group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #21833
[Bug 1746946] Re: linux-aws: 4.4.0-1051.60 -proposed tracker
*** This bug is a duplicate of bug 1749093 ***
https://bugs.launchpad.net/bugs/1749093
This bug was fixed in the package linux-aws - 4.4.0-1052.61
---------------
linux-aws (4.4.0-1052.61) xenial; urgency=medium
* linux-aws: 4.4.0-1052.61 -proposed tracker (LP: #1748489)
[ Ubuntu: 4.4.0-116.140 ]
* linux: 4.4.0-116.140 -proposed tracker (LP: #1748990)
* BUG: unable to handle kernel NULL pointer dereference at 0000000000000009
(LP: #1748671)
- SAUCE: net: ipv4: fix for a race condition in raw_sendmsg -- fix backport
[ Ubuntu: 4.4.0-115.139 ]
* linux: 4.4.0-115.138 -proposed tracker (LP: #1748745)
* CVE-2017-5715 (Spectre v2 Intel)
- Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present"
- SAUCE: turn off IBRS when full retpoline is present
- [Packaging] retpoline files must be sorted
- [Packaging] pull in retpoline files
[ Ubuntu: 4.4.0-114.137 ]
* linux: 4.4.0-114.137 -proposed tracker (LP: #1748484)
* ALSA backport missing NVIDIA GPU codec IDs to patch table to
Ubuntu 16.04 LTS Kernel (LP: #1744117)
- ALSA: hda - Add missing NVIDIA GPU codec IDs to patch table
* Shutdown hang on 16.04 with iscsi targets (LP: #1569925)
- scsi: libiscsi: Allow sd_shutdown on bad transport
* libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (LP: #1743053)
- libata: apply MAX_SEC_1024 to all LITEON EP1 series devices
* KVM patches for s390x to provide facility bits 81 (ppa15) and 82 (bpb)
(LP: #1747090)
- KVM: s390: wire up bpb feature
- KVM: s390: Enable all facility bits that are known good for passthrough
* CVE-2017-5715 (Spectre v2 Intel)
- SAUCE: drop lingering gmb() macro
- x86/feature: Enable the x86 feature to control Speculation
- x86/feature: Report presence of IBPB and IBRS control
- x86/enter: MACROS to set/clear IBRS and set IBPB
- x86/enter: Use IBRS on syscall and interrupts
- x86/idle: Disable IBRS entering idle and enable it on wakeup
- x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
- x86/mm: Set IBPB upon context switch
- x86/mm: Only set IBPB when the new thread cannot ptrace current thread
- x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
- x86/kvm: Set IBPB when switching VM
- x86/kvm: Toggle IBRS on VM entry and exit
- x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
- x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
- x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR
- x86/cpu/AMD: Add speculative control support for AMD
- x86/microcode: Extend post microcode reload to support IBPB feature
- KVM: SVM: Do not intercept new speculative control MSRs
- x86/svm: Set IBRS value on VM entry and exit
- x86/svm: Set IBPB when running a different VCPU
- KVM: x86: Add speculative control CPUID support for guests
- SAUCE: Fix spec_ctrl support in KVM
- SAUCE: turn off IBPB when full retpoline is present
linux-aws (4.4.0-1051.60) xenial; urgency=low
* linux-aws: 4.4.0-1051.60 -proposed tracker (LP: #1746946)
[ Ubuntu: 4.4.0-113.136 ]
* linux: 4.4.0-113.136 -proposed tracker (LP: #1746936)
* Missing install-time driver for QLogic QED 25/40/100Gb Ethernet NIC
(LP: #1743638)
- [d-i] Add qede to nic-modules udeb
* CVE-2017-5753 (Spectre v1 Intel)
- x86/cpu/AMD: Make the LFENCE instruction serialized
- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature
- SAUCE: reinstate MFENCE_RDTSC feature definition
- locking/barriers: introduce new observable speculation barrier
- bpf: prevent speculative execution in eBPF interpreter
- x86, bpf, jit: prevent speculative execution when JIT is enabled
- SAUCE: FIX: x86, bpf, jit: prevent speculative execution when JIT is enabled
- carl9170: prevent speculative execution
- qla2xxx: prevent speculative execution
- Thermal/int340x: prevent speculative execution
- ipv4: prevent speculative execution
- ipv6: prevent speculative execution
- fs: prevent speculative execution
- net: mpls: prevent speculative execution
- udf: prevent speculative execution
- userns: prevent speculative execution
- SAUCE: claim mitigation via observable speculation barrier
- SAUCE: powerpc: add osb barrier
- SAUCE: s390/spinlock: add osb memory barrier
- SAUCE: arm64: no osb() implementation yet
- SAUCE: arm: no osb() implementation yet
* CVE-2017-5715 (Spectre v2 retpoline)
- x86/cpuid: Provide get_scattered_cpuid_leaf()
- x86/cpu: Factor out application of forced CPU caps
- x86/cpufeatures: Make CPU bugs sticky
- x86/cpufeatures: Add X86_BUG_CPU_INSECURE
- x86/cpu, x86/pti: Do not enable PTI on AMD processors
