← Back to team overview

group.of.nepali.translators team mailing list archive

[Bug 1746946] Re: linux-aws: 4.4.0-1051.60 -proposed tracker

 

*** This bug is a duplicate of bug 1749093 ***
    https://bugs.launchpad.net/bugs/1749093

This bug was fixed in the package linux-aws - 4.4.0-1052.61

---------------
linux-aws (4.4.0-1052.61) xenial; urgency=medium

  * linux-aws: 4.4.0-1052.61 -proposed tracker (LP: #1748489)

  [ Ubuntu: 4.4.0-116.140 ]

  * linux: 4.4.0-116.140 -proposed tracker (LP: #1748990)
  * BUG: unable to handle kernel NULL pointer dereference at 0000000000000009
    (LP: #1748671)
    - SAUCE: net: ipv4: fix for a race condition in raw_sendmsg -- fix backport

  [ Ubuntu: 4.4.0-115.139 ]

  * linux: 4.4.0-115.138 -proposed tracker (LP: #1748745)
  * CVE-2017-5715 (Spectre v2 Intel)
    - Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present"
    - SAUCE: turn off IBRS when full retpoline is present
    - [Packaging] retpoline files must be sorted
    - [Packaging] pull in retpoline files

  [ Ubuntu: 4.4.0-114.137 ]

  * linux: 4.4.0-114.137 -proposed tracker (LP: #1748484)
  * ALSA backport missing NVIDIA GPU codec IDs to patch table to
    Ubuntu 16.04 LTS Kernel (LP: #1744117)
    - ALSA: hda - Add missing NVIDIA GPU codec IDs to patch table
  * Shutdown hang on 16.04 with iscsi targets (LP: #1569925)
    - scsi: libiscsi: Allow sd_shutdown on bad transport
  * libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (LP: #1743053)
    - libata: apply MAX_SEC_1024 to all LITEON EP1 series devices
  * KVM patches for s390x to provide facility bits 81 (ppa15) and 82 (bpb)
    (LP: #1747090)
    - KVM: s390: wire up bpb feature
    - KVM: s390: Enable all facility bits that are known good for passthrough
  * CVE-2017-5715 (Spectre v2 Intel)
    - SAUCE: drop lingering gmb() macro
    - x86/feature: Enable the x86 feature to control Speculation
    - x86/feature: Report presence of IBPB and IBRS control
    - x86/enter: MACROS to set/clear IBRS and set IBPB
    - x86/enter: Use IBRS on syscall and interrupts
    - x86/idle: Disable IBRS entering idle and enable it on wakeup
    - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
    - x86/mm: Set IBPB upon context switch
    - x86/mm: Only set IBPB when the new thread cannot ptrace current thread
    - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
    - x86/kvm: Set IBPB when switching VM
    - x86/kvm: Toggle IBRS on VM entry and exit
    - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
    - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
    - x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR
    - x86/cpu/AMD: Add speculative control support for AMD
    - x86/microcode: Extend post microcode reload to support IBPB feature
    - KVM: SVM: Do not intercept new speculative control MSRs
    - x86/svm: Set IBRS value on VM entry and exit
    - x86/svm: Set IBPB when running a different VCPU
    - KVM: x86: Add speculative control CPUID support for guests
    - SAUCE: Fix spec_ctrl support in KVM
    - SAUCE: turn off IBPB when full retpoline is present

linux-aws (4.4.0-1051.60) xenial; urgency=low

  * linux-aws: 4.4.0-1051.60 -proposed tracker (LP: #1746946)

  [ Ubuntu: 4.4.0-113.136 ]

