group.of.nepali.translators team mailing list archive

Thread
Date
[Bug 1770002] Re: linux-gcp: 4.13.0-1016.20 -proposed tracker

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1770002@xxxxxxxxxxxxxxxxxx>
Date: Tue, 22 May 2018 00:01:58 -0000
Reply-to: Bug 1770002 <1770002@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
This bug was fixed in the package linux-gcp - 4.13.0-1017.21

---------------
linux-gcp (4.13.0-1017.21) xenial; urgency=medium

  [ Ubuntu: 4.13.0-43.48 ]

  * CVE-2018-3639 (powerpc)
    - SAUCE: rfi-flush: update H_CPU_* macro names to upstream
    - SAUCE: rfi-flush: update plpar_get_cpu_characteristics() signature to
      upstream
    - SAUCE: update pseries_setup_rfi_flush() capitalization to upstream
    - powerpc/pseries: Support firmware disable of RFI flush
    - powerpc/powernv: Support firmware disable of RFI flush
    - powerpc/64s: Allow control of RFI flush via debugfs
    - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
    - powerpc/rfi-flush: Always enable fallback flush on pseries
    - powerpc/rfi-flush: Differentiate enabled and patched flush types
    - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
    - powerpc: Add security feature flags for Spectre/Meltdown
    - powerpc/powernv: Set or clear security feature flags
    - powerpc/pseries: Set or clear security feature flags
    - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
    - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
    - powerpc/pseries: Fix clearing of security feature flags
    - powerpc: Move default security feature flags
    - powerpc/pseries: Restore default security feature flags on setup
    - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit
  * CVE-2018-3639 (x86)
    - SAUCE: Add X86_FEATURE_ARCH_CAPABILITIES
    - SAUCE: x86: Add alternative_msr_write
    - x86/nospec: Simplify alternative_msr_write()
    - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
    - x86/bugs: Concentrate bug detection into a separate function
    - x86/bugs: Concentrate bug reporting into a separate function
    - x86/msr: Add definitions for new speculation control MSRs
    - x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
    - x86/bugs, KVM: Support the combination of guest and host IBRS
    - x86/bugs: Expose /sys/../spec_store_bypass
    - x86/cpufeatures: Add X86_FEATURE_RDS
    - x86/bugs: Provide boot parameters for the spec_store_bypass_disable
      mitigation
    - x86/bugs/intel: Set proper CPU features and setup RDS
    - x86/bugs: Whitelist allowed SPEC_CTRL MSR values
    - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
    - x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
    - x86/speculation: Create spec-ctrl.h to avoid include hell
    - prctl: Add speculation control prctls
    - x86/process: Allow runtime control of Speculative Store Bypass
    - x86/speculation: Add prctl for Speculative Store Bypass mitigation
    - nospec: Allow getting/setting on non-current task
    - proc: Provide details on speculation flaw mitigations
    - seccomp: Enable speculation flaw mitigations
    - SAUCE: x86/bugs: Honour SPEC_CTRL default
    - x86/bugs: Make boot modes __ro_after_init
    - prctl: Add force disable speculation
    - seccomp: Use PR_SPEC_FORCE_DISABLE
    - seccomp: Add filter flag to opt-out of SSB mitigation
    - seccomp: Move speculation migitation control to arch code
    - x86/speculation: Make "seccomp" the default mode for Speculative Store
      Bypass
    - x86/bugs: Rename _RDS to _SSBD
    - proc: Use underscores for SSBD in 'status'
    - Documentation/spec_ctrl: Do some minor cleanups
    - x86/bugs: Fix __ssb_select_mitigation() return type
    - x86/bugs: Make cpu_show_common() static
  * LSM Stacking prctl values should be redefined as to not collide with
    upstream prctls (LP: #1769263) // CVE-2018-3639
    - SAUCE: LSM stacking: adjust prctl values

linux-gcp (4.13.0-1016.20) xenial; urgency=medium

  * linux-gcp: 4.13.0-1016.20 -proposed tracker (LP: #1770002)

  [ Ubuntu: 4.13.0-42.47 ]