- x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN
- x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]
- x86/cpu: Merge bugs.c and bugs_64.c
- sysfs/cpu: Add vulnerability folder
- x86/cpu: Implement CPU vulnerabilites sysfs functions
- x86/alternatives: Add missing '\n' at end of ALTERNATIVE inline asm
- x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier
- x86/asm: Use register variable to get stack pointer value
- x86/kbuild: enable modversions for symbols exported from asm
- x86/asm: Make asm/alternative.h safe from assembly
- EXPORT_SYMBOL() for asm
- kconfig.h: use __is_defined() to check if MODULE is defined
- x86/retpoline: Add initial retpoline support
- x86/spectre: Add boot time option to select Spectre v2 mitigation
- x86/retpoline/crypto: Convert crypto assembler indirect jumps
- x86/retpoline/entry: Convert entry assembler indirect jumps
- x86/retpoline/ftrace: Convert ftrace assembler indirect jumps
- x86/retpoline/hyperv: Convert assembler indirect jumps
- x86/retpoline/xen: Convert Xen hypercall indirect jumps
- x86/retpoline/checksum32: Convert assembler indirect jumps
- x86/retpoline/irq32: Convert assembler indirect jumps
- x86/retpoline: Fill return stack buffer on vmexit
- x86/retpoline: Remove compile time warning
- x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros
- module: Add retpoline tag to VERMAGIC
- x86/mce: Make machine check speculation protected
- retpoline: Introduce start/end markers of indirect thunk
- kprobes/x86: Blacklist indirect thunk functions for kprobes
- kprobes/x86: Disable optimizing on the function jumps to indirect thunk
- x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
- [Config] CONFIG_RETPOLINE=y
- [Packaging] retpoline -- add call site validation
- [Config] disable retpoline checks for first upload
* CVE-2017-5715 (revert embargoed) // CVE-2017-5753 (revert embargoed)
- Revert "UBUNTU: SAUCE: Fix spec_ctrl support in KVM"
- Revert "x86/cpuid: Provide get_scattered_cpuid_leaf()"
- Revert "kvm: vmx: Scrub hardware GPRs at VM-exit"
- Revert "Revert "x86/svm: Add code to clear registers on VM exit""
- Revert "UBUNTU: SAUCE: x86/microcode: Extend post microcode reload to
support IBPB feature -- repair missmerge"
- Revert "arm: no gmb() implementation yet"
- Revert "arm64: no gmb() implementation yet"
- Revert "UBUNTU: SAUCE: x86/kvm: Fix stuff_RSB() for 32-bit"
- Revert "s390/spinlock: add gmb memory barrier"
- Revert "powerpc: add gmb barrier"
- Revert "x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature"
- Revert "x86/cpu/AMD: Make the LFENCE instruction serialized"
- Revert "x86/svm: Add code to clear registers on VM exit"
- Revert "x86/svm: Add code to clobber the RSB on VM exit"
- Revert "KVM: x86: Add speculative control CPUID support for guests"
- Revert "x86/svm: Set IBPB when running a different VCPU"
- Revert "x86/svm: Set IBRS value on VM entry and exit"
- Revert "KVM: SVM: Do not intercept new speculative control MSRs"
- Revert "x86/microcode: Extend post microcode reload to support IBPB feature"
- Revert "x86/cpu/AMD: Add speculative control support for AMD"
- Revert "x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR"
- Revert "x86/entry: Use retpoline for syscall's indirect calls"
- Revert "x86/syscall: Clear unused extra registers on 32-bit compatible
syscall entrance"
- Revert "x86/syscall: Clear unused extra registers on syscall entrance"
- Revert "x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb
control"
- Revert "x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature"
- Revert "x86/kvm: Pad RSB on VM transition"
- Revert "x86/kvm: Toggle IBRS on VM entry and exit"
- Revert "x86/kvm: Set IBPB when switching VM"
- Revert "x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm"
- Revert "x86/entry: Stuff RSB for entry to kernel for non-SMEP platform"
- Revert "x86/mm: Only set IBPB when the new thread cannot ptrace current
thread"
- Revert "x86/mm: Set IBPB upon context switch"
- Revert "x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup"
- Revert "x86/idle: Disable IBRS entering idle and enable it on wakeup"
- Revert "x86/enter: Use IBRS on syscall and interrupts"
- Revert "x86/enter: MACROS to set/clear IBRS and set IBPB"
- Revert "x86/feature: Report presence of IBPB and IBRS control"
- Revert "x86/feature: Enable the x86 feature to control Speculation"
- Revert "udf: prevent speculative execution"
- Revert "net: mpls: prevent speculative execution"
- Revert "fs: prevent speculative execution"
- Revert "ipv6: prevent speculative execution"
- Revert "userns: prevent speculative execution"
- Revert "Thermal/int340x: prevent speculative execution"
- Revert "qla2xxx: prevent speculative execution"
- Revert "carl9170: prevent speculative execution"
- Revert "uvcvideo: prevent speculative execution"
- Revert "x86, bpf, jit: prevent speculative execution when JIT is enabled"
- Revert "bpf: prevent speculative execution in eBPF interpreter"
* CVE-2017-17712
- net: ipv4: fix for a race condition in raw_sendmsg
* upload urgency should be medium by default (LP: #1745338)
- [Packaging] update urgency to medium by default
* CVE-CVE-2017-12190
- more bio_map_user_iov() leak fixes
* CVE-2015-8952
- mbcache2: reimplement mbcache
- ext2: convert to mbcache2
- ext4: convert to mbcache2
- mbcache2: limit cache size
- mbcache2: Use referenced bit instead of LRU
- ext4: kill ext4_mballoc_ready
- ext4: shortcut setting of xattr to the same value
- mbcache: remove mbcache
- mbcache2: rename to mbcache
- mbcache: get rid of _e_hash_list_head
- mbcache: add reusable flag to cache entries
* CVE-2017-15115
- sctp: do not peel off an assoc from one netns to another one
* CVE-2017-8824
- dccp: CVE-2017-8824: use-after-free in DCCP code
[ Ubuntu: 4.4.0-112.135 ]
* linux: 4.4.0-112.135 -proposed tracker (LP: #1744244)
* CVE-2017-5715 // CVE-2017-5753
- x86/cpuid: Provide get_scattered_cpuid_leaf()
- SAUCE: Fix spec_ctrl support in KVM
- SAUCE: s390: improve cpu alternative handling for gmb and nobp
- SAUCE: s390: print messages for gmb and nobp
- [Config] KERNEL_NOBP=y
[ Ubuntu: 4.4.0-111.134 ]
* linux: 4.4.0-111.134 -proposed tracker (LP: #1743362)
* Do not duplicate changelog entries assigned to more than one bug or CVE
(LP: #1743383)
- [Packaging] git-ubuntu-log -- handle multiple bugs/cves better
* CVE-2017-5715 // CVE-2017-5753
- SAUCE: x86/microcode: Extend post microcode reload to support IBPB feature
-- repair missmerge
- Revert "x86/svm: Add code to clear registers on VM exit"
- kvm: vmx: Scrub hardware GPRs at VM-exit
* CVE-2017-5754
- SAUCE: powerpc: use sync instead of hwsync mnemonic
-- Kamal Mostafa <kamal@xxxxxxxxxxxxx> Mon, 12 Feb 2018 14:44:47 -0800
** Changed in: linux-aws (Ubuntu Xenial)
Status: Confirmed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-8952
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-12190
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-15115
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-17712
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5715
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5753
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5754
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-8824
** Changed in: linux-aws (Ubuntu Xenial)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1746946
Title:
linux-aws: 4.4.0-1051.60 -proposed tracker
Status in Kernel SRU Workflow:
In Progress
Status in Kernel SRU Workflow automated-testing series:
Incomplete
Status in Kernel SRU Workflow certification-testing series:
Invalid
Status in Kernel SRU Workflow prepare-package series:
Fix Released
Status in Kernel SRU Workflow prepare-package-meta series:
Fix Released
Status in Kernel SRU Workflow promote-to-proposed series:
Fix Released
Status in Kernel SRU Workflow promote-to-security series:
New
Status in Kernel SRU Workflow promote-to-updates series:
New
Status in Kernel SRU Workflow regression-testing series:
Confirmed
Status in Kernel SRU Workflow security-signoff series:
In Progress
Status in Kernel SRU Workflow snap-release-to-beta series:
Confirmed
Status in Kernel SRU Workflow snap-release-to-candidate series:
New
Status in Kernel SRU Workflow snap-release-to-edge series:
Confirmed
Status in Kernel SRU Workflow snap-release-to-stable series:
Invalid
Status in Kernel SRU Workflow upload-to-ppa series:
New
Status in Kernel SRU Workflow verification-testing series:
Confirmed
Status in linux-aws package in Ubuntu:
Invalid
Status in linux-aws source package in Xenial:
Fix Released
Bug description:
This bug is for tracking the <version to be filled> upload package.
This bug will contain status and testing results related to that
upload.
For an explanation of the tasks and the associated workflow see: https://wiki.ubuntu.com/Kernel/kernel-sru-workflow
-- swm properties --
boot-testing-requested: true
kernel-stable-master-bug: 1746936
phase: Promoted to proposed
proposed-announcement-sent: true
proposed-testing-requested: true
To manage notifications about this bug go to:
https://bugs.launchpad.net/kernel-sru-workflow/+bug/1746946/+subscriptions
References
