[ubuntu/xenial-security] libreoffice 1:5.1.6~rc2-0ubuntu1~xenial3 (Accepted)
libreoffice (1:5.1.6~rc2-0ubuntu1~xenial3) xenial-security; urgency=medium [ Marc Deslauriers ] * SECURITY UPDATE: remote arbitrary file disclosure vulnerability using WEBSERVICE - debian/patches/CVE-2018-6871-1.patch: limit WEBSERVICE to http[s] protocols. - debian/patches/CVE-2018-6871-2.patch: better handle ScDde formulas with missing dde-link entries. - debian/patches/CVE-2018-6871-3.patch: handle ocWebservice similarly to ocDde. - debian/patches/CVE-2018-6871-4.patch: CheckLinkFormulaNeedingCheck() for .xls and .xlsx formula cells. - debian/patches/CVE-2018-6871-5.patch: CheckLinkFormulaNeedingCheck() for conditional format expressions - debian/patches/CVE-2018-6871-6.patch: CheckLinkFormulaNeedingCheck() for named expressions - debian/patches/CVE-2018-6871-7.patch: fix for DDE link update via Function Wizard - CVE-2018-6871 * SECURITY UPDATE: use-after-free in SwRootFrame - debian/patches/layout-footnote-use-after-free.diff: fix layout footnote use-after-free in SwRootFrame. - No CVE number. Date: 2018-02-19 16:33:12.783974+00:00 Changed-By: Olivier TilloySigned-By: Chris Coulson https://launchpad.net/ubuntu/+source/libreoffice/1:5.1.6~rc2-0ubuntu1~xenial3 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] linux-meta-hwe 4.13.0.36.55 (Accepted)
linux-meta-hwe (4.13.0.36.55) xenial; urgency=medium * Bump ABI 4.13.0-36 linux-meta-hwe (4.13.0.35.54) xenial; urgency=medium * Bump ABI 4.13.0-35 linux-meta-hwe (4.13.0.33.53) xenial; urgency=medium * Bump ABI 4.13.0-33 Date: 2018-02-16 23:22:51.703806+00:00 Changed-By: Kamal MostafaSigned-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/linux-meta-hwe/4.13.0.36.55 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] libreoffice 1:5.1.6~rc2-0ubuntu1~xenial3 (Accepted)
libreoffice (1:5.1.6~rc2-0ubuntu1~xenial3) xenial-security; urgency=medium [ Marc Deslauriers ] * SECURITY UPDATE: remote arbitrary file disclosure vulnerability using WEBSERVICE - debian/patches/CVE-2018-6871-1.patch: limit WEBSERVICE to http[s] protocols. - debian/patches/CVE-2018-6871-2.patch: better handle ScDde formulas with missing dde-link entries. - debian/patches/CVE-2018-6871-3.patch: handle ocWebservice similarly to ocDde. - debian/patches/CVE-2018-6871-4.patch: CheckLinkFormulaNeedingCheck() for .xls and .xlsx formula cells. - debian/patches/CVE-2018-6871-5.patch: CheckLinkFormulaNeedingCheck() for conditional format expressions - debian/patches/CVE-2018-6871-6.patch: CheckLinkFormulaNeedingCheck() for named expressions - debian/patches/CVE-2018-6871-7.patch: fix for DDE link update via Function Wizard - CVE-2018-6871 * SECURITY UPDATE: use-after-free in SwRootFrame - debian/patches/layout-footnote-use-after-free.diff: fix layout footnote use-after-free in SwRootFrame. - No CVE number. Date: 2018-02-19 16:33:12.783974+00:00 Changed-By: Olivier TilloySigned-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/libreoffice/1:5.1.6~rc2-0ubuntu1~xenial3 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] linux-oem 4.13.0-1021.23 (Accepted)
linux-oem (4.13.0-1021.23) xenial; urgency=low * linux-oem: 4.13.0-1021.23 -proposed tracker (LP: #1748481) * Intel 9462 A370:42A4 doesn't work (LP: #1748853) - SAUCE: iwlwifi: Adding missing id A370:42A4 * headset mic can't be detected on two Dell machines (LP: #1748807) - ALSA: hda/realtek - Support headset mode for ALC215/ALC285/ALC289 - ALSA: hda - Fix headset mic detection problem for two Dell machines * [linux-oem] Use I2C transport for touchpad on Precision M5530 (LP: #1746661) - SAUCE: ACPI: Parse entire table as a term_list for Dell XPS 9570 and Precision M5530 * QCA9377 requires more IRAM banks for its new firmware (LP: #1748345) - SAUCE: ath10k: change QCA9377 IRAM back to 9 * TrackPoint: middle button doesn't work on TrackPoint-compatible device. (LP: #1746002) - Input: trackpoint - force 3 buttons if 0 button is reported * [linux-oem] Fix out of bound VBT pin on CNP (LP: #1746411) - drm/i914/bios: amend child device config parameters - drm/i915/bios: document BDB versions of child device config fields - drm/i915/bios: remove the raw version of child device config - drm/i915/bios: add legacy contents to common child device config - drm/i915/bios: throw away high level child device union - drm/i915/bios: throw away struct old_child_dev_config - drm/i915/bios: document child device config dvo_port values a bit better - drm/i915/bios: group device type definitions together - drm/i915/bios: throw away unused DVO_* macros - drm/i915/bios: drop the rest of the p_ prefixes from pointers - drm/i915/cnl: Don't trust VBT's alternate pin for port D for now. - drm/i915/cnl: Map VBT DDC Pin to BSpec DDC Pin. - drm/i915/bios: split up iboost to hdmi and dp bitfields - drm/i915/bios: add DP max link rate to VBT child device struct - drm/i915/cnp: Ignore VBT request for know invalid DDC pin. - drm/i915/cnp: Properly handle VBT ddc pin out of bounds. * Miscellaneous upstream changes - Rebase to 4.13.0-35.39 - [Config] update configs following rebase to 4.13.0-35.39 - [oem config] Keep ignoring retpoline [ Ubuntu: 4.13.0-35.39 ] * linux: 4.13.0-35.39 -proposed tracker (LP: #1748743) * CVE-2017-5715 (Spectre v2 Intel) - Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present" - SAUCE: turn off IBRS when full retpoline is present - [Packaging] retpoline files must be sorted - [Packaging] pull in retpoline files [ Ubuntu: 4.13.0-34.37 ] * linux: 4.13.0-34.37 -proposed tracker (LP: #1748475) * libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (LP: #1743053) - libata: apply MAX_SEC_1024 to all LITEON EP1 series devices * KVM patches for s390x to provide facility bits 81 (ppa15) and 82 (bpb) (LP: #1747090) - KVM: s390: wire up bpb feature * artful 4.13 i386 kernels crash after memory hotplug remove (LP: #1747069) - Revert "mm, memory_hotplug: do not associate hotadded memory to zones until online" * CVE-2017-5715 (Spectre v2 Intel) - x86/feature: Enable the x86 feature to control Speculation - x86/feature: Report presence of IBPB and IBRS control - x86/enter: MACROS to set/clear IBRS and set IBPB - x86/enter: Use IBRS on syscall and interrupts - x86/idle: Disable IBRS entering idle and enable it on wakeup - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup - x86/mm: Set IBPB upon context switch - x86/mm: Only set IBPB when the new thread cannot ptrace current thread - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm - x86/kvm: Set IBPB when switching VM - x86/kvm: Toggle IBRS on VM entry and exit - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control - x86/cpu/AMD: Add speculative control support for AMD - x86/microcode: Extend post microcode reload to support IBPB feature - KVM: SVM: Do not intercept new speculative control MSRs - x86/svm: Set IBRS value on VM entry and exit - x86/svm: Set IBPB when running a different VCPU - KVM: x86: Add speculative control CPUID support for guests - SAUCE: turn off IBPB when full retpoline is present * Artful 4.13 fixes for tun (LP: #1748846) - tun: call dev_get_valid_name() before register_netdevice() - tun: allow positive return values on dev_get_valid_name() call - tun/tap: sanitize TUNSETSNDBUF input * boot failure on AMD Raven + WestonXT (LP: #1742759) - SAUCE: drm/amdgpu: add atpx quirk handling (v2) [ Ubuntu: 4.13.0-33.36 ] * linux: 4.13.0-33.36 -proposed tracker (LP: #1746903) * starting VMs causing retpoline4 to reboot (LP: #1747507) // CVE-2017-5715 (Spectre v2 retpoline) - x86/retpoline: Fill RSB on context switch for affected CPUs - x86/retpoline: Add
[ubuntu/xenial-updates] linux-meta-raspi2 4.4.0.1085.85 (Accepted)
linux-meta-raspi2 (4.4.0.1085.85) xenial; urgency=medium * Bump ABI 4.4.0-1085 linux-meta-raspi2 (4.4.0.1084.84) xenial; urgency=medium * Bump ABI 4.4.0-1084 linux-meta-raspi2 (4.4.0.1083.83) xenial; urgency=medium * Bump ABI 4.4.0-1083 Date: 2018-02-13 09:44:24.489811+00:00 Changed-By: Stefan BaderSigned-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/linux-meta-raspi2/4.4.0.1085.85 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] linux-signed-hwe 4.13.0-36.40~16.04.1 (Accepted)
linux-signed-hwe (4.13.0-36.40~16.04.1) xenial; urgency=medium * Master version: 4.13.0-36.40~16.04.1 linux-signed-hwe (4.13.0-35.39~16.04.1) xenial; urgency=medium * Master version: 4.13.0-35.39~16.04.1 linux-signed-hwe (4.13.0-33.36~16.04.1) xenial; urgency=medium * Master version: 4.13.0-33.36~16.04.1 Date: 2018-02-16 23:22:54.455755+00:00 Changed-By: Kamal MostafaSigned-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/linux-signed-hwe/4.13.0-36.40~16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] linux-meta-aws 4.4.0.1052.54 (Accepted)
linux-meta-aws (4.4.0.1052.54) xenial; urgency=medium * Bump ABI 4.4.0-1052 linux-meta-aws (4.4.0.1051.53) xenial; urgency=medium * Bump ABI 4.4.0-1051 linux-meta-aws (4.4.0.1050.52) xenial; urgency=medium * Bump ABI 4.4.0-1050 Date: 2018-02-12 22:59:07.790994+00:00 Changed-By: Kamal MostafaSigned-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/linux-meta-aws/4.4.0.1052.54 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] linux-meta-gcp 4.13.0.1011.13 (Accepted)
linux-meta-gcp (4.13.0.1011.13) xenial; urgency=medium * Bump ABI 4.13.0-1011 linux-meta-gcp (4.13.0.1010.12) xenial; urgency=medium * Bump ABI 4.13.0-1010 linux-meta-gcp (4.13.0.1009.11) xenial; urgency=medium * Bump ABI 4.13.0-1009 Date: 2018-02-12 17:22:17.39+00:00 Changed-By: Stefan BaderSigned-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/linux-meta-gcp/4.13.0.1011.13 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] linux-signed-oem 4.13.0-1021.23 (Accepted)
linux-signed-oem (4.13.0-1021.23) xenial; urgency=medium * Master version: 4.13.0-1021.23 linux-signed-oem (4.13.0-1021.22) xenial; urgency=medium * Master version: 4.13.0-1021.22 Date: 2018-02-13 12:24:13.448887+00:00 Changed-By: Timo AaltonenSigned-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/linux-signed-oem/4.13.0-1021.23 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] linux-raspi2 4.4.0-1085.93 (Accepted)
linux-raspi2 (4.4.0-1085.93) xenial; urgency=medium * linux-raspi2: 4.4.0-1085.93 -proposed tracker (LP: #1749094) [ Ubuntu: 4.4.0-116.140 ] * linux: 4.4.0-116.140 -proposed tracker (LP: #1748990) * BUG: unable to handle kernel NULL pointer dereference at 0009 (LP: #1748671) - SAUCE: net: ipv4: fix for a race condition in raw_sendmsg -- fix backport linux-raspi2 (4.4.0-1084.92) xenial; urgency=medium * linux-raspi2: 4.4.0-1084.92 -proposed tracker (LP: #1748493) [ Ubuntu: 4.4.0-115.139 ] * linux: 4.4.0-115.138 -proposed tracker (LP: #1748745) * CVE-2017-5715 (Spectre v2 Intel) - Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present" - SAUCE: turn off IBRS when full retpoline is present - [Packaging] retpoline files must be sorted - [Packaging] pull in retpoline files [ Ubuntu: 4.4.0-114.137 ] * linux: 4.4.0-114.137 -proposed tracker (LP: #1748484) * ALSA backport missing NVIDIA GPU codec IDs to patch table to Ubuntu 16.04 LTS Kernel (LP: #1744117) - ALSA: hda - Add missing NVIDIA GPU codec IDs to patch table * Shutdown hang on 16.04 with iscsi targets (LP: #1569925) - scsi: libiscsi: Allow sd_shutdown on bad transport * libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (LP: #1743053) - libata: apply MAX_SEC_1024 to all LITEON EP1 series devices * KVM patches for s390x to provide facility bits 81 (ppa15) and 82 (bpb) (LP: #1747090) - KVM: s390: wire up bpb feature - KVM: s390: Enable all facility bits that are known good for passthrough * CVE-2017-5715 (Spectre v2 Intel) - SAUCE: drop lingering gmb() macro - x86/feature: Enable the x86 feature to control Speculation - x86/feature: Report presence of IBPB and IBRS control - x86/enter: MACROS to set/clear IBRS and set IBPB - x86/enter: Use IBRS on syscall and interrupts - x86/idle: Disable IBRS entering idle and enable it on wakeup - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup - x86/mm: Set IBPB upon context switch - x86/mm: Only set IBPB when the new thread cannot ptrace current thread - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm - x86/kvm: Set IBPB when switching VM - x86/kvm: Toggle IBRS on VM entry and exit - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control - x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR - x86/cpu/AMD: Add speculative control support for AMD - x86/microcode: Extend post microcode reload to support IBPB feature - KVM: SVM: Do not intercept new speculative control MSRs - x86/svm: Set IBRS value on VM entry and exit - x86/svm: Set IBPB when running a different VCPU - KVM: x86: Add speculative control CPUID support for guests - SAUCE: Fix spec_ctrl support in KVM - SAUCE: turn off IBPB when full retpoline is present linux-raspi2 (4.4.0-1083.91) xenial; urgency=low * linux-raspi2: 4.4.0-1083.91 -proposed tracker (LP: #1746941) [ Ubuntu: 4.4.0-113.136 ] * linux: 4.4.0-113.136 -proposed tracker (LP: #1746936) * Missing install-time driver for QLogic QED 25/40/100Gb Ethernet NIC (LP: #1743638) - [d-i] Add qede to nic-modules udeb * CVE-2017-5753 (Spectre v1 Intel) - x86/cpu/AMD: Make the LFENCE instruction serialized - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature - SAUCE: reinstate MFENCE_RDTSC feature definition - locking/barriers: introduce new observable speculation barrier - bpf: prevent speculative execution in eBPF interpreter - x86, bpf, jit: prevent speculative execution when JIT is enabled - SAUCE: FIX: x86, bpf, jit: prevent speculative execution when JIT is enabled - carl9170: prevent speculative execution - qla2xxx: prevent speculative execution - Thermal/int340x: prevent speculative execution - ipv4: prevent speculative execution - ipv6: prevent speculative execution - fs: prevent speculative execution - net: mpls: prevent speculative execution - udf: prevent speculative execution - userns: prevent speculative execution - SAUCE: claim mitigation via observable speculation barrier - SAUCE: powerpc: add osb barrier - SAUCE: s390/spinlock: add osb memory barrier - SAUCE: arm64: no osb() implementation yet - SAUCE: arm: no osb() implementation yet * CVE-2017-5715 (Spectre v2 retpoline) - x86/cpuid: Provide get_scattered_cpuid_leaf() - x86/cpu: Factor out application of forced CPU caps - x86/cpufeatures: Make CPU bugs sticky - x86/cpufeatures: Add X86_BUG_CPU_INSECURE - x86/cpu, x86/pti: Do not enable PTI on AMD processors - x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] - x86/cpu: Merge bugs.c and bugs_64.c - sysfs/cpu: Add vulnerability folder - x86/cpu:
[ubuntu/xenial-security] linux-signed 4.4.0-116.140 (Accepted)
linux-signed (4.4.0-116.140) xenial; urgency=medium * Version 4.4.0-116.140 linux-signed (4.4.0-115.138) xenial; urgency=medium * Version 4.4.0-115.138 linux-signed (4.4.0-114.137) xenial; urgency=medium * Version 4.4.0-114.137 linux-signed (4.4.0-113.136) xenial; urgency=medium * Version 4.4.0-113.136 Date: 2018-02-12 21:19:25.925684+00:00 Changed-By: Khaled El MouslySigned-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/linux-signed/4.4.0-116.140 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] linux 4.4.0-116.140 (Accepted)
linux (4.4.0-116.140) xenial; urgency=medium * linux: 4.4.0-116.140 -proposed tracker (LP: #1748990) * BUG: unable to handle kernel NULL pointer dereference at 0009 (LP: #1748671) - SAUCE: net: ipv4: fix for a race condition in raw_sendmsg -- fix backport linux (4.4.0-115.139) xenial; urgency=medium * linux: 4.4.0-115.138 -proposed tracker (LP: #1748745) * CVE-2017-5715 (Spectre v2 Intel) - Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present" - SAUCE: turn off IBRS when full retpoline is present - [Packaging] retpoline files must be sorted - [Packaging] pull in retpoline files linux (4.4.0-114.137) xenial; urgency=medium * linux: 4.4.0-114.137 -proposed tracker (LP: #1748484) * ALSA backport missing NVIDIA GPU codec IDs to patch table to Ubuntu 16.04 LTS Kernel (LP: #1744117) - ALSA: hda - Add missing NVIDIA GPU codec IDs to patch table * Shutdown hang on 16.04 with iscsi targets (LP: #1569925) - scsi: libiscsi: Allow sd_shutdown on bad transport * libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (LP: #1743053) - libata: apply MAX_SEC_1024 to all LITEON EP1 series devices * KVM patches for s390x to provide facility bits 81 (ppa15) and 82 (bpb) (LP: #1747090) - KVM: s390: wire up bpb feature - KVM: s390: Enable all facility bits that are known good for passthrough * CVE-2017-5715 (Spectre v2 Intel) - SAUCE: drop lingering gmb() macro - x86/feature: Enable the x86 feature to control Speculation - x86/feature: Report presence of IBPB and IBRS control - x86/enter: MACROS to set/clear IBRS and set IBPB - x86/enter: Use IBRS on syscall and interrupts - x86/idle: Disable IBRS entering idle and enable it on wakeup - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup - x86/mm: Set IBPB upon context switch - x86/mm: Only set IBPB when the new thread cannot ptrace current thread - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm - x86/kvm: Set IBPB when switching VM - x86/kvm: Toggle IBRS on VM entry and exit - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control - x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR - x86/cpu/AMD: Add speculative control support for AMD - x86/microcode: Extend post microcode reload to support IBPB feature - KVM: SVM: Do not intercept new speculative control MSRs - x86/svm: Set IBRS value on VM entry and exit - x86/svm: Set IBPB when running a different VCPU - KVM: x86: Add speculative control CPUID support for guests - SAUCE: Fix spec_ctrl support in KVM - SAUCE: turn off IBPB when full retpoline is present linux (4.4.0-113.136) xenial; urgency=low * linux: 4.4.0-113.136 -proposed tracker (LP: #1746936) [ Stefan Bader ] * Missing install-time driver for QLogic QED 25/40/100Gb Ethernet NIC (LP: #1743638) - [d-i] Add qede to nic-modules udeb * CVE-2017-5753 (Spectre v1 Intel) - x86/cpu/AMD: Make the LFENCE instruction serialized - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature - SAUCE: reinstate MFENCE_RDTSC feature definition - locking/barriers: introduce new observable speculation barrier - bpf: prevent speculative execution in eBPF