  * linux: 4.4.0-113.136 -proposed tracker (LP: #1746936)
  * Missing install-time driver for QLogic QED 25/40/100Gb Ethernet NIC
    (LP: #1743638)
    - [d-i] Add qede to nic-modules udeb
  * CVE-2017-5753 (Spectre v1 Intel)
    - x86/cpu/AMD: Make the LFENCE instruction serialized
    - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature
    - SAUCE: reinstate MFENCE_RDTSC feature definition
    - locking/barriers: introduce new observable speculation barrier
    - bpf: prevent speculative execution in eBPF interpreter
    - x86, bpf, jit: prevent speculative execution when JIT is enabled
    - SAUCE: FIX: x86, bpf, jit: prevent speculative execution when JIT is enabled
    - carl9170: prevent speculative execution
    - qla2xxx: prevent speculative execution
    - Thermal/int340x: prevent speculative execution
    - ipv4: prevent speculative execution
    - ipv6: prevent speculative execution
    - fs: prevent speculative execution
    - net: mpls: prevent speculative execution
    - udf: prevent speculative execution
    - userns: prevent speculative execution
    - SAUCE: claim mitigation via observable speculation barrier
    - SAUCE: powerpc: add osb barrier
    - SAUCE: s390/spinlock: add osb memory barrier
    - SAUCE: arm64: no osb() implementation yet
    - SAUCE: arm: no osb() implementation yet
  * CVE-2017-5715 (Spectre v2 retpoline)
    - x86/cpuid: Provide get_scattered_cpuid_leaf()
    - x86/cpu: Factor out application of forced CPU caps
    - x86/cpufeatures: Make CPU bugs sticky
    - x86/cpufeatures: Add X86_BUG_CPU_INSECURE
    - x86/cpu, x86/pti: Do not enable PTI on AMD processors
    - x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN
    - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]
    - x86/cpu: Merge bugs.c and bugs_64.c
    - sysfs/cpu: Add vulnerability folder
    - x86/cpu: Implement CPU vulnerabilites sysfs functions
    - x86/alternatives: Add missing '\n' at end of ALTERNATIVE inline asm
    - x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier
    - x86/asm: Use register variable to get stack pointer value
    - x86/kbuild: enable modversions for symbols exported from asm
    - x86/asm: Make asm/alternative.h safe from assembly
    - EXPORT_SYMBOL() for asm
    - kconfig.h: use __is_defined() to check if MODULE is defined
    - x86/retpoline: Add initial retpoline support
    - x86/spectre: Add boot time option to select Spectre v2 mitigation
    - x86/retpoline/crypto: Convert crypto assembler indirect jumps
    - x86/retpoline/entry: Convert entry assembler indirect jumps
    - x86/retpoline/ftrace: Convert ftrace assembler indirect jumps
    - x86/retpoline/hyperv: Convert assembler indirect jumps
    - x86/retpoline/xen: Convert Xen hypercall indirect jumps
    - x86/retpoline/checksum32: Convert assembler indirect jumps
    - x86/retpoline/irq32: Convert assembler indirect jumps
    - x86/retpoline: Fill return stack buffer on vmexit
    - x86/retpoline: Remove compile time warning
    - x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros
    - module: Add retpoline tag to VERMAGIC
    - x86/mce: Make machine check speculation protected
    - retpoline: Introduce start/end markers of indirect thunk
    - kprobes/x86: Blacklist indirect thunk functions for kprobes
    - kprobes/x86: Disable optimizing on the function jumps to indirect thunk
    - x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
    - [Config] CONFIG_RETPOLINE=y
    - [Packaging] retpoline -- add call site validation
    - [Config] disable retpoline checks for first upload
  * CVE-2017-5715 (revert embargoed) // CVE-2017-5753 (revert embargoed)
    - Revert "UBUNTU: SAUCE: Fix spec_ctrl support in KVM"
    - Revert "x86/cpuid: Provide get_scattered_cpuid_leaf()"
    - Revert "kvm: vmx: Scrub hardware GPRs at VM-exit"
    - Revert "Revert "x86/svm: Add code to clear registers on VM exit""
    - Revert "UBUNTU: SAUCE: x86/microcode: Extend post microcode reload to
      support IBPB feature -- repair missmerge"
    - Revert "arm: no gmb() implementation yet"
    - Revert "arm64: no gmb() implementation yet"
    - Revert "UBUNTU: SAUCE: x86/kvm: Fix stuff_RSB() for 32-bit"
    - Revert "s390/spinlock: add gmb memory barrier"
    - Revert "powerpc: add gmb barrier"
    - Revert "x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature"
    - Revert "x86/cpu/AMD: Make the LFENCE instruction serialized"
    - Revert "x86/svm: Add code to clear registers on VM exit"
    - Revert "x86/svm: Add code to clobber the RSB on VM exit"
    - Revert "KVM: x86: Add speculative control CPUID support for guests"
    - Revert "x86/svm: Set IBPB when running a different VCPU"
    - Revert "x86/svm: Set IBRS value on VM entry and exit"
    - Revert "KVM: SVM: Do not intercept new speculative control MSRs"
    - Revert "x86/microcode: Extend post microcode reload to support IBPB feature"
    - Revert "x86/cpu/AMD: Add speculative control support for AMD"
    - Revert "x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR"
    - Revert "x86/entry: Use retpoline for syscall's indirect calls"
    - Revert "x86/syscall: Clear unused extra registers on 32-bit compatible
      syscall entrance"
    - Revert "x86/syscall: Clear unused extra registers on syscall entrance"
    - Revert "x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb
      control"
    - Revert "x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature"
    - Revert "x86/kvm: Pad RSB on VM transition"
    - Revert "x86/kvm: Toggle IBRS on VM entry and exit"
    - Revert "x86/kvm: Set IBPB when switching VM"
    - Revert "x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm"
    - Revert "x86/entry: Stuff RSB for entry to kernel for non-SMEP platform"
    - Revert "x86/mm: Only set IBPB when the new thread cannot ptrace current
      thread"
    - Revert "x86/mm: Set IBPB upon context switch"
    - Revert "x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup"
    - Revert "x86/idle: Disable IBRS entering idle and enable it on wakeup"
    - Revert "x86/enter: Use IBRS on syscall and interrupts"
    - Revert "x86/enter: MACROS to set/clear IBRS and set IBPB"
    - Revert "x86/feature: Report presence of IBPB and IBRS control"
    - Revert "x86/feature: Enable the x86 feature to control Speculation"
    - Revert "udf: prevent speculative execution"
    - Revert "net: mpls: prevent speculative execution"
    - Revert "fs: prevent speculative execution"
    - Revert "ipv6: prevent speculative execution"
    - Revert "userns: prevent speculative execution"
    - Revert "Thermal/int340x: prevent speculative execution"
    - Revert "qla2xxx: prevent speculative execution"
    - Revert "carl9170: prevent speculative execution"
    - Revert "uvcvideo: prevent speculative execution"
    - Revert "x86, bpf, jit: prevent speculative execution when JIT is enabled"
    - Revert "bpf: prevent speculative execution in eBPF interpreter"
  * CVE-2017-17712
    - net: ipv4: fix for a race condition in raw_sendmsg
  * upload urgency should be medium by default (LP: #1745338)
    - [Packaging] update urgency to medium by default
  * CVE-CVE-2017-12190
    - more bio_map_user_iov() leak fixes
  * CVE-2015-8952
    - mbcache2: reimplement mbcache
    - ext2: convert to mbcache2
    - ext4: convert to mbcache2
    - mbcache2: limit cache size
    - mbcache2: Use referenced bit instead of LRU
    - ext4: kill ext4_mballoc_ready
    - ext4: shortcut setting of xattr to the same value
    - mbcache: remove mbcache
    - mbcache2: rename to mbcache
    - mbcache: get rid of _e_hash_list_head
    - mbcache: add reusable flag to cache entries
  * CVE-2017-15115
    - sctp: do not peel off an assoc from one netns to another one
  * CVE-2017-8824
    - dccp: CVE-2017-8824: use-after-free in DCCP code

