-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 11 Nov 2019 00:30:56 +0000
Source: linux-signed-i386
Binary: kernel-image-4.19.0-6-686-di nic-modules-4.19.0-6-686-di
nic-wireless-modules-4.19.0-6-686-di nic-shared-modules-4.19.0-6-686-di
serial-modules-4.19.0-6-686-di usb-serial-modules-4.19.0-6-686-di
ppp-modules-4.19.0-6-686-di pata-modules-4.19.0-6-686-di
cdrom-core-modules-4.19.0-6-686-di firewire-core-modules-4.19.0-6-686-di
scsi-core-modules-4.19.0-6-686-di scsi-modules-4.19.0-6-686-di
scsi-nic-modules-4.19.0-6-686-di loop-modules-4.19.0-6-686-di
btrfs-modules-4.19.0-6-686-di ext4-modules-4.19.0-6-686-di
isofs-modules-4.19.0-6-686-di jfs-modules-4.19.0-6-686-di
xfs-modules-4.19.0-6-686-di fat-modules-4.19.0-6-686-di
md-modules-4.19.0-6-686-di multipath-modules-4.19.0-6-686-di
usb-modules-4.19.0-6-686-di usb-storage-modules-4.19.0-6-686-di
pcmcia-storage-modules-4.19.0-6-686-di fb-modules-4.19.0-6-686-di
input-modules-4.19.0-6-686-di event-modules-4.19.0-6-686-di
mouse-modules-4.19.0-6-686-di nic-pcmcia-modules-4.19.0-6-686-di
pcmcia-modules-4.19.0-6-686-di
nic-usb-modules-4.19.0-6-686-di sata-modules-4.19.0-6-686-di
acpi-modules-4.19.0-6-686-di i2c-modules-4.19.0-6-686-di
crc-modules-4.19.0-6-686-di crypto-modules-4.19.0-6-686-di
crypto-dm-modules-4.19.0-6-686-di efi-modules-4.19.0-6-686-di
ata-modules-4.19.0-6-686-di mmc-core-modules-4.19.0-6-686-di
mmc-modules-4.19.0-6-686-di nbd-modules-4.19.0-6-686-di
squashfs-modules-4.19.0-6-686-di speakup-modules-4.19.0-6-686-di
uinput-modules-4.19.0-6-686-di sound-modules-4.19.0-6-686-di
compress-modules-4.19.0-6-686-di udf-modules-4.19.0-6-686-di
fuse-modules-4.19.0-6-686-di mtd-core-modules-4.19.0-6-686-di
kernel-image-4.19.0-6-686-pae-di nic-modules-4.19.0-6-686-pae-di
nic-wireless-modules-4.19.0-6-686-pae-di nic-shared-modules-4.19.0-6-686-pae-di
serial-modules-4.19.0-6-686-pae-di usb-serial-modules-4.19.0-6-686-pae-di
ppp-modules-4.19.0-6-686-pae-di pata-modules-4.19.0-6-686-pae-di
cdrom-core-modules-4.19.0-6-686-pae-di firewire-core-modules-4.19.0-6-686-pae-di
scsi-core-modules-4.19.0-6-686-pae-di scsi-modules-4.19.0-6-686-pae-di
scsi-nic-modules-4.19.0-6-686-pae-di loop-modules-4.19.0-6-686-pae-di
btrfs-modules-4.19.0-6-686-pae-di ext4-modules-4.19.0-6-686-pae-di
isofs-modules-4.19.0-6-686-pae-di jfs-modules-4.19.0-6-686-pae-di
xfs-modules-4.19.0-6-686-pae-di fat-modules-4.19.0-6-686-pae-di
md-modules-4.19.0-6-686-pae-di multipath-modules-4.19.0-6-686-pae-di
usb-modules-4.19.0-6-686-pae-di usb-storage-modules-4.19.0-6-686-pae-di
pcmcia-storage-modules-4.19.0-6-686-pae-di fb-modules-4.19.0-6-686-pae-di
input-modules-4.19.0-6-686-pae-di event-modules-4.19.0-6-686-pae-di
mouse-modules-4.19.0-6-686-pae-di nic-pcmcia-modules-4.19.0-6-686-pae-di
pcmcia-modules-4.19.0-6-686-pae-di nic-usb-modules-4.19.0-6-686-pae-di
sata-modules-4.19.0-6-686-pae-di acpi-modules-4.19.0-6-686-pae-di
