group.of.nepali.translators team mailing list archive

Thread
Date
[Bug 1882955] Re: LXD 4.2 broken on linux-kvm due to missing VLAN filtering

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1882955@xxxxxxxxxxxxxxxxxx>
Date: Mon, 20 Jul 2020 21:58:49 -0000
Reply-to: Bug 1882955 <1882955@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
This bug was fixed in the package linux-kvm - 4.15.0-1071.72

---------------
linux-kvm (4.15.0-1071.72) bionic; urgency=medium

  * bionic/linux-kvm: 4.15.0-1071.72 -proposed tracker (LP: #1887041)

  [ Ubuntu: 4.15.0-112.113 ]

  * bionic/linux: 4.15.0-112.113 -proposed tracker (LP: #1887048)
  * Packaging resync (LP: #1786013)
    - update dkms package versions
  * CVE-2020-11935
    - SAUCE: aufs: do not call i_readcount_inc()
    - SAUCE: aufs: bugfix, IMA i_readcount
  * CVE-2020-10757
    - mm: Fix mremap not considering huge pmd devmap
  * Update lockdown patches (LP: #1884159)
    - efi/efi_test: Lock down /dev/efi_test and require CAP_SYS_ADMIN
    - efi: Restrict efivar_ssdt_load when the kernel is locked down
    - powerpc/xmon: add read-only mode
    - powerpc/xmon: Restrict when kernel is locked down
    - [Config] CONFIG_XMON_DEFAULT_RO_MODE=y
    - SAUCE: acpi: disallow loading configfs acpi tables when locked down
  * seccomp_bpf fails on powerpc (LP: #1885757)
    - SAUCE: selftests/seccomp: fix ptrace tests on powerpc
  * Introduce the new NVIDIA 418-server and 440-server series, and update the
    current NVIDIA drivers (LP: #1881137)
    - [packaging] add signed modules for the 418-server and the 440-server
      flavours

  [ Ubuntu: 4.15.0-111.112 ]

  * bionic/linux: 4.15.0-111.112 -proposed tracker (LP: #1886999)
  * Bionic update: upstream stable patchset 2020-05-07 (LP: #1877461)
    - SAUCE: mlxsw: Add missmerged ERR_PTR hunk
  * linux 4.15.0-109-generic network DoS regression vs -108 (LP: #1886668)
    - SAUCE: Revert "netprio_cgroup: Fix unlimited memory leak of v2 cgroups"

linux-kvm (4.15.0-1070.71) bionic; urgency=medium

  * bionic/linux-kvm: 4.15.0-1070.71 -proposed tracker (LP: #1885807)

  * Build and ship a signed wireguard.ko (LP: #1861284)
    - [Config] kvm: wireguard -- enable on all architectures

  * LXD 4.2 broken on linux-kvm due to missing VLAN filtering (LP: #1882955)
    - [Config] VLAN_8021Q=m && BRIDGE_VLAN_FILTERING=y

  [ Ubuntu: 4.15.0-110.111 ]

  * bionic/linux: 4.15.0-110.111 -proposed tracker (LP: #1885814)
  * Packaging resync (LP: #1786013)
    - update dkms package versions
  * CVE-2020-11935
    - SAUCE: aufs: do not call i_readcount_inc()
    - SAUCE: aufs: bugfix, IMA i_readcount
  * CVE-2020-10757
    - mm: Fix mremap not considering huge pmd devmap
  * Update lockdown patches (LP: #1884159)
    - efi/efi_test: Lock down /dev/efi_test and require CAP_SYS_ADMIN
    - efi: Restrict efivar_ssdt_load when the kernel is locked down
    - powerpc/xmon: add read-only mode
    - powerpc/xmon: Restrict when kernel is locked down
    - [Config] CONFIG_XMON_DEFAULT_RO_MODE=y
    - SAUCE: acpi: disallow loading configfs acpi tables when locked down
  * seccomp_bpf fails on powerpc (LP: #1885757)
    - SAUCE: selftests/seccomp: fix ptrace tests on powerpc
  * Introduce the new NVIDIA 418-server and 440-server series, and update the
    current NVIDIA drivers (LP: #1881137)
    - [packaging] add signed modules for the 418-server and the 440-server
      flavours

 -- Khalid Elmously <khalid.elmously@xxxxxxxxxxxxx>  Thu, 09 Jul 2020
22:13:34 -0400

** Changed in: linux-kvm (Ubuntu Bionic)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-10757

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-11935

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1882955

Title:
  LXD 4.2 broken on linux-kvm due to missing VLAN filtering

Status in linux-kvm package in Ubuntu:
  Invalid
Status in linux-kvm source package in Xenial:
  Fix Released
Status in linux-kvm source package in Bionic:
  Fix Released
Status in linux-kvm source package in Eoan:
  Fix Committed
Status in linux-kvm source package in Focal:
  Fix Released

Bug description:
  [Description]

  Some VLAN options (BRIDGE_VLAN_FILTERING, and its dependencies
  VLAN_8021Q*) were in a different state in Focal/kvm compared to
  Focal/generic: LXD now depends on BRIDGE_VLAN_FILTERING and due to
  this discrepancy it fails to work on the Focal/kvm kernel: fix it by
  aligning the config with Focal/generic

  [Fix]

  Apply the attached config patch

  [Regression potential]

  Low, just some config changes already present in generic.

  ---
  This is another case of linux-kvm having unexplained differences compared to linux-generic in areas that aren't related to hardware drivers (see other bug we filed for missing nft).

  This time, CPC is reporting that LXD no longer works on linux-kvm as
  we now set vlan filtering on our bridges to prevent containers from
  escaping firewalling through custom vlan tags.

  This relies on CONFIG_BRIDGE_VLAN_FILTERING which is a built-in on the
  generic kernel but is apparently missing on linux-kvm (I don't have
  any system running that kernel to confirm its config, but the behavior
  certainly matches that).

  We need this fixed in focal and groovy.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-kvm/+bug/1882955/+subscriptions