Skipped: * "x86/paravirt: Fix spectre-v2 mitigations for paravirt guests (CVE-2018-15594) * "x86/speculation: Protect against userspace-userspace spectreRSB" (CVE-2018-15572)
Skipped patches from L1TF (CVE-2018-3620, CVE-2018-3646): * "x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT" * "x86/mm: Move swap offset/type up in PTE to work around erratum" * "x86/mm: Fix swap entry comment and macro" * "x86/speculation/l1tf: Change order of offset/type in swap entry" * "x86/speculation/l1tf: Protect swap entries against L1TF" * "x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation" * "x86/speculation/l1tf: Make sure the first page is always reserved" * "x86/speculation/l1tf: Add sysfs reporting for l1tf" * "x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings" * "x86/speculation/l1tf: Limit swap file size to MAX_PA/2" * "x86/bugs: Move the l1tf function and define pr_fmt properly" * "x86/speculation/l1tf: Extend 64bit swap file size limit" * "x86/cpufeatures: Add detection of L1D cache flush support." * "x86/speculation/l1tf: Protect PAE swap entries against L1TF" * "x86/speculation/l1tf: Fix up pte->pfn conversion for PAE" * "x86/speculation/l1tf: Invert all not present mappings" * "x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert" * "x86/mm/pat: Make set_memory_np() L1TF safe" * "x86/speculation/l1tf: Fix up CPU feature flags" * "x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures" Modified "mm: x86: move _PAGE_SWP_SOFT_DIRTY from bit 7 to bit 1" to do the changes to arch/x86/include/asm/pgtable_types.h only (because changes to arch/x86/include/asm/pgtable_64.h were already present). ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-15572 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-15594 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-3620 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-3646 ** Description changed: + SRU Justification - SRU Justification + Impact: + The upstream process for stable tree updates is quite similar + in scope to the Ubuntu SRU process, e.g., each patch has to + demonstrably fix a bug, and each patch is vetted by upstream + by originating either directly from a mainline/stable Linux tree or + a minimally backported form of that patch. The 4.4.148 upstream stable + patch set is now available. It should be included in the Ubuntu + kernel as well. - Impact: - The upstream process for stable tree updates is quite similar - in scope to the Ubuntu SRU process, e.g., each patch has to - demonstrably fix a bug, and each patch is vetted by upstream - by originating either directly from a mainline/stable Linux tree or - a minimally backported form of that patch. The 4.4.148 upstream stable - patch set is now available. It should be included in the Ubuntu - kernel as well. + git://git.kernel.org/ - git://git.kernel.org/ + TEST CASE: TBD - TEST CASE: TBD - - The following patches from the 4.4.148 stable release shall be - applied: + The following patches from the 4.4.148 stable release shall be applied: + * ext4: fix check to prevent initializing reserved inodes + * tpm: fix race condition in tpm_common_write() + * ipv4+ipv6: Make INET*_ESP select CRYPTO_ECHAINIV + * fork: unconditionally clear stack on fork + * parisc: Enable CONFIG_MLONGCALLS by default + * parisc: Define mb() and add memory barriers to assembler unlock sequences + * xen/netfront: don't cache skb_shinfo() + * ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices + * scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled + * root dentries need RCU-delayed freeing + * fix mntput/mntput race + * fix __legitimize_mnt()/mntput() race + * IB/core: Make testing MR flags for writability a static inline function + * IB/mlx4: Mark user MR as writable if actual virtual memory is writable + * IB/ocrdma: fix out of bounds access to local buffer + * ARM: dts: imx6sx: fix irq for pcie bridge + * kprobes/x86: Fix %p uses in error messages + * x86/irqflags: Provide a declaration for native_save_fl + * UBUNTU: SAUCE: Sync pgtable_64.h with upstream stable + * mm: x86: move _PAGE_SWP_SOFT_DIRTY from bit 7 to bit 1 + * UBUNTU: SAUCE: Sync pgtable-3level.h with upstream stable + * UBUNTU: SAUCE: Sync pgtable.h with upstream stable + * mm: Add vm_insert_pfn_prot() + * mm: fix cache mode tracking in vm_insert_mixed() + * x86/mm/kmmio: Make the tracer robust against L1TF + * x86/init: fix build with CONFIG_SWAP=n + * Linux 4.4.148 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1792174 Title: Xenial update to 4.4.148 stable release Status in linux package in Ubuntu: Invalid Status in linux source package in Xenial: In Progress Bug description: SRU Justification Impact: The upstream process for stable tree updates is quite similar in scope to the Ubuntu SRU process, e.g., each patch has to demonstrably fix a bug, and each patch is vetted by upstream by originating either directly from a mainline/stable Linux tree or a minimally backported form of that patch. The 4.4.148 upstream stable patch set is now available. It should be included in the Ubuntu kernel as well. git://git.kernel.org/ TEST CASE: TBD The following patches from the 4.4.148 stable release shall be applied: * ext4: fix check to prevent initializing reserved inodes * tpm: fix race condition in tpm_common_write() * ipv4+ipv6: Make INET*_ESP select CRYPTO_ECHAINIV * fork: unconditionally clear stack on fork * parisc: Enable CONFIG_MLONGCALLS by default * parisc: Define mb() and add memory barriers to assembler unlock sequences * xen/netfront: don't cache skb_shinfo() * ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices * scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled * root dentries need RCU-delayed freeing * fix mntput/mntput race * fix __legitimize_mnt()/mntput() race * IB/core: Make testing MR flags for writability a static inline function * IB/mlx4: Mark user MR as writable if actual virtual memory is writable * IB/ocrdma: fix out of bounds access to local buffer * ARM: dts: imx6sx: fix irq for pcie bridge * kprobes/x86: Fix %p uses in error messages * x86/irqflags: Provide a declaration for native_save_fl * UBUNTU: SAUCE: Sync pgtable_64.h with upstream stable * mm: x86: move _PAGE_SWP_SOFT_DIRTY from bit 7 to bit 1 * UBUNTU: SAUCE: Sync pgtable-3level.h with upstream stable * UBUNTU: SAUCE: Sync pgtable.h with upstream stable * mm: Add vm_insert_pfn_prot() * mm: fix cache mode tracking in vm_insert_mixed() * x86/mm/kmmio: Make the tracer robust against L1TF * x86/init: fix build with CONFIG_SWAP=n * Linux 4.4.148 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1792174/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp