: amd64 amd64_translations Version: 4.15.0-1021.22~16.04.1 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Kleber Sacilotto de Souza Description: linux-gcp-headers-4.15.0-1021 - Header files related to Linux kernel version 4.15.0 linux-gcp-tools-4.15.0-1021 - Linux kernel version specific tools for version 4.15.0-1021 linux-headers-4.15.0-1021-gcp - Linux kernel headers for version 4.15.0 on 64 bit x86 SMP linux-image-unsigned-4.15.0-1021-gcp - Linux kernel image for version 4.15.0 on 64 bit x86 SMP linux-image-unsigned-4.15.0-1021-gcp-dbgsym - Linux kernel debug image for version 4.15.0 on 64 bit x86 SMP linux-modules-4.15.0-1021-gcp - Linux kernel extra modules for version 4.15.0 on 64 bit x86 SMP linux-modules-extra-4.15.0-1021-gcp - Linux kernel extra modules for version 4.15.0 on 64 bit x86 SMP linux-tools-4.15.0-1021-gcp - Linux kernel version specific tools for version 4.15.0-1021 Changes: linux-gcp (4.15.0-1021.22~16.04.1) xenial; urgency=medium . [ Ubuntu: 4.15.0-36.39 ] . * CVE-2018-14633 - iscsi target: Use hex2bin instead of a re-implementation * CVE-2018-17182 - mm: get rid of vmacache_flush_all() entirely Checksums-Sha1: 51f411136f7ac4cdb712092a39efb49fe0603142 10965396 linux-gcp-headers-4.15.0-1021_4.15.0-1021.22~16.04.1_amd64.deb 1b7952c580e638bef0769b6432d8996d2d23ab47 880 linux-gcp-tools-4.15.0-1021-dbgsym_4.15.0-1021.22~16.04.1_amd64.ddeb e1f3979ee969e11df901a89c17a2c727cd41bcc0 1031706 linux-gcp-tools-4.15.0-1021_4.15.0-1021.22~16.04.1_amd64.deb 98d29fe2399d0e7767a55108465da0484669bb56 7868335 linux-gcp_4.15.0-1021.22~16.04.1_amd64.tar.gz 3103e7a8f39aa4c6934eaa893d0893a2d61387f3 24582 linux-gcp_4.15.0-1021.22~16.04.1_amd64_translations.tar.gz 5c1b4674fbaae1f232a99b52458afc8da0cdd3c7 1127550 linux-headers-4.15.0-1021-gcp_4.15.0-1021.22~16.04.1_amd64.deb c47d2b0828b4c1f3ad9a25acb6bc2c48194d50d7 619321468 linux-image-unsigned-4.15.0-1021-gcp-dbgsym_4.15.0-1021.22~16.04.1_amd64.ddeb 181ddb29a534bd9d14256569e9f1f4394b387913 7897892 linux-image-unsigned-4.15.0-1021-gcp_4.15.0-1021.22~16.04.1_amd64.deb 11b673c7a799faf8b3e463991fc7078c2fb6a08c 12850108 linux-modules-4.15.0-1021-gcp_4.15.0-1021.22~16.04.1_amd64.deb 868590e81d1e1fdf342cfbcd54879629a87149ce 32401174 linux-modules-extra-4.15.0-1021-gcp_4.15.0-1021.22~16.04.1_amd64.deb d8e76aa0df79cd4efc0af61f795b42a234de4c71 1886 linux-tools-4.15.0-1021-gcp_4.15.0-1021.22~16.04.1_amd64.deb Checksums-Sha256: db023ef84889a2deec110713521561a86a6bf6528d5660e73119913b1f895ac5 10965396 linux-gcp-headers-4.15.0-1021_4.15.0-1021.22~16.04.1_amd64.deb 6fc706fed26440f3f8f4c095186f311fef1cda4bcca14ebdce1ec944a46274bc 880 linux-gcp-tools-4.15.0-1021-dbgsym_4.15.0-1021.22~16.04.1_amd64.ddeb 34339af936106baa9abefaeba98403d324064f9bd8d47ef1c2d2ed82bcf2667b 1031706 linux-gcp-tools-4.15.0-1021_4.15.0-1021.22~16.04.1_amd64.deb c199b08fd1c377765c1e2bce44243ba2f2cad28ab54baf7b7f85ff7ab834bbe7 7868335 linux-gcp_4.15.0-1021.22~16.04.1_amd64.tar.gz aa7533c5bf35c9dd7166c9f2a4ca1d8b1496694703345097c963c558a0ef2f23 24582 linux-gcp_4.15.0-1021.22~16.04.1_amd64_translations.tar.gz 35299bec0ed7bfe5ef4d9d1a2f23e722d7ffcb06ad2ede461d6a32ad210e5235 1127550 linux-headers-4.15.0-1021-gcp_4.15.0-1021.22~16.04.1_amd64.deb 42bafd0f9106f7e4a48eeb6e57af78c012ecd9286bc02012a1866b91c07ff07a 619321468 linux-image-unsigned-4.15.0-1021-gcp-dbgsym_4.15.0-1021.22~16.04.1_amd64.ddeb a3d5458de85b6028bbc14f8c510672a504fdf3fd17fceae7a96091525660b7ae 7897892 linux-image-unsigned-4.15.0-1021-gcp_4.15.0-1021.22~16.04.1_amd64.deb 4f9cc093ac950bf0bdc9eeeacf40e02df0dd88928840c69bb8430af4f8e6ee26 12850108 linux-modules-4.15.0-1021-gcp_4.15.0-1021.22~16.04.1_amd64.deb 4ae909a55a777e7dc6c08d288d27569d08aab89aed1119049d4335acee2e3d7b 32401174 linux-modules-extra-4.15.0-1021-gcp_4.15.0-1021.22~16.04.1_amd64.deb d0304132c0cb0d383febab1dc219820ce53310faf85683d969554da011788d15 1886 linux-tools-4.15.0-1021-gcp_4.15.0-1021.22~16.04.1_amd64.deb Files: fc09abfbf91b523f934de363b271bc20 10965396 devel optional linux-gcp-headers-4.15.0-1021_4.15.0-1021.22~16.04.1_amd64.deb c5d4637d24d7421dfdc309899310c362 880 devel extra linux-gcp-tools-4.15.0-1021-dbgsym_4.15.0-1021.22~16.04.1_amd64.ddeb
[ubuntu/xenial-updates] linux_4.4.0-137.163_amd64.tar.gz - (Accepted)
linux (4.4.0-137.163) xenial; urgency=medium * CVE-2018-14633 - iscsi target: Use hex2bin instead of a re-implementation * CVE-2018-17182 - mm: get rid of vmacache_flush_all() entirely Date: Mon, 24 Sep 2018 13:39:05 +0200 Changed-By: Stefan Bader Maintainer: Launchpad Build Daemon Format: 1.8 Date: Mon, 24 Sep 2018 13:39:05 +0200 Source: linux Binary: linux-source-4.4.0 linux-doc linux-headers-4.4.0-137 linux-libc-dev linux-tools-common linux-tools-4.4.0-137 linux-cloud-tools-common linux-cloud-tools-4.4.0-137 linux-image-4.4.0-137-generic linux-image-extra-4.4.0-137-generic linux-headers-4.4.0-137-generic linux-image-4.4.0-137-generic-dbgsym linux-tools-4.4.0-137-generic linux-cloud-tools-4.4.0-137-generic linux-udebs-generic linux-image-4.4.0-137-generic-lpae linux-image-extra-4.4.0-137-generic-lpae linux-headers-4.4.0-137-generic-lpae linux-image-4.4.0-137-generic-lpae-dbgsym linux-tools-4.4.0-137-generic-lpae linux-cloud-tools-4.4.0-137-generic-lpae linux-udebs-generic-lpae linux-image-4.4.0-137-lowlatency linux-image-extra-4.4.0-137-lowlatency linux-headers-4.4.0-137-lowlatency linux-image-4.4.0-137-lowlatency-dbgsym linux-tools-4.4.0-137-lowlatency linux-cloud-tools-4.4.0-137-lowlatency linux-udebs-lowlatency linux-image-4.4.0-137-powerpc-e500mc linux-image-extra-4.4.0-137-powerpc-e500mc linux-headers-4.4.0-137-powerpc-e500mc linux-image-4.4.0-137-powerpc-e500mc-dbgsym linux-tools-4.4.0-137-powerpc-e500mc linux-cloud-tools-4.4.0-137-powerpc-e500mc linux-udebs-powerpc-e500mc linux-image-4.4.0-137-powerpc-smp linux-image-extra-4.4.0-137-powerpc-smp linux-headers-4.4.0-137-powerpc-smp linux-image-4.4.0-137-powerpc-smp-dbgsym linux-tools-4.4.0-137-powerpc-smp linux-cloud-tools-4.4.0-137-powerpc-smp linux-udebs-powerpc-smp linux-image-4.4.0-137-powerpc64-emb linux-image-extra-4.4.0-137-powerpc64-emb linux-headers-4.4.0-137-powerpc64-emb linux-image-4.4.0-137-powerpc64-emb-dbgsym linux-tools-4.4.0-137-powerpc64-emb linux-cloud-tools-4.4.0-137-powerpc64-emb linux-udebs-powerpc64-emb linux-image-4.4.0-137-powerpc64-smp linux-image-extra-4.4.0-137-powerpc64-smp linux-headers-4.4.0-137-powerpc64-smp linux-image-4.4.0-137-powerpc64-smp-dbgsym linux-tools-4.4.0-137-powerpc64-smp linux-cloud-tools-4.4.0-137-powerpc64-smp linux-udebs-powerpc64-smp kernel-image-4.4.0-137-generic-di nic-modules-4.4.0-137-generic-di nic-shared-modules-4.4.0-137-generic-di serial-modules-4.4.0-137-generic-di ppp-modules-4.4.0-137-generic-di pata-modules-4.4.0-137-generic-di firewire-core-modules-4.4.0-137-generic-di scsi-modules-4.4.0-137-generic-di plip-modules-4.4.0-137-generic-di floppy-modules-4.4.0-137-generic-di fat-modules-4.4.0-137-generic-di nfs-modules-4.4.0-137-generic-di md-modules-4.4.0-137-generic-di multipath-modules-4.4.0-137-generic-di usb-modules-4.4.0-137-generic-di pcmcia-storage-modules-4.4.0-137-generic-di fb-modules-4.4.0-137-generic-di input-modules-4.4.0-137-generic-di mouse-modules-4.4.0-137-generic-di irda-modules-4.4.0-137-generic-di parport-modules-4.4.0-137-generic-di nic-pcmcia-modules-4.4.0-137-generic-di pcmcia-modules-4.4.0-137-generic-di nic-usb-modules-4.4.0-137-generic-di sata-modules-4.4.0-137-generic-di crypto-modules-4.4.0-137-generic-di speakup-modules-4.4.0-137-generic-di virtio-modules-4.4.0-137-generic-di fs-core-modules-4.4.0-137-generic-di fs-secondary-modules-4.4.0-137-generic-di storage-core-modules-4.4.0-137-generic-di block-modules-4.4.0-137-generic-di message-modules-4.4.0-137-generic-di vlan-modules-4.4.0-137-generic-di ipmi-modules-4.4.0-137-generic-di Architecture: amd64 all amd64_translations Version: 4.4.0-137.163 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Stefan Bader Description: block-modules-4.4.0-137-generic-di - Block storage devices (udeb) crypto-modules-4.4.0-137-generic-di - crypto modules (udeb) fat-modules-4.4.0-137-generic-di - FAT filesystem support (udeb) fb-modules-4.4.0-137-generic-di - Framebuffer modules (udeb) firewire-core-modules-4.4.0-137-generic-di - Firewire (IEEE-1394) Support (udeb) floppy-modules-4.4.0-137-generic-di - Floppy driver support (udeb) fs-core-modules-4.4.0-137-generic-di - Base filesystem modules (udeb) fs-secondary-modules-4.4.0-137-generic-di - Extra filesystem modules (udeb) input-modules-4.4.0-137-generic-di - Support for various input methods (udeb) ipmi-modules-4.4.0-137-generic-di - ipmi modules (udeb) irda-modules-4.4.0-137-generic-di - Support for Infrared protocols (udeb) kernel-image-4.4.0-137-generic-di - Linux kernel binary image for the Debian installer (udeb) linux-cloud-tools-4.4.0-137 - Linux kernel version specific cloud tools for version 4.4.0-137 linux-cloud-tools-4.4.0-137-generic - Linux kernel version specific cloud tools for version 4.4.0-137 linux-cloud-tools-4.4.0-137-generic-lpae - Linux kernel version specific cloud tools for version 4.4.0-137 linux-cloud-tools-4.4.0-137-lowlatency -
[ubuntu/xenial-proposed] cloud-initramfs-tools 0.27ubuntu1.6 (Accepted)
cloud-initramfs-tools (0.27ubuntu1.6) xenial; urgency=medium [ Robert Jennings ] * copymods: Take ownership of lib/modules (LP: #1792905) * debian/control: Update Vcs-* to point to git. Date: Thu, 20 Sep 2018 09:39:52 -0400 Changed-By: Scott Moser https://launchpad.net/ubuntu/+source/cloud-initramfs-tools/0.27ubuntu1.6 Format: 1.8 Date: Thu, 20 Sep 2018 09:39:52 -0400 Source: cloud-initramfs-tools Binary: cloud-initramfs-rescuevol cloud-initramfs-growroot overlayroot cloud-initramfs-dyn-netconf cloud-initramfs-copymods cloud-initramfs-rooturl cloud-initramfs-updateroot Architecture: source Version: 0.27ubuntu1.6 Distribution: xenial Urgency: medium Maintainer: Scott Moser Changed-By: Scott Moser Description: cloud-initramfs-copymods - copy initramfs modules into root filesystem for later use cloud-initramfs-dyn-netconf - write a network interface file in /run for BOOTIF cloud-initramfs-growroot - automatically resize the root partition on first boot cloud-initramfs-rescuevol - boot off a rescue volume rather than root filesystem cloud-initramfs-rooturl - use a tarball or squashfs image in a url as the root filesystem cloud-initramfs-updateroot - extract a tarball over root filesystem before pivot overlayroot - use an overlayfs on top of a read-only root filesystem Launchpad-Bugs-Fixed: 1792905 Changes: cloud-initramfs-tools (0.27ubuntu1.6) xenial; urgency=medium . [ Robert Jennings ] * copymods: Take ownership of lib/modules (LP: #1792905) * debian/control: Update Vcs-* to point to git. Checksums-Sha1: e18837c243a1e070137077749a4c8e8c88656847 2066 cloud-initramfs-tools_0.27ubuntu1.6.dsc cb32de34c99de2c8e294e225c7b3ee0f00c09494 40616 cloud-initramfs-tools_0.27ubuntu1.6.tar.xz d326d9fb133a6ab17e87102d32370c821a3861a4 6544 cloud-initramfs-tools_0.27ubuntu1.6_source.buildinfo Checksums-Sha256: 8ff999a7bd2486236120b0e62f22d45f2533d3ea22274939703dcd0e6f223db2 2066 cloud-initramfs-tools_0.27ubuntu1.6.dsc 5e11c6ea3b0492e34c19a46c7d19431214e28372dbea0b71053a58f626f92ccb 40616 cloud-initramfs-tools_0.27ubuntu1.6.tar.xz 1bc3986bc7d0bca1815517970e76fd87c96b6bf41e67e2ed1690ec45f2d94b59 6544 cloud-initramfs-tools_0.27ubuntu1.6_source.buildinfo Files: b5157008f5624661c583f2b72286cc54 2066 admin extra cloud-initramfs-tools_0.27ubuntu1.6.dsc 652beb6659ca06856ecf91b347087296 40616 admin extra cloud-initramfs-tools_0.27ubuntu1.6.tar.xz 2fb86aaf2fb00a0e88e74a2641ebd08f 6544 admin extra cloud-initramfs-tools_0.27ubuntu1.6_source.buildinfo -- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] linux-meta-gcp 4.15.0.1021.35 (Accepted)