interpreter - x86, bpf, jit: prevent speculative execution when JIT is enabled - SAUCE: FIX: x86, bpf, jit: prevent speculative execution when JIT is enabled - carl9170: prevent speculative execution - qla2xxx: prevent speculative execution - Thermal/int340x: prevent speculative execution - ipv4: prevent speculative execution - ipv6: prevent speculative execution - fs: prevent speculative execution - net: mpls: prevent speculative execution - udf: prevent speculative execution - userns: prevent speculative execution - SAUCE: claim mitigation via observable speculation barrier - SAUCE: powerpc: add osb barrier - SAUCE: s390/spinlock: add osb memory barrier - SAUCE: arm64: no osb() implementation yet - SAUCE: arm: no osb() implementation yet * CVE-2017-5715 (Spectre v2 retpoline) - x86/cpuid: Provide get_scattered_cpuid_leaf() - x86/cpu: Factor out application of forced CPU caps - x86/cpufeatures: Make CPU bugs sticky - x86/cpufeatures: Add X86_BUG_CPU_INSECURE - x86/cpu, x86/pti: Do not enable PTI on AMD processors - x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] - x86/cpu: Merge bugs.c and bugs_64.c - sysfs/cpu: Add vulnerability folder - x86/cpu: Implement CPU vulnerabilites sysfs functions - x86/alternatives: Add missing '\n' at end of ALTERNATIVE inline asm - x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier - x86/asm: Use register variable to get stack pointer value - x86/kbuild:
[ubuntu/xenial-security] linux-meta-hwe 4.13.0.36.55 (Accepted)
linux-meta-hwe (4.13.0.36.55) xenial; urgency=medium * Bump ABI 4.13.0-36 linux-meta-hwe (4.13.0.35.54) xenial; urgency=medium * Bump ABI 4.13.0-35 linux-meta-hwe (4.13.0.33.53) xenial; urgency=medium * Bump ABI 4.13.0-33 Date: 2018-02-16 23:22:51.703806+00:00 Changed-By: Kamal MostafaSigned-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/linux-meta-hwe/4.13.0.36.55 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] linux 4.4.0-116.140 (Accepted)
linux (4.4.0-116.140) xenial; urgency=medium * linux: 4.4.0-116.140 -proposed tracker (LP: #1748990) * BUG: unable to handle kernel NULL pointer dereference at 0009 (LP: #1748671) - SAUCE: net: ipv4: fix for a race condition in raw_sendmsg -- fix backport linux (4.4.0-115.139) xenial; urgency=medium * linux: 4.4.0-115.138 -proposed tracker (LP: #1748745) * CVE-2017-5715 (Spectre v2 Intel) - Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present" - SAUCE: turn off IBRS when full retpoline is present - [Packaging] retpoline files must be sorted - [Packaging] pull in retpoline files linux (4.4.0-114.137) xenial; urgency=medium * linux: 4.4.0-114.137 -proposed tracker (LP: #1748484) * ALSA backport missing NVIDIA GPU codec IDs to patch table to Ubuntu 16.04 LTS Kernel (LP: #1744117) - ALSA: hda - Add missing NVIDIA GPU codec IDs to patch table * Shutdown hang on 16.04 with iscsi targets (LP: #1569925) - scsi: libiscsi: Allow sd_shutdown on bad transport * libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (LP: #1743053) - libata: apply MAX_SEC_1024 to all LITEON EP1 series devices * KVM patches for s390x to provide facility bits 81 (ppa15) and 82 (bpb) (LP: #1747090) - KVM: s390: wire up bpb feature - KVM: s390: Enable all facility bits that are known good for passthrough * CVE-2017-5715 (Spectre v2 Intel) - SAUCE: drop lingering gmb() macro - x86/feature: Enable the x86 feature to control Speculation - x86/feature: Report presence of IBPB and IBRS control - x86/enter: MACROS to set/clear IBRS and set IBPB - x86/enter: Use IBRS on syscall and interrupts - x86/idle: Disable IBRS entering idle and enable it on wakeup - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup - x86/mm: Set IBPB upon context switch - x86/mm: Only set IBPB when the new thread cannot ptrace current thread - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm - x86/kvm: Set IBPB when switching VM - x86/kvm: Toggle IBRS on VM entry and exit - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control - x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR - x86/cpu/AMD: Add speculative control support for AMD - x86/microcode: Extend post microcode reload to support IBPB feature - KVM: SVM: Do not intercept new speculative control MSRs - x86/svm: Set IBRS value on VM entry and exit - x86/svm: Set IBPB when running a different VCPU - KVM: x86: Add speculative control CPUID support for guests - SAUCE: Fix spec_ctrl support in KVM - SAUCE: turn off IBPB when full retpoline is present linux (4.4.0-113.136) xenial; urgency=low * linux: 4.4.0-113.136 -proposed tracker (LP: #1746936) [ Stefan Bader ] * Missing install-time driver for QLogic QED 25/40/100Gb Ethernet NIC (LP: #1743638) - [d-i] Add qede to nic-modules udeb * CVE-2017-5753 (Spectre v1 Intel) - x86/cpu/AMD: Make the LFENCE instruction serialized - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature - SAUCE: reinstate MFENCE_RDTSC feature definition - locking/barriers: introduce new observable speculation barrier - bpf: prevent speculative execution in eBPF interpreter - x86, bpf, jit: prevent speculative execution when JIT is enabled - SAUCE: FIX: x86, bpf, jit: prevent speculative execution when JIT is enabled - carl9170: prevent speculative execution - qla2xxx: prevent speculative execution - Thermal/int340x: prevent speculative execution - ipv4: prevent speculative execution - ipv6: prevent speculative execution - fs: prevent speculative execution - net: mpls: prevent speculative execution - udf: prevent speculative execution - userns: prevent speculative execution - SAUCE: claim mitigation via observable speculation barrier - SAUCE: powerpc: add osb barrier - SAUCE: s390/spinlock: add osb memory barrier - SAUCE: arm64: no osb() implementation yet - SAUCE: arm: no osb() implementation yet * CVE-2017-5715 (Spectre v2 retpoline) - x86/cpuid: Provide get_scattered_cpuid_leaf() - x86/cpu: Factor out application of forced CPU caps - x86/cpufeatures: Make CPU bugs sticky - x86/cpufeatures: Add X86_BUG_CPU_INSECURE - x86/cpu, x86/pti: Do not enable PTI on AMD processors - x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] - x86/cpu: Merge bugs.c and bugs_64.c - sysfs/cpu: Add vulnerability folder - x86/cpu: Implement CPU vulnerabilites sysfs functions - x86/alternatives: Add missing '\n' at end of ALTERNATIVE inline asm - x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier - x86/asm: Use register variable to get stack pointer value - x86/kbuild:
[ubuntu/xenial-updates] linux-aws 4.4.0-1052.61 (Accepted)
linux-aws (4.4.0-1052.61) xenial; urgency=medium * linux-aws: 4.4.0-1052.61 -proposed tracker (LP: #1748489) [ Ubuntu: 4.4.0-116.140 ] * linux: 4.4.0-116.140 -proposed tracker (LP: #1748990) * BUG: unable to handle kernel NULL pointer dereference at 0009 (LP: #1748671) - SAUCE: net: ipv4: fix for a race condition in raw_sendmsg -- fix backport [ Ubuntu: 4.4.0-115.139 ] * linux: 4.4.0-115.138 -proposed tracker (LP: #1748745) * CVE-2017-5715 (Spectre v2 Intel) - Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present" - SAUCE: turn off IBRS when full retpoline is present - [Packaging] retpoline files must be sorted - [Packaging] pull in retpoline files [ Ubuntu: 4.4.0-114.137 ] * linux: 4.4.0-114.137 -proposed tracker (LP: #1748484) * ALSA backport missing NVIDIA GPU codec IDs to patch table to Ubuntu 16.04 LTS Kernel (LP: #1744117) - ALSA: hda - Add missing NVIDIA GPU codec IDs to patch table * Shutdown hang on 16.04 with iscsi targets (LP: #1569925) - scsi: libiscsi: Allow sd_shutdown on bad transport * libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (LP: #1743053) - libata: apply MAX_SEC_1024 to all LITEON EP1 series devices * KVM patches for s390x to provide facility bits 81 (ppa15) and 82 (bpb) (LP: #1747090) - KVM: s390: wire up bpb feature - KVM: s390: Enable all facility bits that are known good for passthrough * CVE-2017-5715 (Spectre v2 Intel) - SAUCE: drop lingering gmb() macro - x86/feature: Enable the x86 feature to control Speculation - x86/feature: Report presence of IBPB and IBRS control - x86/enter: MACROS to set/clear IBRS and set IBPB - x86/enter: Use IBRS on syscall and interrupts - x86/idle: Disable IBRS entering idle and enable it on wakeup - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup - x86/mm: Set IBPB upon context switch - x86/mm: Only set IBPB when the new thread cannot ptrace current thread - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm - x86/kvm: Set IBPB when switching VM - x86/kvm: Toggle IBRS on VM entry and exit - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control - x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR - x86/cpu/AMD: Add speculative control support for AMD - x86/microcode: Extend post microcode reload to support IBPB feature - KVM: SVM: Do not intercept new speculative control MSRs - x86/svm: Set IBRS value on VM entry and exit - x86/svm: Set IBPB when running a different VCPU - KVM: x86: Add speculative control CPUID support for guests - SAUCE: Fix spec_ctrl support in KVM - SAUCE: turn off IBPB when full retpoline is present linux-aws (4.4.0-1051.60) xenial; urgency=low * linux-aws: 4.4.0-1051.60 -proposed tracker (LP: #1746946) [ Ubuntu: 4.4.0-113.136 ] * linux: 4.4.0-113.136 -proposed tracker (LP: #1746936) * Missing install-time driver for QLogic QED 25/40/100Gb Ethernet NIC (LP: #1743638) - [d-i] Add qede to nic-modules udeb * CVE-2017-5753 (Spectre v1 Intel) - x86/cpu/AMD: Make the LFENCE instruction serialized - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature - SAUCE: reinstate MFENCE_RDTSC feature definition - locking/barriers: introduce new observable speculation barrier - bpf: prevent speculative execution in eBPF interpreter - x86, bpf, jit: prevent speculative execution when JIT is enabled - SAUCE: FIX: x86, bpf, jit: prevent speculative execution when JIT is enabled - carl9170: prevent speculative execution - qla2xxx: prevent speculative execution - Thermal/int340x: prevent speculative execution - ipv4: prevent speculative execution - ipv6: prevent speculative execution - fs: prevent speculative execution - net: mpls: prevent speculative execution - udf: prevent speculative execution - userns: prevent speculative execution - SAUCE: claim mitigation via observable speculation barrier - SAUCE: powerpc: add osb barrier - SAUCE: s390/spinlock: add osb memory barrier - SAUCE: arm64: no osb() implementation yet - SAUCE: arm: no osb() implementation yet * CVE-2017-5715 (Spectre v2 retpoline) - x86/cpuid: Provide get_scattered_cpuid_leaf() - x86/cpu: Factor out application of forced CPU caps - x86/cpufeatures: Make CPU bugs sticky - x86/cpufeatures: Add X86_BUG_CPU_INSECURE - x86/cpu, x86/pti: Do not enable PTI on AMD processors - x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] - x86/cpu: Merge bugs.c and bugs_64.c - sysfs/cpu: Add vulnerability folder - x86/cpu: Implement CPU vulnerabilites sysfs functions - x86/alternatives: Add missing '\n' at end of ALTERNATIVE inline asm - x86/mm/32:
[ubuntu/xenial-updates] linux-meta-azure 4.13.0.1011.12 (Accepted)
linux-meta-azure (4.13.0.1011.12) xenial; urgency=medium * Bump ABI 4.13.0-1011 linux-meta-azure (4.13.0.1010.11) xenial; urgency=medium * Bump ABI 4.13.0-1010 Date: 2018-02-15 16:12:59.584192+00:00 Changed-By: Marcelo CerriSigned-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/linux-meta-azure/4.13.0.1011.12 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] linux_4.4.0-116.140_amd64.tar.gz - (Accepted)
linux (4.4.0-116.140) xenial; urgency=medium * linux: 4.4.0-116.140 -proposed tracker (LP: #1748990) * BUG: unable to handle kernel NULL pointer dereference at 0009 (LP: #1748671) - SAUCE: net: ipv4: fix for a race condition in raw_sendmsg -- fix backport Date: Mon, 12 Feb 2018 20:17:57 + Changed-By: Khalid ElmouslyMaintainer: Launchpad Build Daemon Format: 1.8 Date: Mon, 12 Feb 2018 20:17:57 + Source: linux Binary: linux-source-4.4.0 linux-doc linux-headers-4.4.0-116 linux-libc-dev linux-tools-common linux-tools-4.4.0-116 linux-cloud-tools-common linux-cloud-tools-4.4.0-116 linux-image-4.4.0-116-generic linux-image-extra-4.4.0-116-generic linux-headers-4.4.0-116-generic linux-image-4.4.0-116-generic-dbgsym linux-tools-4.4.0-116-generic linux-cloud-tools-4.4.0-116-generic linux-udebs-generic linux-image-4.4.0-116-generic-lpae linux-image-extra-4.4.0-116-generic-lpae linux-headers-4.4.0-116-generic-lpae linux-image-4.4.0-116-generic-lpae-dbgsym linux-tools-4.4.0-116-generic-lpae linux-cloud-tools-4.4.0-116-generic-lpae linux-udebs-generic-lpae linux-image-4.4.0-116-lowlatency linux-image-extra-4.4.0-116-lowlatency linux-headers-4.4.0-116-lowlatency linux-image-4.4.0-116-lowlatency-dbgsym linux-tools-4.4.0-116-lowlatency linux-cloud-tools-4.4.0-116-lowlatency linux-udebs-lowlatency linux-image-4.4.0-116-powerpc-e500mc linux-image-extra-4.4.0-116-powerpc-e500mc linux-headers-4.4.0-116-powerpc-e500mc linux-image-4.4.0-116-powerpc-e500mc-dbgsym linux-tools-4.4.0-116-powerpc-e500mc linux-cloud-tools-4.4.0-116-powerpc-e500mc linux-udebs-powerpc-e500mc linux-image-4.4.0-116-powerpc-smp linux-image-extra-4.4.0-116-powerpc-smp linux-headers-4.4.0-116-powerpc-smp linux-image-4.4.0-116-powerpc-smp-dbgsym linux-tools-4.4.0-116-powerpc-smp linux-cloud-tools-4.4.0-116-powerpc-smp linux-udebs-powerpc-smp linux-image-4.4.0-116-powerpc64-emb linux-image-extra-4.4.0-116-powerpc64-emb linux-headers-4.4.0-116-powerpc64-emb linux-image-4.4.0-116-powerpc64-emb-dbgsym linux-tools-4.4.0-116-powerpc64-emb linux-cloud-tools-4.4.0-116-powerpc64-emb linux-udebs-powerpc64-emb linux-image-4.4.0-116-powerpc64-smp linux-image-extra-4.4.0-116-powerpc64-smp linux-headers-4.4.0-116-powerpc64-smp linux-image-4.4.0-116-powerpc64-smp-dbgsym