i2c-modules-4.19.0-6-686-pae-di crc-modules-4.19.0-6-686-pae-di
crypto-modules-4.19.0-6-686-pae-di crypto-dm-modules-4.19.0-6-686-pae-di
efi-modules-4.19.0-6-686-pae-di ata-modules-4.19.0-6-686-pae-di
mmc-core-modules-4.19.0-6-686-pae-di mmc-modules-4.19.0-6-686-pae-di
nbd-modules-4.19.0-6-686-pae-di squashfs-modules-4.19.0-6-686-pae-di
speakup-modules-4.19.0-6-686-pae-di uinput-modules-4.19.0-6-686-pae-di
sound-modules-4.19.0-6-686-pae-di compress-modules-4.19.0-6-686-pae-di
udf-modules-4.19.0-6-686-pae-di fuse-modules-4.19.0-6-686-pae-di
mtd-core-modules-4.19.0-6-686-pae-di linux-image-4.19.0-6-686
linux-image-4.19.0-6-686-pae
linux-image-4.19.0-6-rt-686-pae
Architecture: source
Version: 4.19.67+2+deb10u2
Distribution: buster-security
Urgency: high
Maintainer: Debian Kernel Team <debian-ker...@lists.debian.org>
Changed-By: Ben Hutchings <b...@decadent.org.uk>
Description:
acpi-modules-4.19.0-6-686-di - ACPI support modules (udeb)
acpi-modules-4.19.0-6-686-pae-di - ACPI support modules (udeb)
ata-modules-4.19.0-6-686-di - ATA disk modules (udeb)
ata-modules-4.19.0-6-686-pae-di - ATA disk modules (udeb)
btrfs-modules-4.19.0-6-686-di - BTRFS filesystem support (udeb)
btrfs-modules-4.19.0-6-686-pae-di - BTRFS filesystem support (udeb)
cdrom-core-modules-4.19.0-6-686-di - CDROM support (udeb)
cdrom-core-modules-4.19.0-6-686-pae-di - CDROM support (udeb)
compress-modules-4.19.0-6-686-di - lzo modules (udeb)
compress-modules-4.19.0-6-686-pae-di - lzo modules (udeb)
crc-modules-4.19.0-6-686-di - CRC modules (udeb)
crc-modules-4.19.0-6-686-pae-di - CRC modules (udeb)
crypto-dm-modules-4.19.0-6-686-di - devicemapper crypto module (udeb)
crypto-dm-modules-4.19.0-6-686-pae-di - devicemapper crypto module (udeb)
crypto-modules-4.19.0-6-686-di - crypto modules (udeb)
crypto-modules-4.19.0-6-686-pae-di - crypto modules (udeb)
efi-modules-4.19.0-6-686-di - EFI modules (udeb)
efi-modules-4.19.0-6-686-pae-di - EFI modules (udeb)
event-modules-4.19.0-6-686-di - Event support (udeb)
event-modules-4.19.0-6-686-pae-di - Event support (udeb)
ext4-modules-4.19.0-6-686-di - ext2/ext3/ext4 filesystem support (udeb)
ext4-modules-4.19.0-6-686-pae-di - ext2/ext3/ext4 filesystem support (udeb)
fat-modules-4.19.0-6-686-di - FAT filesystem support (udeb)
fat-modules-4.19.0-6-686-pae-di - FAT filesystem support (udeb)
fb-modules-4.19.0-6-686-di - Frame buffer support (udeb)
fb-modules-4.19.0-6-686-pae-di - Frame buffer support (udeb)
firewire-core-modules-4.19.0-6-686-di - Core FireWire drivers (udeb)
firewire-core-modules-4.19.0-6-686-pae-di - Core FireWire drivers (udeb)
fuse-modules-4.19.0-6-686-di - FUSE modules (udeb)
fuse-modules-4.19.0-6-686-pae-di - FUSE modules (udeb)
i2c-modules-4.19.0-6-686-di - i2c support modules (udeb)
i2c-modules-4.19.0-6-686-pae-di - i2c support modules (udeb)
input-modules-4.19.0-6-686-di - Input devices support (udeb)
input-modules-4.19.0-6-686-pae-di - Input devices support (udeb)
isofs-modules-4.19.0-6-686-di - ISOFS filesystem support (udeb)
isofs-modules-4.19.0-6-686-pae-di - ISOFS filesystem support (udeb)
jfs-modules-4.19.0-6-686-di - JFS filesystem support (udeb)
jfs-modules-4.19.0-6-686-pae-di - JFS filesystem support (udeb)
kernel-image-4.19.0-6-686-di - Linux kernel image and core modules for the
Debian installer (udeb)
kernel-image-4.19.0-6-686-pae-di - Linux kernel image and core modules for the
Debian installer (udeb)
linux-image-4.19.0-6-686 - ${unsigned:DescriptionShort} (signed)
linux-image-4.19.0-6-686-pae - ${unsigned:DescriptionShort} (signed)
linux-image-4.19.0-6-rt-686-pae - ${unsigned:DescriptionShort} (signed)
loop-modules-4.19.0-6-686-di - Loopback filesystem support (udeb)
loop-modules-4.19.0-6-686-pae-di - Loopback filesystem support (udeb)
md-modules-4.19.0-6-686-di - RAID and LVM support (udeb)
md-modules-4.19.0-6-686-pae-di - RAID and LVM support (udeb)
mmc-core-modules-4.19.0-6-686-di - MMC/SD/SDIO core modules (udeb)
mmc-core-modules-4.19.0-6-686-pae-di - MMC/SD/SDIO core modules (udeb)
mmc-modules-4.19.0-6-686-di - MMC/SD card modules (udeb)
mmc-modules-4.19.0-6-686-pae-di - MMC/SD card modules (udeb)
mouse-modules-4.19.0-6-686-di - Mouse support (udeb)
mouse-modules-4.19.0-6-686-pae-di - Mouse support (udeb)
mtd-core-modules-4.19.0-6-686-di - MTD core (udeb)
mtd-core-modules-4.19.0-6-686-pae-di - MTD core (udeb)
multipath-modules-4.19.0-6-686-di - Multipath support (udeb)
multipath-modules-4.19.0-6-686-pae-di - Multipath support (udeb)
nbd-modules-4.19.0-6-686-di - Network Block Device modules (udeb)
nbd-modules-4.19.0-6-686-pae-di - Network Block Device modules (udeb)
nic-modules-4.19.0-6-686-di - NIC drivers (udeb)
nic-modules-4.19.0-6-686-pae-di - NIC drivers (udeb)
nic-pcmcia-modules-4.19.0-6-686-di - Common PCMCIA NIC drivers (udeb)
nic-pcmcia-modules-4.19.0-6-686-pae-di - Common PCMCIA NIC drivers (udeb)
nic-shared-modules-4.19.0-6-686-di - Shared NIC drivers (udeb)
nic-shared-modules-4.19.0-6-686-pae-di - Shared NIC drivers (udeb)
nic-usb-modules-4.19.0-6-686-di - USB NIC drivers (udeb)
nic-usb-modules-4.19.0-6-686-pae-di - USB NIC drivers (udeb)
nic-wireless-modules-4.19.0-6-686-di - Wireless NIC drivers (udeb)
nic-wireless-modules-4.19.0-6-686-pae-di - Wireless NIC drivers (udeb)
pata-modules-4.19.0-6-686-di - PATA drivers (udeb)
pata-modules-4.19.0-6-686-pae-di - PATA drivers (udeb)
pcmcia-modules-4.19.0-6-686-di - Common PCMCIA drivers (udeb)
pcmcia-modules-4.19.0-6-686-pae-di - Common PCMCIA drivers (udeb)
pcmcia-storage-modules-4.19.0-6-686-di - PCMCIA storage drivers (udeb)
pcmcia-storage-modules-4.19.0-6-686-pae-di - PCMCIA storage drivers (udeb)
ppp-modules-4.19.0-6-686-di - PPP drivers (udeb)
ppp-modules-4.19.0-6-686-pae-di - PPP drivers (udeb)