linux-meta-gcp (4.15.0.1021.35) xenial; urgency=medium * Bump ABI 4.15.0-1021 linux-meta-gcp (4.15.0.1020.34) xenial; urgency=medium * Bump ABI 4.15.0-1020 Date: 2018-09-25 12:34:12.557689+00:00 Changed-By: Kleber Sacilotto de Souza Signed-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/linux-meta-gcp/4.15.0.1021.35 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] strongswan 5.3.5-1ubuntu3.8 (Accepted)
strongswan (5.3.5-1ubuntu3.8) xenial-security; urgency=medium * SECURITY UPDATE: Insufficient input validation in gmp plugin - debian/patches/strongswan-4.4.0-5.7.0_gmp-pkcs1-overflow.patch: fix buffer overflow with very small RSA keys in src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c. - CVE-2018-17540 Date: 2018-09-26 19:36:12.929845+00:00 Changed-By: Marc Deslauriers https://launchpad.net/ubuntu/+source/strongswan/5.3.5-1ubuntu3.8 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] linux-meta-gcp 4.15.0.1021.35 (Accepted)
linux-meta-gcp (4.15.0.1021.35) xenial; urgency=medium * Bump ABI 4.15.0-1021 linux-meta-gcp (4.15.0.1020.34) xenial; urgency=medium * Bump ABI 4.15.0-1020 Date: 2018-09-25 12:34:12.557689+00:00 Changed-By: Kleber Sacilotto de Souza Signed-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/linux-meta-gcp/4.15.0.1021.35 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] linux-meta-gcp 4.15.0.1021.35 (Accepted)
linux-meta-gcp (4.15.0.1021.35) xenial; urgency=medium * Bump ABI 4.15.0-1021 linux-meta-gcp (4.15.0.1020.34) xenial; urgency=medium * Bump ABI 4.15.0-1020 Date: 2018-09-25 12:34:12.557689+00:00 Changed-By: Kleber Sacilotto de Souza Signed-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/linux-meta-gcp/4.15.0.1021.35 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] linux-gcp 4.15.0-1021.22~16.04.1 (Accepted)
linux-gcp (4.15.0-1021.22~16.04.1) xenial; urgency=medium
[ Ubuntu: 4.15.0-36.39 ]
* CVE-2018-14633
- iscsi target: Use hex2bin instead of a re-implementation
* CVE-2018-17182
- mm: get rid of vmacache_flush_all() entirely
linux-gcp (4.15.0-1020.21) bionic; urgency=medium
* linux-gcp: 4.15.0-1020.21 -proposed tracker (LP: #1791728)
* Kernel 4.15.0-35.38 fails to build with CONFIG_XFS_ONLINE_SCRUB enabled
(LP: #1792393)
- SAUCE: xfs: fix build error with CONFIG_XFS_ONLINE_SCRUB enabled
* [Regression] kernel crashdump fails on arm64 (LP: #1786878)
- [config] update configs after rebase
[ Ubuntu: 4.15.0-35.38 ]
* linux: 4.15.0-35.38 -proposed tracker (LP: #1791719)
* device hotplug of vfio devices can lead to deadlock in vfio_pci_release
(LP: #1792099)
- SAUCE: vfio -- release device lock before userspace requests
* L1TF mitigation not effective in some CPU and RAM combinations
(LP: #1788563)
- x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
- x86/speculation/l1tf: Fix off-by-one error when warning that system has
too
much RAM
- x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+
* CVE-2018-15594
- x86/paravirt: Fix spectre-v2 mitigations for paravirt guests
* CVE-2017-5715 (Spectre v2 s390x)
- KVM: s390: implement CPU model only facilities
- s390: detect etoken facility
- KVM: s390: add etoken support for guests
- s390/lib: use expoline for all bcr instructions
- s390: fix br_r1_trampoline for machines without exrl
- SAUCE: s390: use expoline thunks for all branches generated by the BPF JIT
* Ubuntu18.04.1: cpuidle: powernv: Fix promotion from snooze if next state
disabled (performance) (LP: #1790602)
- cpuidle: powernv: Fix promotion from snooze if next state disabled
* Watchdog CPU:19 Hard LOCKUP when kernel crash was triggered (LP: #1790636)
- powerpc: hard disable irqs in smp_send_stop loop
- powerpc: Fix deadlock with multiple calls to smp_send_stop
- powerpc: smp_send_stop do not offline stopped CPUs
- powerpc/powernv: Fix opal_event_shutdown() called with interrupts disabled
* Security fix: check if IOMMU page is contained in the pinned physical page
(LP: #1785675)
- vfio/spapr: Use IOMMU pageshift rather than pagesize
- KVM: PPC: Check if IOMMU page is contained in the pinned physical page
* Missing Intel GPU pci-id's (LP: #1789924)
- drm/i915/kbl: Add KBL GT2 sku
- drm/i915/whl: Introducing Whiskey Lake platform
- drm/i915/aml: Introducing Amber Lake platform
- drm/i915/cfl: Add a new CFL PCI ID.
* CVE-2018-15572
- x86/speculation: Protect against userspace-userspace spectreRSB
* Support Power Management for Thunderbolt Controller (LP: #1789358)
- thunderbolt: Handle NULL boot ACL entries properly
- thunderbolt: Notify userspace when boot_acl is changed
- thunderbolt: Use 64-bit DMA mask if supported by the platform
- thunderbolt: Do not unnecessarily call ICM get route
- thunderbolt: No need to take tb->lock in domain suspend/complete
- thunderbolt: Use correct ICM commands in system suspend
- thunderbolt: Add support for runtime PM
* random oopses on s390 systems using NVMe devices (LP: #1790480)
- s390/pci: fix out of bounds access during irq setup
* [Bionic] Spectre v4 mitigation (Speculative Store Bypass Disable) support
for arm64 using SMC firmware call to set a hardware chicken bit
(LP: #1787993) // CVE-2018-3639 (arm64)
- arm64: alternatives: Add dynamic patching feature
- KVM: arm/arm64: Do not use kern_hyp_va() with kvm_vgic_global_state
- KVM: arm64: Avoid storing the vcpu pointer on the stack
- arm/arm64: smccc: Add SMCCC-specific return codes
- arm64: Call ARCH_WORKAROUND_2 on transitions between EL0 and EL1
- arm64: Add per-cpu infrastructure to call ARCH_WORKAROUND_2
- arm64: Add ARCH_WORKAROUND_2 probing
- arm64: Add 'ssbd' command-line option
- arm64: ssbd: Add global mitigation state accessor
- arm64: ssbd: Skip apply_ssbd if not using dynamic mitigation
- arm64: ssbd: Restore mitigation status on CPU resume
- arm64: ssbd: Introduce thread flag to control userspace mitigation
- arm64: ssbd: Add prctl interface for per-thread mitigation
- arm64: KVM: Add HYP per-cpu accessors
- arm64: KVM: Add ARCH_WORKAROUND_2 support for guests
- arm64: KVM: Handle guest's ARCH_WORKAROUND_2 requests
- arm64: KVM: Add ARCH_WORKAROUND_2 discovery through ARCH_FEATURES_FUNC_ID
- [Config] ARM64_SSBD=y
* Reconcile hns3 SAUCE patches with upstream (LP: #1787477)
- Revert "UBUNTU: SAUCE: net: hns3: Optimize PF CMDQ interrupt switching
process"
- Revert "UBUNTU: SAUCE: net: hns3: Fix for VF mailbox receiving unknown
message"
- Revert "UBUNTU: SAUCE: net: hns3: Fix for VF mailbox cannot receiving PF
response"
- Revert "UBUNTU: SAUCE: {topost} net: hns3:
[ubuntu/xenial-updates] linux-signed-gcp 4.15.0-1021.22~16.04.1 (Accepted)
linux-signed-gcp (4.15.0-1021.22~16.04.1) xenial; urgency=medium * Master version: 4.15.0-1021.22~16.04.1 linux-signed-gcp (4.15.0-1020.21~16.04.1) xenial; urgency=medium * Master version: 4.15.0-1020.21~16.04.1 Date: 2018-09-25 12:37:13.188459+00:00 Changed-By: Kleber Sacilotto de Souza Signed-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/linux-signed-gcp/4.15.0-1021.22~16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] linux-signed-gcp 4.15.0-1021.22~16.04.1 (Accepted)
linux-signed-gcp (4.15.0-1021.22~16.04.1) xenial; urgency=medium * Master version: 4.15.0-1021.22~16.04.1 linux-signed-gcp (4.15.0-1020.21~16.04.1) xenial; urgency=medium * Master version: 4.15.0-1020.21~16.04.1 Date: 2018-09-25 12:37:13.188459+00:00 Changed-By: Kleber Sacilotto de Souza Signed-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/linux-signed-gcp/4.15.0-1021.22~16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] linux-gcp 4.15.0-1021.22~16.04.1 (Accepted)
linux-gcp (4.15.0-1021.22~16.04.1) xenial; urgency=medium
[ Ubuntu: 4.15.0-36.39 ]
* CVE-2018-14633
- iscsi target: Use hex2bin instead of a re-implementation
* CVE-2018-17182
- mm: get rid of vmacache_flush_all() entirely
linux-gcp (4.15.0-1020.21) bionic; urgency=medium
* linux-gcp: 4.15.0-1020.21 -proposed tracker (LP: #1791728)
* Kernel 4.15.0-35.38 fails to build with CONFIG_XFS_ONLINE_SCRUB enabled
(LP: #1792393)
- SAUCE: xfs: fix build error with CONFIG_XFS_ONLINE_SCRUB enabled
* [Regression] kernel crashdump fails on arm64 (LP: #1786878)
- [config] update configs after rebase
[ Ubuntu: 4.15.0-35.38 ]
* linux: 4.15.0-35.38 -proposed tracker (LP: #1791719)
* device hotplug of vfio devices can lead to deadlock in vfio_pci_release
(LP: #1792099)
- SAUCE: vfio -- release device lock before userspace requests
* L1TF mitigation not effective in some CPU and RAM combinations
(LP: #1788563)
- x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
- x86/speculation/l1tf: Fix off-by-one error when warning that system has
too
much RAM
- x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+
* CVE-2018-15594
- x86/paravirt: Fix spectre-v2 mitigations for paravirt guests
* CVE-2017-5715 (Spectre v2 s390x)
- KVM: s390: implement CPU model only facilities
- s390: detect etoken facility
- KVM: s390: add etoken support for guests
- s390/lib: use expoline for all bcr instructions
- s390: fix br_r1_trampoline for machines without exrl
- SAUCE: s390: use expoline thunks for all branches generated by the BPF JIT
* Ubuntu18.04.1: cpuidle: powernv: Fix promotion from snooze if next state
disabled (performance) (LP: #1790602)
- cpuidle: powernv: Fix promotion from snooze if next state disabled
* Watchdog CPU:19 Hard LOCKUP when kernel crash was triggered (LP: #1790636)
- powerpc: hard disable irqs in smp_send_stop loop
- powerpc: Fix deadlock with multiple calls to smp_send_stop
- powerpc: smp_send_stop do not offline stopped CPUs
- powerpc/powernv: Fix opal_event_shutdown() called with interrupts disabled
* Security fix: check if IOMMU page is contained in the pinned physical page
(LP: #1785675)
- vfio/spapr: Use IOMMU pageshift rather than pagesize
- KVM: PPC: Check if IOMMU page is contained in the pinned physical page
* Missing Intel GPU pci-id's (LP: #1789924)
- drm/i915/kbl: Add KBL GT2 sku
- drm/i915/whl: Introducing Whiskey Lake platform
- drm/i915/aml: Introducing Amber Lake platform
- drm/i915/cfl: Add a new CFL PCI ID.