  * linux: 4.13.0-42.47 -proposed tracker (LP: #1769993)
  * arm64: fix CONFIG_DEBUG_WX address reporting (LP: #1765850)
    - arm64: fix CONFIG_DEBUG_WX address reporting
  * HiSilicon HNS NIC names are truncated in /proc/interrupts (LP: #1765977)
    - net: hns: Avoid action name truncation
  * CVE-2017-18208
    - mm/madvise.c: fix madvise() infinite loop under special circumstances
  * CVE-2018-8822
    - staging: ncpfs: memory corruption in ncp_read_kernel()
  * CVE-2017-18203
    - dm: fix race between dm_get_from_kobject() and __dm_destroy()
  * CVE-2017-17449
    - netlink: Add netns check on taps
  * CVE-2017-17975
    - media: usbtv: prevent double free in error case
  * [8086:3e92] display becomes blank after S3 (LP: #1763271)
    - drm/i915/edp: Allow alternate fixed mode for eDP if available.
    - drm/i915/dp: rename intel_dp_is_edp to intel_dp_is_port_edp
    - drm/i915/dp: make is_edp non-static and rename to intel_dp_is_edp
    - drm/i915/edp: Do not do link training fallback or prune modes on EDP
  * sky2 gigabit ethernet driver sometimes stops working after lid-open resume
    from sleep (88E8055) (LP: #1758507)
    - sky2: Increase D3 delay to sky2 stops working after suspend
  * perf vendor events arm64: Enable JSON events for ThunderX2 B0 (LP: #1760712)
    - perf vendor events arm64: Enable JSON events for ThunderX2 B0
  * No network with e1000e driver on 4.13.0-38-generic (LP: #1762693)
    - e1000e: Fix e1000_check_for_copper_link_ich8lan return value.
  * /dev/ipmi enumeration flaky on Cavium Sabre nodes (LP: #1762812)
    - i2c: xlp9xx: return ENXIO on slave address NACK
    - i2c: xlp9xx: Handle transactions with I2C_M_RECV_LEN properly
    - i2c: xlp9xx: Check for Bus state before every transfer
    - i2c: xlp9xx: Handle NACK on DATA properly
  * "ip a" command on a guest VM shows UNKNOWN status (LP: #1761534)
    - virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS
  * fix regression in mm/hotplug, allows NVIDIA driver to work (LP: #1761104)
    - SAUCE: Fix revert "mm, memory_hotplug: do not associate hotadded memory to
      zones until online"
  * ibrs/ibpb fixes result in excessive kernel logging  (LP: #1755627)
    - SAUCE: remove ibrs_dump sysctl interface

 -- Stefan Bader <stefan.bader@xxxxxxxxxxxxx>  Thu, 17 May 2018 16:11:31
+0200

** Changed in: linux-gcp (Ubuntu Xenial)
       Status: Confirmed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-17449

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-17975

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-18203

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-18208

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-3639

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-8822

** Changed in: linux-gcp (Ubuntu Xenial)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1770002

Title:
  linux-gcp: 4.13.0-1016.20 -proposed tracker

Status in Kernel SRU Workflow:
  In Progress
Status in Kernel SRU Workflow automated-testing series:
  Fix Released
Status in Kernel SRU Workflow certification-testing series:
  Invalid
Status in Kernel SRU Workflow prepare-package series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-meta series:
  Fix Released
Status in Kernel SRU Workflow promote-to-proposed series:
  Fix Released
Status in Kernel SRU Workflow promote-to-security series:
  New
Status in Kernel SRU Workflow promote-to-updates series:
  New
Status in Kernel SRU Workflow regression-testing series:
  Fix Released
Status in Kernel SRU Workflow security-signoff series:
  Fix Released
Status in Kernel SRU Workflow snap-release-to-beta series:
  Fix Released
Status in Kernel SRU Workflow snap-release-to-candidate series:
  Confirmed
Status in Kernel SRU Workflow snap-release-to-edge series:
  Fix Released
Status in Kernel SRU Workflow snap-release-to-stable series:
  Invalid
Status in Kernel SRU Workflow upload-to-ppa series:
  New
Status in Kernel SRU Workflow verification-testing series:
  Fix Released
Status in linux-gcp package in Ubuntu:
  Invalid
Status in linux-gcp source package in Xenial:
  Fix Released

Bug description:
  This bug is for tracking the <version to be filled> upload package.
  This bug will contain status and testing results related to that
  upload.

  For an explanation of the tasks and the associated workflow see: https://wiki.ubuntu.com/Kernel/kernel-sru-workflow
  -- swm properties --
  boot-testing-requested: true
  kernel-stable-master-bug: 1769993
  phase: Promoted to proposed
  proposed-announcement-sent: true
  proposed-testing-requested: true

To manage notifications about this bug go to:
https://bugs.launchpad.net/kernel-sru-workflow/+bug/1770002/+subscriptions
References

[Bug 1770002] [NEW] linux-gcp: <version to be filled> -proposed tracker
From: Stefan Bader, 2018-05-08