sata-modules-4.19.0-6-686-di - SATA drivers (udeb)
sata-modules-4.19.0-6-686-pae-di - SATA drivers (udeb)
scsi-core-modules-4.19.0-6-686-di - Core SCSI subsystem (udeb)
scsi-core-modules-4.19.0-6-686-pae-di - Core SCSI subsystem (udeb)
scsi-modules-4.19.0-6-686-di - SCSI drivers (udeb)
scsi-modules-4.19.0-6-686-pae-di - SCSI drivers (udeb)
scsi-nic-modules-4.19.0-6-686-di - SCSI drivers for converged NICs (udeb)
scsi-nic-modules-4.19.0-6-686-pae-di - SCSI drivers for converged NICs (udeb)
serial-modules-4.19.0-6-686-di - Serial drivers (udeb)
serial-modules-4.19.0-6-686-pae-di - Serial drivers (udeb)
sound-modules-4.19.0-6-686-di - sound support (udeb)
sound-modules-4.19.0-6-686-pae-di - sound support (udeb)
speakup-modules-4.19.0-6-686-di - speakup modules (udeb)
speakup-modules-4.19.0-6-686-pae-di - speakup modules (udeb)
squashfs-modules-4.19.0-6-686-di - squashfs modules (udeb)
squashfs-modules-4.19.0-6-686-pae-di - squashfs modules (udeb)
udf-modules-4.19.0-6-686-di - UDF modules (udeb)
udf-modules-4.19.0-6-686-pae-di - UDF modules (udeb)
uinput-modules-4.19.0-6-686-di - uinput support (udeb)
uinput-modules-4.19.0-6-686-pae-di - uinput support (udeb)
usb-modules-4.19.0-6-686-di - USB support (udeb)
usb-modules-4.19.0-6-686-pae-di - USB support (udeb)
usb-serial-modules-4.19.0-6-686-di - USB serial drivers (udeb)
usb-serial-modules-4.19.0-6-686-pae-di - USB serial drivers (udeb)
usb-storage-modules-4.19.0-6-686-di - USB storage support (udeb)
usb-storage-modules-4.19.0-6-686-pae-di - USB storage support (udeb)
xfs-modules-4.19.0-6-686-di - XFS filesystem support (udeb)
xfs-modules-4.19.0-6-686-pae-di - XFS filesystem support (udeb)
Changes:
linux-signed-i386 (4.19.67+2+deb10u2) buster-security; urgency=high
.
* Sign kernel from linux 4.19.67-2+deb10u2
.
* [x86] Add mitigation for TSX Asynchronous Abort (CVE-2019-11135):
- KVM: x86: use Intel speculation bugs and features as derived in generic
x86 code
- x86/msr: Add the IA32_TSX_CTRL MSR
- x86/cpu: Add a helper function x86_read_arch_cap_msr()
- x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
- x86/speculation/taa: Add mitigation for TSX Async Abort
- x86/speculation/taa: Add sysfs reporting for TSX Async Abort
- kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
- x86/tsx: Add "auto" option to the tsx= cmdline parameter
- x86/speculation/taa: Add documentation for TSX Async Abort
- x86/tsx: Add config options to set tsx=on|off|auto
- x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs
TSX is now disabled by default; see
Documentation/admin-guide/hw-vuln/tsx_async_abort.rst
* [x86] KVM: Add mitigation for Machine Check Error on Page Size Change
(aka iTLB multi-hit, CVE-2018-12207):
- kvm: Convert kvm_lock to a mutex
- kvm: x86: Do not release the page inside mmu_set_spte()
- KVM: x86: make FNAME(fetch) and __direct_map more similar
- KVM: x86: remove now unneeded hugepage gfn adjustment
- KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON
- KVM: x86: add tracepoints around __direct_map and FNAME(fetch)
- kvm: x86, powerpc: do not allow clearing largepages debugfs entry
- KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is active
- x86/bugs: Add ITLB_MULTIHIT bug infrastructure
- cpu/speculation: Uninline and export CPU mitigations helpers
- kvm: mmu: ITLB_MULTIHIT mitigation
- kvm: Add helper function for creating VM worker threads
- kvm: x86: mmu: Recovery of shattered NX large pages
- Documentation: Add ITLB_MULTIHIT documentation
* [x86] i915: Mitigate local privilege escalation on gen9 (CVE-2019-0155):
- drm/i915: Rename gen7 cmdparser tables
- drm/i915: Disable Secure Batches for gen6+
- drm/i915: Remove Master tables from cmdparser
- drm/i915: Add support for mandatory cmdparsing
- drm/i915: Support ro ppgtt mapped cmdparser shadow buffers
- drm/i915: Allow parsing of unsized batches
- drm/i915: Add gen9 BCS cmdparsing
- drm/i915/cmdparser: Use explicit goto for error paths
- drm/i915/cmdparser: Add support for backward jumps
- drm/i915/cmdparser: Ignore Length operands during command matching
- drm/i915/cmdparser: Fix jump whitelist clearing
* [x86] i915: Mitigate local denial-of-service on gen8/gen9 (CVE-2019-0154):
- drm/i915: Lower RM timeout to avoid DSI hard hangs
- drm/i915/gen8+: Add RC6 CTX corruption WA
Checksums-Sha1:
99810ef8b0086c63ce0658bc65dcea6ae9effb01 13348
linux-signed-i386_4.19.67+2+deb10u2.dsc
caee3d7748da810c672509ba9b92b34b13423090 3319084
linux-signed-i386_4.19.67+2+deb10u2.tar.xz
Checksums-Sha256:
1826e0ad156c78a90dc88b17b1ca1128062221e090fff2dcc924425a73dac0b0 13348
linux-signed-i386_4.19.67+2+deb10u2.dsc
544f35ad52aaf53b3a360879ac9fa332429b6cfb0f38496d7a1c6b4b93252e6b 3319084
linux-signed-i386_4.19.67+2+deb10u2.tar.xz
Files:
eadae4dd570cfa45b6d22c5ffebab71c 13348 kernel optional
linux-signed-i386_4.19.67+2+deb10u2.dsc
0d5a5c03084769ccf573924b2a995cd6 3319084 kernel optional
linux-signed-i386_4.19.67+2+deb10u2.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE8nXL3e4u3Tgu6Vp6qgZoiu+K+NUFAl3J13wACgkQqgZoiu+K
+NWeFhAAtbq8jPFIwd93PCvLEQWV9xAhPI1d+kmKbO8x7D+H8IUuc7edx9pelz1C
hZTLhu3VuibfJjA9OUPnBb4XsEZv9cg9kFHdokDKMcRrjJJnOkUm6hYJVw0+5nzm
dBGM/7+SdKzE1tIeZ7N+0fnq9vrEQ1881PsX8Som5lVSvzTZhmImMzVKBhRBuCu0
nygceB6jOnYbmKJZ1/UaQtvyWFN+TfTwLWzb1qAY65WImg8vpUVc2vL8NigfAx2q
r+QtHjaYKL0Na5sCQ8V5l4Whx0oExoNZSCAaWcQwGkoxXIoIzHCF685SYYsrPoRP
JbNJvQjnEDE6HdsRHQ40uQ3O4s72Vk5z7QtQqu4+xt3b3k3vmmiscuUPoDfBvrO1
j+WcU6KESsjb8j+daa4zAQM93N2fwAbkJsr6Lq++/2NS5IB5/rKvOQMPw15qzI8x
u1bniX23SAU2hIiJh6vGaPeg1L1dUViNLD6kWdfJ+cFt24NUC9apLKCgKbvoQnwH
vRtrUCJb/OmZIS9S2x7a5ZtINMCZqlwCtIPC3gCs2jZScid0PI8DQZdME372hG6c
5+Sd7b/yFfgQ5brnCftWjT32xbOitw5CHp8N35FX3qa/a9/sbHYDsxv4ri6Bx2iv
o4MuhntAHOLCtt1VXNTY2VWVgVMNFpTqa58DFNeYlJNaEfETfUg=
=U0KJ
-----END PGP SIGNATURE-----