* CVE-2018-15572
- x86/speculation: Protect against userspace-userspace spectreRSB
* Support Power Management for Thunderbolt Controller (LP: #1789358)
- thunderbolt: Handle NULL boot ACL entries properly
- thunderbolt: Notify userspace when boot_acl is changed
- thunderbolt: Use 64-bit DMA mask if supported by the platform
- thunderbolt: Do not unnecessarily call ICM get route
- thunderbolt: No need to take tb->lock in domain suspend/complete
- thunderbolt: Use correct ICM commands in system suspend
- thunderbolt: Add support for runtime PM
* random oopses on s390 systems using NVMe devices (LP: #1790480)
- s390/pci: fix out of bounds access during irq setup
* [Bionic] Spectre v4 mitigation (Speculative Store Bypass Disable) support
for arm64 using SMC firmware call to set a hardware chicken bit
(LP: #1787993) // CVE-2018-3639 (arm64)
- arm64: alternatives: Add dynamic patching feature
- KVM: arm/arm64: Do not use kern_hyp_va() with kvm_vgic_global_state
- KVM: arm64: Avoid storing the vcpu pointer on the stack
- arm/arm64: smccc: Add SMCCC-specific return codes
- arm64: Call ARCH_WORKAROUND_2 on transitions between EL0 and EL1
- arm64: Add per-cpu infrastructure to call ARCH_WORKAROUND_2
- arm64: Add ARCH_WORKAROUND_2 probing
- arm64: Add 'ssbd' command-line option
- arm64: ssbd: Add global mitigation state accessor
- arm64: ssbd: Skip apply_ssbd if not using dynamic mitigation
- arm64: ssbd: Restore mitigation status on CPU resume
- arm64: ssbd: Introduce thread flag to control userspace mitigation
- arm64: ssbd: Add prctl interface for per-thread mitigation
- arm64: KVM: Add HYP per-cpu accessors
- arm64: KVM: Add ARCH_WORKAROUND_2 support for guests
- arm64: KVM: Handle guest's ARCH_WORKAROUND_2 requests
- arm64: KVM: Add ARCH_WORKAROUND_2 discovery through ARCH_FEATURES_FUNC_ID
- [Config] ARM64_SSBD=y
* Reconcile hns3 SAUCE patches with upstream (LP: #1787477)
- Revert "UBUNTU: SAUCE: net: hns3: Optimize PF CMDQ interrupt switching
process"
- Revert "UBUNTU: SAUCE: net: hns3: Fix for VF mailbox receiving unknown
message"
- Revert "UBUNTU: SAUCE: net: hns3: Fix for VF mailbox cannot receiving PF
response"
- Revert "UBUNTU: SAUCE: {topost} net: hns3:
[ubuntu/xenial-security] linux-meta-hwe-edge 4.15.0.36.57 (Accepted)
linux-meta-hwe-edge (4.15.0.36.57) xenial; urgency=medium * Bump ABI 4.15.0-36 linux-meta-hwe-edge (4.15.0.35.56) xenial; urgency=medium * Bump ABI 4.15.0-35 Date: 2018-09-25 13:19:12.991511+00:00 Changed-By: Kleber Sacilotto de Souza Signed-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/linux-meta-hwe-edge/4.15.0.36.57 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] linux-meta-hwe-edge 4.15.0.36.57 (Accepted)
linux-meta-hwe-edge (4.15.0.36.57) xenial; urgency=medium * Bump ABI 4.15.0-36 linux-meta-hwe-edge (4.15.0.35.56) xenial; urgency=medium * Bump ABI 4.15.0-35 Date: 2018-09-25 13:19:12.991511+00:00 Changed-By: Kleber Sacilotto de Souza Signed-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/linux-meta-hwe-edge/4.15.0.36.57 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] linux-signed-hwe 4.15.0-36.39~16.04.1 (Accepted)
linux-signed-hwe (4.15.0-36.39~16.04.1) xenial; urgency=medium * Master version: 4.15.0-36.39~16.04.1 linux-signed-hwe (4.15.0-35.38~16.04.1) xenial; urgency=medium * Master version: 4.15.0-35.38~16.04.1 Date: 2018-09-25 08:58:12.359525+00:00 Changed-By: Kleber Sacilotto de Souza Signed-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/linux-signed-hwe/4.15.0-36.39~16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] linux-signed-hwe 4.15.0-36.39~16.04.1 (Accepted)
linux-signed-hwe (4.15.0-36.39~16.04.1) xenial; urgency=medium * Master version: 4.15.0-36.39~16.04.1 linux-signed-hwe (4.15.0-35.38~16.04.1) xenial; urgency=medium * Master version: 4.15.0-35.38~16.04.1 Date: 2018-09-25 08:58:12.359525+00:00 Changed-By: Kleber Sacilotto de Souza Signed-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/linux-signed-hwe/4.15.0-36.39~16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] linux-hwe 4.15.0-36.39~16.04.1 (Accepted)
linux-hwe (4.15.0-36.39~16.04.1) xenial; urgency=medium
* CVE-2018-14633
- iscsi target: Use hex2bin instead of a re-implementation
* CVE-2018-17182
- mm: get rid of vmacache_flush_all() entirely
linux (4.15.0-35.38) bionic; urgency=medium
* linux: 4.15.0-35.38 -proposed tracker (LP: #1791719)
* device hotplug of vfio devices can lead to deadlock in vfio_pci_release
(LP: #1792099)
- SAUCE: vfio -- release device lock before userspace requests
* L1TF mitigation not effective in some CPU and RAM combinations
(LP: #1788563)
- x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
- x86/speculation/l1tf: Fix off-by-one error when warning that system has
too
much RAM
- x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+
* CVE-2018-15594
- x86/paravirt: Fix spectre-v2 mitigations for paravirt guests
* CVE-2017-5715 (Spectre v2 s390x)
- KVM: s390: implement CPU model only facilities
- s390: detect etoken facility
- KVM: s390: add etoken support for guests
- s390/lib: use expoline for all bcr instructions
- s390: fix br_r1_trampoline for machines without exrl
- SAUCE: s390: use expoline thunks for all branches generated by the BPF JIT
* Ubuntu18.04.1: cpuidle: powernv: Fix promotion from snooze if next state
disabled (performance) (LP: #1790602)
- cpuidle: powernv: Fix promotion from snooze if next state disabled
* Watchdog CPU:19 Hard LOCKUP when kernel crash was triggered (LP: #1790636)
- powerpc: hard disable irqs in smp_send_stop loop
- powerpc: Fix deadlock with multiple calls to smp_send_stop
- powerpc: smp_send_stop do not offline stopped CPUs
- powerpc/powernv: Fix opal_event_shutdown() called with interrupts disabled
* Security fix: check if IOMMU page is contained in the pinned physical page
(LP: #1785675)
- vfio/spapr: Use IOMMU pageshift rather than pagesize
- KVM: PPC: Check if IOMMU page is contained in the pinned physical page
* Missing Intel GPU pci-id's (LP: #1789924)
- drm/i915/kbl: Add KBL GT2 sku
- drm/i915/whl: Introducing Whiskey Lake platform
- drm/i915/aml: Introducing Amber Lake platform
- drm/i915/cfl: Add a new CFL PCI ID.