  [ Ubuntu: 4.4.0-112.135 ]

  * linux: 4.4.0-112.135 -proposed tracker (LP: #1744244)
  * CVE-2017-5715 // CVE-2017-5753
    - x86/cpuid: Provide get_scattered_cpuid_leaf()
    - SAUCE: Fix spec_ctrl support in KVM
    - SAUCE: s390: improve cpu alternative handling for gmb and nobp
    - SAUCE: s390: print messages for gmb and nobp
    - [Config] KERNEL_NOBP=y

  [ Ubuntu: 4.4.0-111.134 ]

  * linux: 4.4.0-111.134 -proposed tracker (LP: #1743362)
  * Do not duplicate changelog entries assigned to more than one bug or CVE
    (LP: #1743383)
    - [Packaging] git-ubuntu-log -- handle multiple bugs/cves better
  * CVE-2017-5715 // CVE-2017-5753
    - SAUCE: x86/microcode: Extend post microcode reload to support IBPB feature
      -- repair missmerge
    - Revert "x86/svm: Add code to clear registers on VM exit"
    - kvm: vmx: Scrub hardware GPRs at VM-exit
  * CVE-2017-5754
    - SAUCE: powerpc: use sync instead of hwsync mnemonic

 -- Kamal Mostafa <kamal@xxxxxxxxxxxxx>  Mon, 12 Feb 2018 14:44:47 -0800

** Changed in: linux-aws (Ubuntu Xenial)
       Status: Confirmed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-8952

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-12190

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-15115

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-17712

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5715

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5753

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5754

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-8824

** Changed in: linux-aws (Ubuntu Xenial)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1746946

Title:
  linux-aws: 4.4.0-1051.60 -proposed tracker

Status in Kernel SRU Workflow:
  In Progress
Status in Kernel SRU Workflow automated-testing series:
  Incomplete
Status in Kernel SRU Workflow certification-testing series:
  Invalid
Status in Kernel SRU Workflow prepare-package series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-meta series:
  Fix Released
Status in Kernel SRU Workflow promote-to-proposed series:
  Fix Released
Status in Kernel SRU Workflow promote-to-security series:
  New
Status in Kernel SRU Workflow promote-to-updates series:
  New
Status in Kernel SRU Workflow regression-testing series:
  Confirmed
Status in Kernel SRU Workflow security-signoff series:
  In Progress
Status in Kernel SRU Workflow snap-release-to-beta series:
  Confirmed
Status in Kernel SRU Workflow snap-release-to-candidate series:
  New
Status in Kernel SRU Workflow snap-release-to-edge series:
  Confirmed
Status in Kernel SRU Workflow snap-release-to-stable series:
  Invalid
Status in Kernel SRU Workflow upload-to-ppa series:
  New
Status in Kernel SRU Workflow verification-testing series:
  Confirmed
Status in linux-aws package in Ubuntu:
  Invalid
Status in linux-aws source package in Xenial:
  Fix Released

Bug description:
  This bug is for tracking the <version to be filled> upload package.
  This bug will contain status and testing results related to that
  upload.

  For an explanation of the tasks and the associated workflow see: https://wiki.ubuntu.com/Kernel/kernel-sru-workflow
  -- swm properties --
  boot-testing-requested: true
  kernel-stable-master-bug: 1746936
  phase: Promoted to proposed
  proposed-announcement-sent: true
  proposed-testing-requested: true

To manage notifications about this bug go to:
https://bugs.launchpad.net/kernel-sru-workflow/+bug/1746946/+subscriptions


References