* CVE-2018-15572
- x86/speculation: Protect against userspace-userspace spectreRSB
* Support Power Management for Thunderbolt Controller (LP: #1789358)
- thunderbolt: Handle NULL boot ACL entries properly
- thunderbolt: Notify userspace when boot_acl is changed
- thunderbolt: Use 64-bit DMA mask if supported by the platform
- thunderbolt: Do not unnecessarily call ICM get route
- thunderbolt: No need to take tb->lock in domain suspend/complete
- thunderbolt: Use correct ICM commands in system suspend
- thunderbolt: Add support for runtime PM
* random oopses on s390 systems using NVMe devices (LP: #1790480)
- s390/pci: fix out of bounds access during irq setup
* [Bionic] Spectre v4 mitigation (Speculative Store Bypass Disable) support
for arm64 using SMC firmware call to set a hardware chicken bit
(LP: #1787993) // CVE-2018-3639 (arm64)
- arm64: alternatives: Add dynamic patching feature
- KVM: arm/arm64: Do not use kern_hyp_va() with kvm_vgic_global_state
- KVM: arm64: Avoid storing the vcpu pointer on the stack
- arm/arm64: smccc: Add SMCCC-specific return codes
- arm64: Call ARCH_WORKAROUND_2 on transitions between EL0 and EL1
- arm64: Add per-cpu infrastructure to call ARCH_WORKAROUND_2
- arm64: Add ARCH_WORKAROUND_2 probing
- arm64: Add 'ssbd' command-line option
- arm64: ssbd: Add global mitigation state accessor
- arm64: ssbd: Skip apply_ssbd if not using dynamic mitigation
- arm64: ssbd: Restore mitigation status on CPU resume
- arm64: ssbd: Introduce thread flag to control userspace mitigation
- arm64: ssbd: Add prctl interface for per-thread mitigation
- arm64: KVM: Add HYP per-cpu accessors
- arm64: KVM: Add ARCH_WORKAROUND_2 support for guests
- arm64: KVM: Handle guest's ARCH_WORKAROUND_2 requests
- arm64: KVM: Add ARCH_WORKAROUND_2 discovery through ARCH_FEATURES_FUNC_ID
- [Config] ARM64_SSBD=y
* Reconcile hns3 SAUCE patches with upstream (LP: #1787477)
- Revert "UBUNTU: SAUCE: net: hns3: Optimize PF CMDQ interrupt switching
process"
- Revert "UBUNTU: SAUCE: net: hns3: Fix for VF mailbox receiving unknown
message"
- Revert "UBUNTU: SAUCE: net: hns3: Fix for VF mailbox cannot receiving PF
response"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: fix comments for
hclge_get_ring_chain_from_mbx"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: fix for using wrong mask and
shift in hclge_get_ring_chain_from_mbx"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: fix for reset_level default
assignment probelm"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: remove unnecessary ring
configuration operation while
[ubuntu/xenial-security] linux-meta-hwe 4.15.0.36.59 (Accepted)
linux-meta-hwe (4.15.0.36.59) xenial; urgency=medium * Bump ABI 4.15.0-36 linux-meta-hwe (4.15.0.35.58) xenial; urgency=medium * Transition 4.13 OEM kernel users to 4.15 HWE kernel (LP: #1785280) - Add transitionals-oem to migrate users on 4.13 based OEM kernel to 4.15 HWE kernel. linux-meta-hwe (4.15.0.35.57) xenial; urgency=medium * Bump ABI 4.15.0-35 Date: 2018-09-25 09:01:21.392382+00:00 Changed-By: Kleber Sacilotto de Souza Signed-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/linux-meta-hwe/4.15.0.36.59 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] linux-meta-hwe 4.15.0.36.59 (Accepted)
linux-meta-hwe (4.15.0.36.59) xenial; urgency=medium * Bump ABI 4.15.0-36 linux-meta-hwe (4.15.0.35.58) xenial; urgency=medium * Transition 4.13 OEM kernel users to 4.15 HWE kernel (LP: #1785280) - Add transitionals-oem to migrate users on 4.13 based OEM kernel to 4.15 HWE kernel. linux-meta-hwe (4.15.0.35.57) xenial; urgency=medium * Bump ABI 4.15.0-35 Date: 2018-09-25 09:01:21.392382+00:00 Changed-By: Kleber Sacilotto de Souza Signed-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/linux-meta-hwe/4.15.0.36.59 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] linux-hwe 4.15.0-36.39~16.04.1 (Accepted)
linux-hwe (4.15.0-36.39~16.04.1) xenial; urgency=medium
* CVE-2018-14633
- iscsi target: Use hex2bin instead of a re-implementation
* CVE-2018-17182
- mm: get rid of vmacache_flush_all() entirely
linux (4.15.0-35.38) bionic; urgency=medium
* linux: 4.15.0-35.38 -proposed tracker (LP: #1791719)
* device hotplug of vfio devices can lead to deadlock in vfio_pci_release
(LP: #1792099)
- SAUCE: vfio -- release device lock before userspace requests
* L1TF mitigation not effective in some CPU and RAM combinations
(LP: #1788563)
- x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
- x86/speculation/l1tf: Fix off-by-one error when warning that system has
too
much RAM
- x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+
* CVE-2018-15594
- x86/paravirt: Fix spectre-v2 mitigations for paravirt guests
* CVE-2017-5715 (Spectre v2 s390x)
- KVM: s390: implement CPU model only facilities
- s390: detect etoken facility
- KVM: s390: add etoken support for guests
- s390/lib: use expoline for all bcr instructions
- s390: fix br_r1_trampoline for machines without exrl
- SAUCE: s390: use expoline thunks for all branches generated by the BPF JIT
* Ubuntu18.04.1: cpuidle: powernv: Fix promotion from snooze if next state
disabled (performance) (LP: #1790602)
- cpuidle: powernv: Fix promotion from snooze if next state disabled
* Watchdog CPU:19 Hard LOCKUP when kernel crash was triggered (LP: #1790636)
- powerpc: hard disable irqs in smp_send_stop loop
- powerpc: Fix deadlock with multiple calls to smp_send_stop
- powerpc: smp_send_stop do not offline stopped CPUs
- powerpc/powernv: Fix opal_event_shutdown() called with interrupts disabled
* Security fix: check if IOMMU page is contained in the pinned physical page
(LP: #1785675)
- vfio/spapr: Use IOMMU pageshift rather than pagesize
- KVM: PPC: Check if IOMMU page is contained in the pinned physical page
* Missing Intel GPU pci-id's (LP: #1789924)
- drm/i915/kbl: Add KBL GT2 sku
- drm/i915/whl: Introducing Whiskey Lake platform
- drm/i915/aml: Introducing Amber Lake platform
- drm/i915/cfl: Add a new CFL PCI ID.
* CVE-2018-15572
- x86/speculation: Protect against userspace-userspace spectreRSB
* Support Power Management for Thunderbolt Controller (LP: #1789358)
- thunderbolt: Handle NULL boot ACL entries properly
- thunderbolt: Notify userspace when boot_acl is changed
- thunderbolt: Use 64-bit DMA mask if supported by the platform
- thunderbolt: Do not unnecessarily call ICM get route
- thunderbolt: No need to take tb->lock in domain suspend/complete
- thunderbolt: Use correct ICM commands in system suspend
- thunderbolt: Add support for runtime PM
* random oopses on s390 systems using NVMe devices (LP: #1790480)
- s390/pci: fix out of bounds access during irq setup
* [Bionic] Spectre v4 mitigation (Speculative Store Bypass Disable) support
for arm64 using SMC firmware call to set a hardware chicken bit
(LP: #1787993) // CVE-2018-3639 (arm64)
- arm64: alternatives: Add dynamic patching feature
- KVM: arm/arm64: Do not use kern_hyp_va() with kvm_vgic_global_state
- KVM: arm64: Avoid storing the vcpu pointer on the stack
- arm/arm64: smccc: Add SMCCC-specific return codes
- arm64: Call ARCH_WORKAROUND_2 on transitions between EL0 and EL1
- arm64: Add per-cpu infrastructure to call ARCH_WORKAROUND_2
- arm64: Add ARCH_WORKAROUND_2 probing
- arm64: Add 'ssbd' command-line option
- arm64: ssbd: Add global mitigation state accessor
- arm64: ssbd: Skip apply_ssbd if not using dynamic mitigation
- arm64: ssbd: Restore mitigation status on CPU resume
- arm64: ssbd: Introduce thread flag to control userspace mitigation
- arm64: ssbd: Add prctl interface for per-thread mitigation
- arm64: KVM: Add HYP per-cpu accessors
- arm64: KVM: Add ARCH_WORKAROUND_2 support for guests
- arm64: KVM: Handle guest's ARCH_WORKAROUND_2 requests
- arm64: KVM: Add ARCH_WORKAROUND_2 discovery through ARCH_FEATURES_FUNC_ID
- [Config] ARM64_SSBD=y
* Reconcile hns3 SAUCE patches with upstream (LP: #1787477)
- Revert "UBUNTU: SAUCE: net: hns3: Optimize PF CMDQ interrupt switching
process"
- Revert "UBUNTU: SAUCE: net: hns3: Fix for VF mailbox receiving unknown
message"
- Revert "UBUNTU: SAUCE: net: hns3: Fix for VF mailbox cannot receiving PF
response"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: fix comments for
hclge_get_ring_chain_from_mbx"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: fix for using wrong mask and
shift in hclge_get_ring_chain_from_mbx"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: fix for reset_level default
assignment probelm"
- Revert "UBUNTU: SAUCE: {topost} net: hns3: remove unnecessary ring
configuration operation while
[ubuntu/xenial-updates] linux-meta-snapdragon 4.4.0.1102.94 (Accepted)
linux-meta-snapdragon (4.4.0.1102.94) xenial; urgency=medium * Bump ABI 4.4.0-1102 linux-meta-snapdragon (4.4.0.1101.93) xenial; urgency=medium * Bump ABI 4.4.0-1101 Date: 2018-09-25 10:27:15.182903+00:00 Changed-By: Stefan Bader Signed-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/linux-meta-snapdragon/4.4.0.1102.94 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] linux-snapdragon 4.4.0-1102.107 (Accepted)
linux-snapdragon (4.4.0-1102.107) xenial; urgency=medium [ Ubuntu: 4.4.0-137.163 ] * CVE-2018-14633 - iscsi target: Use hex2bin instead of a re-implementation * CVE-2018-17182 - mm: get rid of vmacache_flush_all() entirely linux-snapdragon (4.4.0-1101.106) xenial; urgency=medium * linux-snapdragon: 4.4.0-1101.106 -proposed tracker (LP: #1791753) [ Ubuntu: 4.4.0-136.162 ] * linux: 4.4.0-136.162 -proposed tracker (LP: #1791745) * CVE-2017-5753 - bpf: properly enforce index mask to prevent out-of-bounds speculation - Revert "UBUNTU: SAUCE: bpf: Use barrier_nospec() instead of osb()" - Revert "bpf: prevent speculative execution in eBPF interpreter" * L1TF mitigation not effective in some CPU and RAM combinations (LP: #1788563) // CVE-2018-3620 // CVE-2018-3646 - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit - x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ * CVE-2018-15594 - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests * Xenial update to 4.4.144 stable release (LP: #1791080) - KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel. - x86/MCE: Remove min interval polling limitation - fat: fix memory allocation failure handling of match_strdup() - ALSA: rawmidi: Change resized buffers atomically - ARC: Fix CONFIG_SWAP - ARC: mm: allow mprotect to make stack mappings executable - mm: memcg: fix use after free in mem_cgroup_iter() - ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns - ipv6: fix useless rol32 call on hash - lib/rhashtable: consider param->min_size when setting initial table size - net/ipv4: Set oif in fib_compute_spec_dst - net: phy: fix flag masking in __set_phy_supported - ptp: fix missing break in switch - tg3: Add higher cpu clock for 5762. - net: Don't copy pfmemalloc flag in __copy_skb_header() - skbuff: Unconditionally copy pfmemalloc in __skb_clone() - xhci: Fix perceived dead host due to runtime suspend race with event handler - x86/paravirt: Make native_save_fl() extern inline - SAUCE: Add missing CPUID_7_EDX defines - SAUCE: x86/speculation: Expose indirect_branch_prediction_barrier() - x86/pti: Mark constant arrays as __initconst - x86/asm/entry/32: Simplify pushes of zeroed pt_regs->REGs - x86/entry/64/compat: Clear registers for compat syscalls, to reduce speculation attack surface - x86/speculation: Clean up various Spectre related details - x86/speculation: Fix up array_index_nospec_mask() asm constraint - x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend - x86/mm: Factor out LDT init from context init - x86/mm: Give each mm TLB flush generation a unique ID - SAUCE: x86/speculation: Use Indirect Branch Prediction Barrier in context switch - x86/speculation: Use IBRS if available before calling into firmware - x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP - selftest/seccomp: Fix the seccomp(2) signature - xen: set cpu capabilities from xen_start_kernel() - x86/amd: don't set X86_BUG_SYSRET_SS_ATTRS when running under Xen - SAUCE: Preserve SPEC_CTRL MSR in new inlines - SAUCE: Add Knights Mill to NO SSB list - x86/process: Correct and optimize TIF_BLOCKSTEP switch - x86/process: Optimize TIF_NOTSC switch - Revert "x86/cpufeatures: Add FEATURE_ZEN" - Revert "x86/cpu/AMD: Fix erratum 1076 (CPB bit)" - x86/cpu/AMD: Fix erratum 1076 (CPB bit) - x86/cpufeatures: Add FEATURE_ZEN - x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths - x86/cpu: Re-apply forced caps every time CPU caps are re-read - block: do not use interruptible wait anywhere - clk: tegra: Fix PLL_U post divider and initial rate on Tegra30 - ubi: Introduce vol_ignored() - ubi: Rework Fastmap attach base code - ubi: Be more paranoid while seaching for the most recent Fastmap - ubi: Fix races around ubi_refill_pools() - ubi: Fix Fastmap's update_vol() - ubi: fastmap: Erase outdated anchor PEBs during attach - Linux 4.4.144 * CVE-2017-5715 (Spectre v2 s390x) - s390: detect etoken facility - s390/lib: use expoline for all bcr instructions - SAUCE: s390: use expoline thunks for all branches generated by the BPF JIT * Xenial update to 4.4.143 stable release (LP: #1790884) - compiler, clang: suppress warning for unused static inline functions - compiler, clang: properly override 'inline' for clang - compiler, clang: always inline when CONFIG_OPTIMIZE_INLINING is disabled - compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations - x86/asm: Add _ASM_ARG* constants for argument registers to - ocfs2: subsystem.su_mutex is required while accessing the
[ubuntu/xenial-updates] linux-snapdragon 4.4.0-1102.107 (Accepted)
linux-snapdragon (4.4.0-1102.107) xenial; urgency=medium [ Ubuntu: 4.4.0-137.163 ] * CVE-2018-14633 - iscsi target: Use hex2bin instead of a re-implementation * CVE-2018-17182 - mm: get rid of vmacache_flush_all() entirely linux-snapdragon (4.4.0-1101.106) xenial; urgency=medium * linux-snapdragon: 4.4.0-1101.106 -proposed tracker (LP: #1791753) [ Ubuntu: 4.4.0-136.162 ] * linux: 4.4.0-136.162 -proposed tracker (LP: #1791745) * CVE-2017-5753 - bpf: properly enforce index mask to prevent out-of-bounds speculation - Revert "UBUNTU: SAUCE: bpf: Use barrier_nospec() instead of osb()" - Revert "bpf: prevent speculative execution in eBPF interpreter" * L1TF mitigation not effective in some CPU and RAM combinations (LP: #1788563) // CVE-2018-3620 // CVE-2018-3646 - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit - x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ * CVE-2018-15594 - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests * Xenial update to 4.4.144 stable release (LP: #1791080) - KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel. - x86/MCE: Remove min interval polling limitation - fat: fix memory allocation failure handling of match_strdup() - ALSA: rawmidi: Change resized buffers atomically - ARC: Fix CONFIG_SWAP - ARC: mm: allow mprotect to make stack mappings executable - mm: memcg: fix use after free in mem_cgroup_iter() - ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns - ipv6: fix useless rol32 call on hash - lib/rhashtable: consider param->min_size when setting initial table size - net/ipv4: Set oif in fib_compute_spec_dst - net: phy: fix flag masking in __set_phy_supported - ptp: fix missing break in switch - tg3: Add higher cpu clock for 5762. - net: Don't copy pfmemalloc flag in __copy_skb_header() - skbuff: Unconditionally copy pfmemalloc in __skb_clone() - xhci: Fix perceived dead host due to runtime suspend race with event handler - x86/paravirt: Make native_save_fl() extern inline - SAUCE: Add missing CPUID_7_EDX defines - SAUCE: x86/speculation: Expose indirect_branch_prediction_barrier() - x86/pti: Mark constant arrays as __initconst - x86/asm/entry/32: Simplify pushes of zeroed pt_regs->REGs - x86/entry/64/compat: Clear registers for compat syscalls, to reduce speculation attack surface - x86/speculation: Clean up various Spectre related details - x86/speculation: Fix up array_index_nospec_mask() asm constraint - x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend - x86/mm: Factor out LDT init from context init - x86/mm: Give each mm TLB flush generation a unique ID - SAUCE: x86/speculation: Use Indirect Branch Prediction Barrier in context switch - x86/speculation: Use IBRS if available before calling into firmware - x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP - selftest/seccomp: Fix the seccomp(2) signature - xen: set cpu capabilities from xen_start_kernel() - x86/amd: don't set X86_BUG_SYSRET_SS_ATTRS when running under Xen - SAUCE: Preserve SPEC_CTRL MSR in new inlines - SAUCE: Add Knights Mill to NO SSB list - x86/process: Correct and optimize TIF_BLOCKSTEP switch - x86/process: Optimize TIF_NOTSC switch - Revert "x86/cpufeatures: Add FEATURE_ZEN" - Revert "x86/cpu/AMD: Fix erratum 1076 (CPB bit)" - x86/cpu/AMD: Fix erratum 1076 (CPB bit) - x86/cpufeatures: Add FEATURE_ZEN - x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths - x86/cpu: Re-apply forced caps every time CPU caps are re-read - block: do not use interruptible wait anywhere - clk: tegra: Fix PLL_U post divider and initial rate on Tegra30 - ubi: Introduce vol_ignored() - ubi: Rework Fastmap attach base code - ubi: Be more paranoid while seaching for the most recent Fastmap - ubi: Fix races around ubi_refill_pools() - ubi: Fix Fastmap's update_vol() - ubi: fastmap: Erase outdated anchor PEBs during attach - Linux 4.4.144 * CVE-2017-5715 (Spectre v2 s390x) - s390: detect etoken facility - s390/lib: use expoline for all bcr instructions - SAUCE: s390: use expoline thunks for all branches generated by the BPF JIT * Xenial update to 4.4.143 stable release (LP: #1790884) - compiler, clang: suppress warning for unused static inline functions - compiler, clang: properly override 'inline' for clang - compiler, clang: always inline when CONFIG_OPTIMIZE_INLINING is disabled - compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations - x86/asm: Add _ASM_ARG* constants for argument registers to - ocfs2: subsystem.su_mutex is required while accessing the
[ubuntu/xenial-security] linux-meta-snapdragon 4.4.0.1102.94 (Accepted)
linux-meta-snapdragon (4.4.0.1102.94) xenial; urgency=medium * Bump ABI 4.4.0-1102 linux-meta-snapdragon (4.4.0.1101.93) xenial; urgency=medium * Bump ABI 4.4.0-1101 linux-meta-snapdragon (4.4.0.1100.92) xenial; urgency=medium * Bump ABI 4.4.0-1100 Date: 2018-09-25 10:27:15.182903+00:00 Changed-By: Stefan Bader Signed-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/linux-meta-snapdragon/4.4.0.1102.94 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] linux-raspi2 4.4.0-1098.106 (Accepted)
linux-raspi2 (4.4.0-1098.106) xenial; urgency=medium [ Ubuntu: 4.4.0-137.163 ] * CVE-2018-14633 - iscsi target: Use hex2bin instead of a re-implementation * CVE-2018-17182 - mm: get rid of vmacache_flush_all() entirely linux-raspi2 (4.4.0-1097.105) xenial; urgency=medium * linux-raspi2: 4.4.0-1097.105 -proposed tracker (LP: #1791752) [ Ubuntu: 4.4.0-136.162 ] * linux: 4.4.0-136.162 -proposed tracker (LP: #1791745) * CVE-2017-5753 - bpf: properly enforce index mask to prevent out-of-bounds speculation - Revert "UBUNTU: SAUCE: bpf: Use barrier_nospec() instead of osb()" - Revert "bpf: prevent speculative execution in eBPF interpreter" * L1TF mitigation not effective in some CPU and RAM combinations (LP: #1788563) // CVE-2018-3620 // CVE-2018-3646 - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit - x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ * CVE-2018-15594 - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests * Xenial update to 4.4.144 stable release (LP: #1791080) - KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel. - x86/MCE: Remove min interval polling limitation - fat: fix memory allocation failure handling of match_strdup() - ALSA: rawmidi: Change resized buffers atomically - ARC: Fix CONFIG_SWAP - ARC: mm: allow mprotect to make stack mappings executable - mm: memcg: fix use after free in mem_cgroup_iter() - ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns - ipv6: fix useless rol32 call on hash - lib/rhashtable: consider param->min_size when setting initial table size - net/ipv4: Set oif in fib_compute_spec_dst - net: phy: fix flag masking in __set_phy_supported - ptp: fix missing break in switch - tg3: Add higher cpu clock for 5762. - net: Don't copy pfmemalloc flag in __copy_skb_header() - skbuff: Unconditionally copy pfmemalloc in __skb_clone() - xhci: Fix perceived dead host due to runtime suspend race with event handler - x86/paravirt: Make native_save_fl() extern inline - SAUCE: Add missing CPUID_7_EDX defines - SAUCE: x86/speculation: Expose indirect_branch_prediction_barrier() - x86/pti: Mark constant arrays as __initconst - x86/asm/entry/32: Simplify pushes of zeroed pt_regs->REGs - x86/entry/64/compat: Clear registers for compat syscalls, to reduce speculation attack surface - x86/speculation: Clean up various Spectre related details - x86/speculation: Fix up array_index_nospec_mask() asm constraint - x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend - x86/mm: Factor out LDT init from context init - x86/mm: Give each mm TLB flush generation a unique ID - SAUCE: x86/speculation: Use Indirect Branch Prediction Barrier in context switch - x86/speculation: Use IBRS if available before calling into firmware - x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP - selftest/seccomp: Fix the seccomp(2) signature - xen: set cpu capabilities from xen_start_kernel() - x86/amd: don't set X86_BUG_SYSRET_SS_ATTRS when running under Xen - SAUCE: Preserve SPEC_CTRL MSR in new inlines - SAUCE: Add Knights Mill to NO SSB list - x86/process: Correct and optimize TIF_BLOCKSTEP switch - x86/process: Optimize TIF_NOTSC switch - Revert "x86/cpufeatures: Add FEATURE_ZEN" - Revert "x86/cpu/AMD: Fix erratum 1076 (CPB bit)" - x86/cpu/AMD: Fix erratum 1076 (CPB bit) - x86/cpufeatures: Add FEATURE_ZEN - x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths - x86/cpu: Re-apply forced caps every time CPU caps are re-read - block: do not use interruptible wait anywhere - clk: tegra: Fix PLL_U post divider and initial rate on Tegra30 - ubi: Introduce vol_ignored() - ubi: Rework Fastmap attach base code - ubi: Be more paranoid while seaching for the most recent Fastmap - ubi: Fix races around ubi_refill_pools() - ubi: Fix Fastmap's update_vol() - ubi: fastmap: Erase outdated anchor PEBs during attach - Linux 4.4.144 * CVE-2017-5715 (Spectre v2 s390x) - s390: detect etoken facility - s390/lib: use expoline for all bcr instructions - SAUCE: s390: use expoline thunks for all branches generated by the BPF JIT * Xenial update to 4.4.143 stable release (LP: #1790884) - compiler, clang: suppress warning for unused static inline functions - compiler, clang: properly override 'inline' for clang - compiler, clang: always inline when CONFIG_OPTIMIZE_INLINING is disabled - compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations - x86/asm: Add _ASM_ARG* constants for argument registers to - ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent
[ubuntu/xenial-updates] linux-meta-raspi2 4.4.0.1098.98 (Accepted)
linux-meta-raspi2 (4.4.0.1098.98) xenial; urgency=medium * Bump ABI 4.4.0-1098 linux-meta-raspi2 (4.4.0.1097.97) xenial; urgency=medium * Bump ABI 4.4.0-1097 Date: 2018-09-25 10:27:12.900853+00:00 Changed-By: Stefan Bader Signed-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/linux-meta-raspi2/4.4.0.1098.98 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] linux-raspi2 4.4.0-1098.106 (Accepted)
linux-raspi2 (4.4.0-1098.106) xenial; urgency=medium [ Ubuntu: 4.4.0-137.163 ] * CVE-2018-14633 - iscsi target: Use hex2bin instead of a re-implementation * CVE-2018-17182 - mm: get rid of vmacache_flush_all() entirely linux-raspi2 (4.4.0-1097.105) xenial; urgency=medium * linux-raspi2: 4.4.0-1097.105 -proposed tracker (LP: #1791752) [ Ubuntu: 4.4.0-136.162 ] * linux: 4.4.0-136.162 -proposed tracker (LP: #1791745) * CVE-2017-5753 - bpf: properly enforce index mask to prevent out-of-bounds speculation - Revert "UBUNTU: SAUCE: bpf: Use barrier_nospec() instead of osb()" - Revert "bpf: prevent speculative execution in eBPF interpreter" * L1TF mitigation not effective in some CPU and RAM combinations (LP: #1788563) // CVE-2018-3620 // CVE-2018-3646 - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit - x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ * CVE-2018-15594 - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests * Xenial update to 4.4.144 stable release (LP: #1791080) - KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel. - x86/MCE: Remove min interval polling limitation - fat: fix memory allocation failure handling of match_strdup() - ALSA: rawmidi: Change resized buffers atomically - ARC: Fix CONFIG_SWAP - ARC: mm: allow mprotect to make stack mappings executable - mm: memcg: fix use after free in mem_cgroup_iter() - ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns - ipv6: fix useless rol32 call on hash - lib/rhashtable: consider param->min_size when setting initial table size - net/ipv4: Set oif in fib_compute_spec_dst - net: phy: fix flag masking in __set_phy_supported - ptp: fix missing break in switch - tg3: Add higher cpu clock for 5762. - net: Don't copy pfmemalloc flag in __copy_skb_header() - skbuff: Unconditionally copy pfmemalloc in __skb_clone() - xhci: Fix perceived dead host due to runtime suspend race with event handler - x86/paravirt: Make native_save_fl() extern inline - SAUCE: Add missing CPUID_7_EDX defines - SAUCE: x86/speculation: Expose indirect_branch_prediction_barrier() - x86/pti: Mark constant arrays as __initconst - x86/asm/entry/32: Simplify pushes of zeroed pt_regs->REGs - x86/entry/64/compat: Clear registers for compat syscalls, to reduce speculation attack surface - x86/speculation: Clean up various Spectre related details - x86/speculation: Fix up array_index_nospec_mask() asm constraint - x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend - x86/mm: Factor out LDT init from context init - x86/mm: Give each mm TLB flush generation a unique ID - SAUCE: x86/speculation: Use Indirect Branch Prediction Barrier in context switch - x86/speculation: Use IBRS if available before calling into firmware - x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP - selftest/seccomp: Fix the seccomp(2) signature - xen: set cpu capabilities from xen_start_kernel() - x86/amd: don't set X86_BUG_SYSRET_SS_ATTRS when running under Xen - SAUCE: Preserve SPEC_CTRL MSR in new inlines - SAUCE: Add Knights Mill to NO SSB list - x86/process: Correct and optimize TIF_BLOCKSTEP switch - x86/process: Optimize TIF_NOTSC switch - Revert "x86/cpufeatures: Add FEATURE_ZEN" - Revert "x86/cpu/AMD: Fix erratum 1076 (CPB bit)" - x86/cpu/AMD: Fix erratum 1076 (CPB bit) - x86/cpufeatures: Add FEATURE_ZEN - x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths - x86/cpu: Re-apply forced caps every time CPU caps are re-read - block: do not use interruptible wait anywhere - clk: tegra: Fix PLL_U post divider and initial rate on Tegra30 - ubi: Introduce vol_ignored() - ubi: Rework Fastmap attach base code - ubi: Be more paranoid while seaching for the most recent Fastmap - ubi: Fix races around ubi_refill_pools() - ubi: Fix Fastmap's update_vol() - ubi: fastmap: Erase outdated anchor PEBs during attach - Linux 4.4.144 * CVE-2017-5715 (Spectre v2 s390x) - s390: detect etoken facility - s390/lib: use expoline for all bcr instructions - SAUCE: s390: use expoline thunks for all branches generated by the BPF JIT * Xenial update to 4.4.143 stable release (LP: #1790884) - compiler, clang: suppress warning for unused static inline functions - compiler, clang: properly override 'inline' for clang - compiler, clang: always inline when CONFIG_OPTIMIZE_INLINING is disabled - compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations - x86/asm: Add _ASM_ARG* constants for argument registers to - ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent
[ubuntu/xenial-updates] linux-kvm 4.4.0-1035.41 (Accepted)
linux-kvm (4.4.0-1035.41) xenial; urgency=medium [ Ubuntu: 4.4.0-137.163 ] * CVE-2018-14633 - iscsi target: Use hex2bin instead of a re-implementation * CVE-2018-17182 - mm: get rid of vmacache_flush_all() entirely linux-kvm (4.4.0-1034.40) xenial; urgency=medium * linux-kvm: 4.4.0-1034.40 -proposed tracker (LP: #1791751) * Xenial update to 4.4.141 stable release (LP: #1790620) - [config] updateconfigs for master changes * please include the kernel module IPIP (LP: #1790605) - kvm: [config] enable CONFIG_NET_IPIP [ Ubuntu: 4.4.0-136.162 ] * linux: 4.4.0-136.162 -proposed tracker (LP: #1791745) * CVE-2017-5753 - bpf: properly enforce index mask to prevent out-of-bounds speculation - Revert "UBUNTU: SAUCE: bpf: Use barrier_nospec() instead of osb()" - Revert "bpf: prevent speculative execution in eBPF interpreter" * L1TF mitigation not effective in some CPU and RAM combinations (LP: #1788563) // CVE-2018-3620 // CVE-2018-3646 - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit - x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ * CVE-2018-15594 - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests * Xenial update to 4.4.144 stable release (LP: #1791080) - KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel. - x86/MCE: Remove min interval polling limitation - fat: fix memory allocation failure handling of match_strdup() - ALSA: rawmidi: Change resized buffers atomically - ARC: Fix CONFIG_SWAP - ARC: mm: allow mprotect to make stack mappings executable - mm: memcg: fix use after free in mem_cgroup_iter() - ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns - ipv6: fix useless rol32 call on hash - lib/rhashtable: consider param->min_size when setting initial table size - net/ipv4: Set oif in fib_compute_spec_dst - net: phy: fix flag masking in __set_phy_supported - ptp: fix missing break in switch - tg3: Add higher cpu clock for 5762. - net: Don't copy pfmemalloc flag in __copy_skb_header() - skbuff: Unconditionally copy pfmemalloc in __skb_clone() - xhci: Fix perceived dead host due to runtime suspend race with event handler - x86/paravirt: Make native_save_fl() extern inline - SAUCE: Add missing CPUID_7_EDX defines - SAUCE: x86/speculation: Expose indirect_branch_prediction_barrier() - x86/pti: Mark constant arrays as __initconst - x86/asm/entry/32: Simplify pushes of zeroed pt_regs->REGs - x86/entry/64/compat: Clear registers for compat syscalls, to reduce speculation attack surface - x86/speculation: Clean up various Spectre related details - x86/speculation: Fix up array_index_nospec_mask() asm constraint - x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend - x86/mm: Factor out LDT init from context init - x86/mm: Give each mm TLB flush generation a unique ID - SAUCE: x86/speculation: Use Indirect Branch Prediction Barrier in context switch - x86/speculation: Use IBRS if available before calling into firmware - x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP - selftest/seccomp: Fix the seccomp(2) signature - xen: set cpu capabilities from xen_start_kernel() - x86/amd: don't set X86_BUG_SYSRET_SS_ATTRS when running under Xen - SAUCE: Preserve SPEC_CTRL MSR in new inlines - SAUCE: Add Knights Mill to NO SSB list - x86/process: Correct and optimize TIF_BLOCKSTEP switch - x86/process: Optimize TIF_NOTSC switch - Revert "x86/cpufeatures: Add FEATURE_ZEN" - Revert "x86/cpu/AMD: Fix erratum 1076 (CPB bit)" - x86/cpu/AMD: Fix erratum 1076 (CPB bit) - x86/cpufeatures: Add FEATURE_ZEN - x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths - x86/cpu: Re-apply forced caps every time CPU caps are re-read - block: do not use interruptible wait anywhere - clk: tegra: Fix PLL_U post divider and initial rate on Tegra30 - ubi: Introduce vol_ignored() - ubi: Rework Fastmap attach base code - ubi: Be more paranoid while seaching for the most recent Fastmap - ubi: Fix races around ubi_refill_pools() - ubi: Fix Fastmap's update_vol() - ubi: fastmap: Erase outdated anchor PEBs during attach - Linux 4.4.144 * CVE-2017-5715 (Spectre v2 s390x) - s390: detect etoken facility - s390/lib: use expoline for all bcr instructions - SAUCE: s390: use expoline thunks for all branches generated by the BPF JIT * Xenial update to 4.4.143 stable release (LP: #1790884) - compiler, clang: suppress warning for unused static inline functions - compiler, clang: properly override 'inline' for clang - compiler, clang: always inline when CONFIG_OPTIMIZE_INLINING is disabled - compiler-gcc.h: Add
[ubuntu/xenial-security] linux-kvm 4.4.0-1035.41 (Accepted)
linux-kvm (4.4.0-1035.41) xenial; urgency=medium [ Ubuntu: 4.4.0-137.163 ] * CVE-2018-14633 - iscsi target: Use hex2bin instead of a re-implementation * CVE-2018-17182 - mm: get rid of vmacache_flush_all() entirely linux-kvm (4.4.0-1034.40) xenial; urgency=medium * linux-kvm: 4.4.0-1034.40 -proposed tracker (LP: #1791751) * Xenial update to 4.4.141 stable release (LP: #1790620) - [config] updateconfigs for master changes * please include the kernel module IPIP (LP: #1790605) - kvm: [config] enable CONFIG_NET_IPIP [ Ubuntu: 4.4.0-136.162 ] * linux: 4.4.0-136.162 -proposed tracker (LP: #1791745) * CVE-2017-5753 - bpf: properly enforce index mask to prevent out-of-bounds speculation - Revert "UBUNTU: SAUCE: bpf: Use barrier_nospec() instead of osb()" - Revert "bpf: prevent speculative execution in eBPF interpreter" * L1TF mitigation not effective in some CPU and RAM combinations (LP: #1788563) // CVE-2018-3620 // CVE-2018-3646 - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit - x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ * CVE-2018-15594 - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests * Xenial update to 4.4.144 stable release (LP: #1791080) - KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel. - x86/MCE: Remove min interval polling limitation - fat: fix memory allocation failure handling of match_strdup() - ALSA: rawmidi: Change resized buffers atomically - ARC: Fix CONFIG_SWAP - ARC: mm: allow mprotect to make stack mappings executable - mm: memcg: fix use after free in mem_cgroup_iter() - ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns - ipv6: fix useless rol32 call on hash - lib/rhashtable: consider param->min_size when setting initial table size - net/ipv4: Set oif in fib_compute_spec_dst - net: phy: fix flag masking in __set_phy_supported - ptp: fix missing break in switch - tg3: Add higher cpu clock for 5762. - net: Don't copy pfmemalloc flag in __copy_skb_header() - skbuff: Unconditionally copy pfmemalloc in __skb_clone() - xhci: Fix perceived dead host due to runtime suspend race with event handler - x86/paravirt: Make native_save_fl() extern inline - SAUCE: Add missing CPUID_7_EDX defines - SAUCE: x86/speculation: Expose indirect_branch_prediction_barrier() - x86/pti: Mark constant arrays as __initconst - x86/asm/entry/32: Simplify pushes of zeroed pt_regs->REGs - x86/entry/64/compat: Clear registers for compat syscalls, to reduce speculation attack surface - x86/speculation: Clean up various Spectre related details - x86/speculation: Fix up array_index_nospec_mask() asm constraint - x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend - x86/mm: Factor out LDT init from context init - x86/mm: Give each mm TLB flush generation a unique ID - SAUCE: x86/speculation: Use Indirect Branch Prediction Barrier in context switch - x86/speculation: Use IBRS if available before calling into firmware - x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP - selftest/seccomp: Fix the seccomp(2) signature - xen: set cpu capabilities from xen_start_kernel() - x86/amd: don't set X86_BUG_SYSRET_SS_ATTRS when running under Xen - SAUCE: Preserve SPEC_CTRL MSR in new inlines - SAUCE: Add Knights Mill to NO SSB list - x86/process: Correct and optimize TIF_BLOCKSTEP switch - x86/process: Optimize TIF_NOTSC switch - Revert "x86/cpufeatures: Add FEATURE_ZEN" - Revert "x86/cpu/AMD: Fix erratum 1076 (CPB bit)" - x86/cpu/AMD: Fix erratum 1076 (CPB bit) - x86/cpufeatures: Add FEATURE_ZEN - x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths - x86/cpu: Re-apply forced caps every time CPU caps are re-read - block: do not use interruptible wait anywhere - clk: tegra: Fix PLL_U post divider and initial rate on Tegra30 - ubi: Introduce vol_ignored() - ubi: Rework Fastmap attach base code - ubi: Be more paranoid while seaching for the most recent Fastmap - ubi: Fix races around ubi_refill_pools() - ubi: Fix Fastmap's update_vol() - ubi: fastmap: Erase outdated anchor PEBs during attach - Linux 4.4.144 * CVE-2017-5715 (Spectre v2 s390x) - s390: detect etoken facility - s390/lib: use expoline for all bcr instructions - SAUCE: s390: use expoline thunks for all branches generated by the BPF JIT * Xenial update to 4.4.143 stable release (LP: #1790884) - compiler, clang: suppress warning for unused static inline functions - compiler, clang: properly override 'inline' for clang - compiler, clang: always inline when CONFIG_OPTIMIZE_INLINING is disabled - compiler-gcc.h: Add
[ubuntu/xenial-security] linux-meta-raspi2 4.4.0.1098.98 (Accepted)
linux-meta-raspi2 (4.4.0.1098.98) xenial; urgency=medium * Bump ABI 4.4.0-1098 linux-meta-raspi2 (4.4.0.1097.97) xenial; urgency=medium * Bump ABI 4.4.0-1097 linux-meta-raspi2 (4.4.0.1096.96) xenial; urgency=medium * Bump ABI 4.4.0-1096 Date: 2018-09-25 10:27:12.900853+00:00 Changed-By: Stefan Bader Signed-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/linux-meta-raspi2/4.4.0.1098.98 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] linux-meta-kvm 4.4.0.1035.34 (Accepted)
linux-meta-kvm (4.4.0.1035.34) xenial; urgency=medium * Bump ABI 4.4.0-1035 linux-meta-kvm (4.4.0.1034.33) xenial; urgency=medium * Bump ABI 4.4.0-1034 linux-meta-kvm (4.4.0.1033.32) xenial; urgency=medium * Bump ABI 4.4.0-1033 Date: 2018-09-25 10:26:14.636748+00:00 Changed-By: Stefan Bader Signed-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/linux-meta-kvm/4.4.0.1035.34 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] linux-meta-kvm 4.4.0.1035.34 (Accepted)
linux-meta-kvm (4.4.0.1035.34) xenial; urgency=medium * Bump ABI 4.4.0-1035 linux-meta-kvm (4.4.0.1034.33) xenial; urgency=medium * Bump ABI 4.4.0-1034 Date: 2018-09-25 10:26:14.636748+00:00 Changed-By: Stefan Bader Signed-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/linux-meta-kvm/4.4.0.1035.34 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] linux-aws 4.4.0-1069.79 (Accepted)
linux-aws (4.4.0-1069.79) xenial; urgency=medium [ Ubuntu: 4.4.0-137.163 ] * CVE-2018-14633 - iscsi target: Use hex2bin instead of a re-implementation * CVE-2018-17182 - mm: get rid of vmacache_flush_all() entirely linux-aws (4.4.0-1068.78) xenial; urgency=medium * linux-aws: 4.4.0-1068.78 -proposed tracker (LP: #1791749) * Xenial update to 4.4.141 stable release (LP: #1790620) - [Config] Refresh configs for 4.4.141 [ Ubuntu: 4.4.0-136.162 ] * linux: 4.4.0-136.162 -proposed tracker (LP: #1791745) * CVE-2017-5753 - bpf: properly enforce index mask to prevent out-of-bounds speculation - Revert "UBUNTU: SAUCE: bpf: Use barrier_nospec() instead of osb()" - Revert "bpf: prevent speculative execution in eBPF interpreter" * L1TF mitigation not effective in some CPU and RAM combinations (LP: #1788563) // CVE-2018-3620 // CVE-2018-3646 - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit - x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ * CVE-2018-15594 - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests * Xenial update to 4.4.144 stable release (LP: #1791080) - KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel. - x86/MCE: Remove min interval polling limitation - fat: fix memory allocation failure handling of match_strdup() - ALSA: rawmidi: Change resized buffers atomically - ARC: Fix CONFIG_SWAP - ARC: mm: allow mprotect to make stack mappings executable - mm: memcg: fix use after free in mem_cgroup_iter() - ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns - ipv6: fix useless rol32 call on hash - lib/rhashtable: consider param->min_size when setting initial table size - net/ipv4: Set oif in fib_compute_spec_dst - net: phy: fix flag masking in __set_phy_supported - ptp: fix missing break in switch - tg3: Add higher cpu clock for 5762. - net: Don't copy pfmemalloc flag in __copy_skb_header() - skbuff: Unconditionally copy pfmemalloc in __skb_clone() - xhci: Fix perceived dead host due to runtime suspend race with event handler - x86/paravirt: Make native_save_fl() extern inline - SAUCE: Add missing CPUID_7_EDX defines - SAUCE: x86/speculation: Expose indirect_branch_prediction_barrier() - x86/pti: Mark constant arrays as __initconst - x86/asm/entry/32: Simplify pushes of zeroed pt_regs->REGs - x86/entry/64/compat: Clear registers for compat syscalls, to reduce speculation attack surface - x86/speculation: Clean up various Spectre related details - x86/speculation: Fix up array_index_nospec_mask() asm constraint - x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend - x86/mm: Factor out LDT init from context init - x86/mm: Give each mm TLB flush generation a unique ID - SAUCE: x86/speculation: Use Indirect Branch Prediction Barrier in context switch - x86/speculation: Use IBRS if available before calling into firmware - x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP - selftest/seccomp: Fix the seccomp(2) signature - xen: set cpu capabilities from xen_start_kernel() - x86/amd: don't set X86_BUG_SYSRET_SS_ATTRS when running under Xen - SAUCE: Preserve SPEC_CTRL MSR in new inlines - SAUCE: Add Knights Mill to NO SSB list - x86/process: Correct and optimize TIF_BLOCKSTEP switch - x86/process: Optimize TIF_NOTSC switch - Revert "x86/cpufeatures: Add FEATURE_ZEN" - Revert "x86/cpu/AMD: Fix erratum 1076 (CPB bit)" - x86/cpu/AMD: Fix erratum 1076 (CPB bit) - x86/cpufeatures: Add FEATURE_ZEN - x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths - x86/cpu: Re-apply forced caps every time CPU caps are re-read - block: do not use interruptible wait anywhere - clk: tegra: Fix PLL_U post divider and initial rate on Tegra30 - ubi: Introduce vol_ignored() - ubi: Rework Fastmap attach base code - ubi: Be more paranoid while seaching for the most recent Fastmap - ubi: Fix races around ubi_refill_pools() - ubi: Fix Fastmap's update_vol() - ubi: fastmap: Erase outdated anchor PEBs during attach - Linux 4.4.144 * CVE-2017-5715 (Spectre v2 s390x) - s390: detect etoken facility - s390/lib: use expoline for all bcr instructions - SAUCE: s390: use expoline thunks for all branches generated by the BPF JIT * Xenial update to 4.4.143 stable release (LP: #1790884) - compiler, clang: suppress warning for unused static inline functions - compiler, clang: properly override 'inline' for clang - compiler, clang: always inline when CONFIG_OPTIMIZE_INLINING is disabled - compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations - x86/asm: Add _ASM_ARG* constants for argument
[ubuntu/xenial-updates] linux-meta-aws 4.4.0.1069.71 (Accepted)
linux-meta-aws (4.4.0.1069.71) xenial; urgency=medium * Bump ABI 4.4.0-1069 linux-meta-aws (4.4.0.1068.70) xenial; urgency=medium * Bump ABI 4.4.0-1068 Date: 2018-09-25 10:25:13.483103+00:00 Changed-By: Stefan Bader Signed-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/linux-meta-aws/4.4.0.1069.71 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] linux-aws 4.4.0-1069.79 (Accepted)
linux-aws (4.4.0-1069.79) xenial; urgency=medium [ Ubuntu: 4.4.0-137.163 ] * CVE-2018-14633 - iscsi target: Use hex2bin instead of a re-implementation * CVE-2018-17182 - mm: get rid of vmacache_flush_all() entirely linux-aws (4.4.0-1068.78) xenial; urgency=medium * linux-aws: 4.4.0-1068.78 -proposed tracker (LP: #1791749) * Xenial update to 4.4.141 stable release (LP: #1790620) - [Config] Refresh configs for 4.4.141 [ Ubuntu: 4.4.0-136.162 ] * linux: 4.4.0-136.162 -proposed tracker (LP: #1791745) * CVE-2017-5753 - bpf: properly enforce index mask to prevent out-of-bounds speculation - Revert "UBUNTU: SAUCE: bpf: Use barrier_nospec() instead of osb()" - Revert "bpf: prevent speculative execution in eBPF interpreter" * L1TF mitigation not effective in some CPU and RAM combinations (LP: #1788563) // CVE-2018-3620 // CVE-2018-3646 - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit - x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ * CVE-2018-15594 - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests * Xenial update to 4.4.144 stable release (LP: #1791080) - KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel. - x86/MCE: Remove min interval polling limitation - fat: fix memory allocation failure handling of match_strdup() - ALSA: rawmidi: Change resized buffers atomically - ARC: Fix CONFIG_SWAP - ARC: mm: allow mprotect to make stack mappings executable - mm: memcg: fix use after free in mem_cgroup_iter() - ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns - ipv6: fix useless rol32 call on hash - lib/rhashtable: consider param->min_size when setting initial table size - net/ipv4: Set oif in fib_compute_spec_dst - net: phy: fix flag masking in __set_phy_supported - ptp: fix missing break in switch - tg3: Add higher cpu clock for 5762. - net: Don't copy pfmemalloc flag in __copy_skb_header() - skbuff: Unconditionally copy pfmemalloc in __skb_clone() - xhci: Fix perceived dead host due to runtime suspend race with event handler - x86/paravirt: Make native_save_fl() extern inline - SAUCE: Add missing CPUID_7_EDX defines - SAUCE: x86/speculation: Expose indirect_branch_prediction_barrier() - x86/pti: Mark constant arrays as __initconst - x86/asm/entry/32: Simplify pushes of zeroed pt_regs->REGs - x86/entry/64/compat: Clear registers for compat syscalls, to reduce speculation attack surface - x86/speculation: Clean up various Spectre related details - x86/speculation: Fix up array_index_nospec_mask() asm constraint - x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend - x86/mm: Factor out LDT init from context init - x86/mm: Give each mm TLB flush generation a unique ID - SAUCE: x86/speculation: Use Indirect Branch Prediction Barrier in context switch - x86/speculation: Use IBRS if available before calling into firmware - x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP - selftest/seccomp: Fix the seccomp(2) signature - xen: set cpu capabilities from xen_start_kernel() - x86/amd: don't set X86_BUG_SYSRET_SS_ATTRS when running under Xen - SAUCE: Preserve SPEC_CTRL MSR in new inlines - SAUCE: Add Knights Mill to NO SSB list - x86/process: Correct and optimize TIF_BLOCKSTEP switch - x86/process: Optimize TIF_NOTSC switch - Revert "x86/cpufeatures: Add FEATURE_ZEN" - Revert "x86/cpu/AMD: Fix erratum 1076 (CPB bit)" - x86/cpu/AMD: Fix erratum 1076 (CPB bit) - x86/cpufeatures: Add FEATURE_ZEN - x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths - x86/cpu: Re-apply forced caps every time CPU caps are re-read - block: do not use interruptible wait anywhere - clk: tegra: Fix PLL_U post divider and initial rate on Tegra30 - ubi: Introduce vol_ignored() - ubi: Rework Fastmap attach base code - ubi: Be more paranoid while seaching for the most recent Fastmap - ubi: Fix races around ubi_refill_pools() - ubi: Fix Fastmap's update_vol() - ubi: fastmap: Erase outdated anchor PEBs during attach - Linux 4.4.144 * CVE-2017-5715 (Spectre v2 s390x) - s390: detect etoken facility - s390/lib: use expoline for all bcr instructions - SAUCE: s390: use expoline thunks for all branches generated by the BPF JIT * Xenial update to 4.4.143 stable release (LP: #1790884) - compiler, clang: suppress warning for unused static inline functions - compiler, clang: properly override 'inline' for clang - compiler, clang: always inline when CONFIG_OPTIMIZE_INLINING is disabled - compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations - x86/asm: Add _ASM_ARG* constants for argument
[ubuntu/xenial-security] linux-meta-aws 4.4.0.1069.71 (Accepted)
linux-meta-aws (4.4.0.1069.71) xenial; urgency=medium * Bump ABI 4.4.0-1069 linux-meta-aws (4.4.0.1068.70) xenial; urgency=medium * Bump ABI 4.4.0-1068 linux-meta-aws (4.4.0.1067.69) xenial; urgency=medium * Bump ABI 4.4.0-1067 Date: 2018-09-25 10:25:13.483103+00:00 Changed-By: Stefan Bader Signed-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/linux-meta-aws/4.4.0.1069.71 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] linux 4.4.0-137.163 (Accepted)
linux (4.4.0-137.163) xenial; urgency=medium * CVE-2018-14633 - iscsi target: Use hex2bin instead of a re-implementation * CVE-2018-17182 - mm: get rid of vmacache_flush_all() entirely linux (4.4.0-136.162) xenial; urgency=medium * linux: 4.4.0-136.162 -proposed tracker (LP: #1791745) * CVE-2017-5753 - bpf: properly enforce index mask to prevent out-of-bounds speculation - Revert "UBUNTU: SAUCE: bpf: Use barrier_nospec() instead of osb()" - Revert "bpf: prevent speculative execution in eBPF interpreter" * L1TF mitigation not effective in some CPU and RAM combinations (LP: #1788563) // CVE-2018-3620 // CVE-2018-3646 - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit - x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ * CVE-2018-15594 - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests * Xenial update to 4.4.144 stable release (LP: #1791080) - KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel. - x86/MCE: Remove min interval polling limitation - fat: fix memory allocation failure handling of match_strdup() - ALSA: rawmidi: Change resized buffers atomically - ARC: Fix CONFIG_SWAP - ARC: mm: allow mprotect to make stack mappings executable - mm: memcg: fix use after free in mem_cgroup_iter() - ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns - ipv6: fix useless rol32 call on hash - lib/rhashtable: consider param->min_size when setting initial table size - net/ipv4: Set oif in fib_compute_spec_dst - net: phy: fix flag masking in __set_phy_supported - ptp: fix missing break in switch - tg3: Add higher cpu clock for 5762. - net: Don't copy pfmemalloc flag in __copy_skb_header() - skbuff: Unconditionally copy pfmemalloc in __skb_clone() - xhci: Fix perceived dead host due to runtime suspend race with event handler - x86/paravirt: Make native_save_fl() extern inline - SAUCE: Add missing CPUID_7_EDX defines - SAUCE: x86/speculation: Expose indirect_branch_prediction_barrier() - x86/pti: Mark constant arrays as __initconst - x86/asm/entry/32: Simplify pushes of zeroed pt_regs->REGs - x86/entry/64/compat: Clear registers for compat syscalls, to reduce speculation attack surface - x86/speculation: Clean up various Spectre related details - x86/speculation: Fix up array_index_nospec_mask() asm constraint - x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend - x86/mm: Factor out LDT init from context init - x86/mm: Give each mm TLB flush generation a unique ID - SAUCE: x86/speculation: Use Indirect Branch Prediction Barrier in context switch - x86/speculation: Use IBRS if available before calling into firmware - x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP - selftest/seccomp: Fix the seccomp(2) signature - xen: set cpu capabilities from xen_start_kernel() - x86/amd: don't set X86_BUG_SYSRET_SS_ATTRS when running under Xen - SAUCE: Preserve SPEC_CTRL MSR in new inlines - SAUCE: Add Knights Mill to NO SSB list - x86/process: Correct and optimize TIF_BLOCKSTEP switch - x86/process: Optimize TIF_NOTSC switch - Revert "x86/cpufeatures: Add FEATURE_ZEN" - Revert "x86/cpu/AMD: Fix erratum 1076 (CPB bit)" - x86/cpu/AMD: Fix erratum 1076 (CPB bit) - x86/cpufeatures: Add FEATURE_ZEN - x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths - x86/cpu: Re-apply forced caps every time CPU caps are re-read - block: do not use interruptible wait anywhere - clk: tegra: Fix PLL_U post divider and initial rate on Tegra30 - ubi: Introduce vol_ignored() - ubi: Rework Fastmap attach base code - ubi: Be more paranoid while seaching for the most recent Fastmap - ubi: Fix races around ubi_refill_pools() - ubi: Fix Fastmap's update_vol() - ubi: fastmap: Erase outdated anchor PEBs during attach - Linux 4.4.144 * CVE-2017-5715 (Spectre v2 s390x) - s390: detect etoken facility - s390/lib: use expoline for all bcr instructions - SAUCE: s390: use expoline thunks for all branches generated by the BPF JIT * Xenial update to 4.4.143 stable release (LP: #1790884) - compiler, clang: suppress warning for unused static inline functions - compiler, clang: properly override 'inline' for clang - compiler, clang: always inline when CONFIG_OPTIMIZE_INLINING is disabled - compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations - x86/asm: Add _ASM_ARG* constants for argument registers to - ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent - bcm63xx_enet: correct clock usage - bcm63xx_enet: do not write to random DMA channel on BCM6345 - crypto: crypto4xx -
[ubuntu/xenial-security] linux 4.4.0-137.163 (Accepted)
linux (4.4.0-137.163) xenial; urgency=medium * CVE-2018-14633 - iscsi target: Use hex2bin instead of a re-implementation * CVE-2018-17182 - mm: get rid of vmacache_flush_all() entirely linux (4.4.0-136.162) xenial; urgency=medium * linux: 4.4.0-136.162 -proposed tracker (LP: #1791745) * CVE-2017-5753 - bpf: properly enforce index mask to prevent out-of-bounds speculation - Revert "UBUNTU: SAUCE: bpf: Use barrier_nospec() instead of osb()" - Revert "bpf: prevent speculative execution in eBPF interpreter" * L1TF mitigation not effective in some CPU and RAM combinations (LP: #1788563) // CVE-2018-3620 // CVE-2018-3646 - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit - x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ * CVE-2018-15594 - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests * Xenial update to 4.4.144 stable release (LP: #1791080) - KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel. - x86/MCE: Remove min interval polling limitation - fat: fix memory allocation failure handling of match_strdup() - ALSA: rawmidi: Change resized buffers atomically - ARC: Fix CONFIG_SWAP - ARC: mm: allow mprotect to make stack mappings executable - mm: memcg: fix use after free in mem_cgroup_iter() - ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns - ipv6: fix useless rol32 call on hash - lib/rhashtable: consider param->min_size when setting initial table size - net/ipv4: Set oif in fib_compute_spec_dst - net: phy: fix flag masking in __set_phy_supported - ptp: fix missing break in switch - tg3: Add higher cpu clock for 5762. - net: Don't copy pfmemalloc flag in __copy_skb_header() - skbuff: Unconditionally copy pfmemalloc in __skb_clone() - xhci: Fix perceived dead host due to runtime suspend race with event handler - x86/paravirt: Make native_save_fl() extern inline - SAUCE: Add missing CPUID_7_EDX defines - SAUCE: x86/speculation: Expose indirect_branch_prediction_barrier() - x86/pti: Mark constant arrays as __initconst - x86/asm/entry/32: Simplify pushes of zeroed pt_regs->REGs - x86/entry/64/compat: Clear registers for compat syscalls, to reduce speculation attack surface - x86/speculation: Clean up various Spectre related details - x86/speculation: Fix up array_index_nospec_mask() asm constraint - x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend - x86/mm: Factor out LDT init from context init - x86/mm: Give each mm TLB flush generation a unique ID - SAUCE: x86/speculation: Use Indirect Branch Prediction Barrier in context switch - x86/speculation: Use IBRS if available before calling into firmware - x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP - selftest/seccomp: Fix the seccomp(2) signature - xen: set cpu capabilities from xen_start_kernel() - x86/amd: don't set X86_BUG_SYSRET_SS_ATTRS when running under Xen - SAUCE: Preserve SPEC_CTRL MSR in new inlines - SAUCE: Add Knights Mill to NO SSB list - x86/process: Correct and optimize TIF_BLOCKSTEP switch - x86/process: Optimize TIF_NOTSC switch - Revert "x86/cpufeatures: Add FEATURE_ZEN" - Revert "x86/cpu/AMD: Fix erratum 1076 (CPB bit)" - x86/cpu/AMD: Fix erratum 1076 (CPB bit) - x86/cpufeatures: Add FEATURE_ZEN - x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths - x86/cpu: Re-apply forced caps every time CPU caps are re-read - block: do not use interruptible wait anywhere - clk: tegra: Fix PLL_U post divider and initial rate on Tegra30 - ubi: Introduce vol_ignored() - ubi: Rework Fastmap attach base code - ubi: Be more paranoid while seaching for the most recent Fastmap - ubi: Fix races around ubi_refill_pools() - ubi: Fix Fastmap's update_vol() - ubi: fastmap: Erase outdated anchor PEBs during attach - Linux 4.4.144 * CVE-2017-5715 (Spectre v2 s390x) - s390: detect etoken facility - s390/lib: use expoline for all bcr instructions - SAUCE: s390: use expoline thunks for all branches generated by the BPF JIT * Xenial update to 4.4.143 stable release (LP: #1790884) - compiler, clang: suppress warning for unused static inline functions - compiler, clang: properly override 'inline' for clang - compiler, clang: always inline when CONFIG_OPTIMIZE_INLINING is disabled - compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations - x86/asm: Add _ASM_ARG* constants for argument registers to - ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent - bcm63xx_enet: correct clock usage - bcm63xx_enet: do not write to random DMA channel on BCM6345 - crypto: crypto4xx -
[ubuntu/xenial-updates] linux-signed 4.4.0-137.163 (Accepted)
linux-signed (4.4.0-137.163) xenial; urgency=medium * Version 4.4.0-137.163 linux-signed (4.4.0-136.162) xenial; urgency=medium * Version 4.4.0-136.162 Date: 2018-09-25 10:24:31.524070+00:00 Changed-By: Stefan Bader Signed-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/linux-signed/4.4.0-137.163 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] linux-meta 4.4.0.137.143 (Accepted)
linux-meta (4.4.0.137.143) xenial; urgency=medium * Bump ABI 4.4.0-137 linux-meta (4.4.0.136.142) xenial; urgency=medium * Bump ABI 4.4.0-136 linux-meta (4.4.0.135.141) xenial; urgency=medium * Bump ABI 4.4.0-135 Date: 2018-09-25 10:24:27.217966+00:00 Changed-By: Stefan Bader Signed-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/linux-meta/4.4.0.137.143 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] linux-signed 4.4.0-137.163 (Accepted)
linux-signed (4.4.0-137.163) xenial; urgency=medium * Version 4.4.0-137.163 linux-signed (4.4.0-136.162) xenial; urgency=medium * Version 4.4.0-136.162 linux-signed (4.4.0-135.161) xenial; urgency=medium * Version 4.4.0-135.161 Date: 2018-09-25 10:24:31.524070+00:00 Changed-By: Stefan Bader Signed-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/linux-signed/4.4.0-137.163 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] linux-meta 4.4.0.137.143 (Accepted)
linux-meta (4.4.0.137.143) xenial; urgency=medium * Bump ABI 4.4.0-137 linux-meta (4.4.0.136.142) xenial; urgency=medium * Bump ABI 4.4.0-136 Date: 2018-09-25 10:24:27.217966+00:00 Changed-By: Stefan Bader Signed-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/linux-meta/4.4.0.137.143 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] monit 1:5.16-2ubuntu0.2 (Accepted)
monit (1:5.16-2ubuntu0.2) xenial-security; urgency=medium * SECURITY REGRESSION: Fix regression introduced while backporting CVE-2016-7067. - debian/patches/Fix-regression-backporting-CVE-2016-7067.patch: fix in src/control.c Date: 2018-09-28 15:37:24.948464+00:00 Changed-By: Eduardo dos Santos Barretto Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/monit/1:5.16-2ubuntu0.2 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] monit 1:5.16-2ubuntu0.2 (Accepted)
monit (1:5.16-2ubuntu0.2) xenial-security; urgency=medium * SECURITY REGRESSION: Fix regression introduced while backporting CVE-2016-7067. - debian/patches/Fix-regression-backporting-CVE-2016-7067.patch: fix in src/control.c Date: 2018-09-28 15:37:24.948464+00:00 Changed-By: Eduardo dos Santos Barretto https://launchpad.net/ubuntu/+source/monit/1:5.16-2ubuntu0.2 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] uwsgi 2.0.12-5ubuntu3.2 (Accepted)
uwsgi (2.0.12-5ubuntu3.2) xenial-security; urgency=medium * SECURITY UPDATE: Directory traversal - debian/patches/CVE-2018-7490.patch: enforce php default document_root behaviour, to not show external files - CVE-2018-7490 * SECURITY UPDATE: Stack buffer overflow in uwsgi_expand_path() - debian/patches/CVE-2018-6758.patch: improve uwsgi_expand_path() to sanitize input, avoiding stack corruption and potential security issue - CVE-2018-6758 Date: 2018-09-28 15:31:12.640116+00:00 Changed-By: Mike Salvatore Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/uwsgi/2.0.12-5ubuntu3.2 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] uwsgi 2.0.12-5ubuntu3.2 (Accepted)
uwsgi (2.0.12-5ubuntu3.2) xenial-security; urgency=medium * SECURITY UPDATE: Directory traversal - debian/patches/CVE-2018-7490.patch: enforce php default document_root behaviour, to not show external files - CVE-2018-7490 * SECURITY UPDATE: Stack buffer overflow in uwsgi_expand_path() - debian/patches/CVE-2018-6758.patch: improve uwsgi_expand_path() to sanitize input, avoiding stack corruption and potential security issue - CVE-2018-6758 Date: 2018-09-28 15:31:12.640116+00:00 Changed-By: Mike Salvatore https://launchpad.net/ubuntu/+source/uwsgi/2.0.12-5ubuntu3.2 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] ghostscript 9.25~dfsg+1-0ubuntu0.16.04.1 (Accepted)
ghostscript (9.25~dfsg+1-0ubuntu0.16.04.1) xenial-security; urgency=medium * SECURITY UPDATE: updated to 9.25 to fix multiple security issues - Previous security release contained an incomplete fix for CVE-2018-16510, and there are many other security fixes and improvements that went into the new upstream version without getting CVE numbers assigned. - CVE-2018-16510 - CVE-2018-17183 * Packages changes required for new version: - debian/patches/CVE*: removed, included in new version. - debian/patches/*: updated from cosmic package. - debian/copyright*: updated from cosmic package. - debian/rules, debian/libgs-dev.install: remove static library. - debian/symbols.common: updated for new version. Date: 2018-09-27 18:58:12.130854+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/ghostscript/9.25~dfsg+1-0ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] ghostscript 9.25~dfsg+1-0ubuntu0.16.04.1 (Accepted)
ghostscript (9.25~dfsg+1-0ubuntu0.16.04.1) xenial-security; urgency=medium * SECURITY UPDATE: updated to 9.25 to fix multiple security issues - Previous security release contained an incomplete fix for CVE-2018-16510, and there are many other security fixes and improvements that went into the new upstream version without getting CVE numbers assigned. - CVE-2018-16510 - CVE-2018-17183 * Packages changes required for new version: - debian/patches/CVE*: removed, included in new version. - debian/patches/*: updated from cosmic package. - debian/copyright*: updated from cosmic package. - debian/rules, debian/libgs-dev.install: remove static library. - debian/symbols.common: updated for new version. Date: 2018-09-27 18:58:12.130854+00:00 Changed-By: Marc Deslauriers https://launchpad.net/ubuntu/+source/ghostscript/9.25~dfsg+1-0ubuntu0.16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] update-manager 1:16.04.14 (Accepted)
update-manager (1:16.04.14) xenial; urgency=medium * Print transaction error and let the user try again applying updates (LP: #1317164) * Don't ask backend to do package operations aready done. Aptdaemon cancels the transaction when asked to remove packages already removed which results the failure being shown to the user. This is unnecessary as update-manager can just filter the package operations to be done using a fresh cache and decrease the likelyhood of hitting a race condition where packages to be removed are already removed. (LP: #1791931) Date: 2018-09-19 08:14:09.954398+00:00 Changed-By: Balint Reczey Signed-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/update-manager/1:16.04.14 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