linux-tools-4.4.0-116-powerpc64-smp linux-cloud-tools-4.4.0-116-powerpc64-smp linux-udebs-powerpc64-smp kernel-image-4.4.0-116-generic-di nic-modules-4.4.0-116-generic-di nic-shared-modules-4.4.0-116-generic-di serial-modules-4.4.0-116-generic-di ppp-modules-4.4.0-116-generic-di pata-modules-4.4.0-116-generic-di firewire-core-modules-4.4.0-116-generic-di scsi-modules-4.4.0-116-generic-di plip-modules-4.4.0-116-generic-di floppy-modules-4.4.0-116-generic-di fat-modules-4.4.0-116-generic-di nfs-modules-4.4.0-116-generic-di md-modules-4.4.0-116-generic-di multipath-modules-4.4.0-116-generic-di usb-modules-4.4.0-116-generic-di pcmcia-storage-modules-4.4.0-116-generic-di fb-modules-4.4.0-116-generic-di input-modules-4.4.0-116-generic-di mouse-modules-4.4.0-116-generic-di irda-modules-4.4.0-116-generic-di parport-modules-4.4.0-116-generic-di nic-pcmcia-modules-4.4.0-116-generic-di pcmcia-modules-4.4.0-116-generic-di nic-usb-modules-4.4.0-116-generic-di sata-modules-4.4.0-116-generic-di crypto-modules-4.4.0-116-generic-di speakup-modules-4.4.0-116-generic-di virtio-modules-4.4.0-116-generic-di fs-core-modules-4.4.0-116-generic-di fs-secondary-modules-4.4.0-116-generic-di storage-core-modules-4.4.0-116-generic-di block-modules-4.4.0-116-generic-di message-modules-4.4.0-116-generic-di vlan-modules-4.4.0-116-generic-di ipmi-modules-4.4.0-116-generic-di Architecture: amd64 all amd64_translations Version: 4.4.0-116.140 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Khalid Elmously Description: block-modules-4.4.0-116-generic-di - Block storage devices (udeb) crypto-modules-4.4.0-116-generic-di - crypto modules (udeb) fat-modules-4.4.0-116-generic-di - FAT filesystem support (udeb) fb-modules-4.4.0-116-generic-di - Framebuffer modules (udeb) firewire-core-modules-4.4.0-116-generic-di - Firewire (IEEE-1394) Support (udeb) floppy-modules-4.4.0-116-generic-di - Floppy driver support (udeb) fs-core-modules-4.4.0-116-generic-di - Base filesystem modules (udeb) fs-secondary-modules-4.4.0-116-generic-di - Extra filesystem modules (udeb) input-modules-4.4.0-116-generic-di - Support for various input methods (udeb) ipmi-modules-4.4.0-116-generic-di - ipmi modules (udeb) irda-modules-4.4.0-116-generic-di - Support for Infrared protocols (udeb) kernel-image-4.4.0-116-generic-di - Linux kernel binary image for the Debian installer (udeb) linux-cloud-tools-4.4.0-116 - Linux kernel version specific cloud tools for version 4.4.0-116 linux-cloud-tools-4.4.0-116-generic -
[ubuntu/xenial-security] linux-meta-hwe 4.13.0.36.55 (Accepted)
linux-meta-hwe (4.13.0.36.55) xenial; urgency=medium * Bump ABI 4.13.0-36 linux-meta-hwe (4.13.0.35.54) xenial; urgency=medium * Bump ABI 4.13.0-35 linux-meta-hwe (4.13.0.33.53) xenial; urgency=medium * Bump ABI 4.13.0-33 Date: 2018-02-16 23:22:51.703806+00:00 Changed-By: Kamal MostafaSigned-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/linux-meta-hwe/4.13.0.36.55 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] linux-hwe_4.13.0-36.40~16.04.1_amd64.tar.gz - (Accepted)
linux-hwe (4.13.0-36.40~16.04.1) xenial; urgency=medium * linux-hwe: 4.13.0-36.40~16.04.1 -proposed tracker (LP: #1750052) * linux: 4.13.0-36.40 -proposed tracker (LP: #1750010) * Rebuild without "CVE-2017-5754 ARM64 KPTI fixes" patch set Date: Fri, 16 Feb 2018 15:00:34 -0800 Changed-By: Kamal MostafaMaintainer: Launchpad Build Daemon Format: 1.8 Date: Fri, 16 Feb 2018 15:00:34 -0800 Source: linux-hwe Binary: linux-source-4.13.0 linux-headers-4.13.0-36 linux-hwe-tools-4.13.0-36 linux-hwe-cloud-tools-4.13.0-36 linux-image-4.13.0-36-generic linux-image-extra-4.13.0-36-generic linux-headers-4.13.0-36-generic linux-image-4.13.0-36-generic-dbgsym linux-tools-4.13.0-36-generic linux-cloud-tools-4.13.0-36-generic linux-hwe-udebs-generic linux-image-4.13.0-36-generic-lpae linux-image-extra-4.13.0-36-generic-lpae linux-headers-4.13.0-36-generic-lpae linux-image-4.13.0-36-generic-lpae-dbgsym linux-tools-4.13.0-36-generic-lpae linux-cloud-tools-4.13.0-36-generic-lpae linux-hwe-udebs-generic-lpae linux-image-4.13.0-36-lowlatency linux-image-extra-4.13.0-36-lowlatency linux-headers-4.13.0-36-lowlatency linux-image-4.13.0-36-lowlatency-dbgsym linux-tools-4.13.0-36-lowlatency linux-cloud-tools-4.13.0-36-lowlatency linux-hwe-udebs-lowlatency kernel-image-4.13.0-36-generic-di fat-modules-4.13.0-36-generic-di fb-modules-4.13.0-36-generic-di firewire-core-modules-4.13.0-36-generic-di floppy-modules-4.13.0-36-generic-di fs-core-modules-4.13.0-36-generic-di fs-secondary-modules-4.13.0-36-generic-di input-modules-4.13.0-36-generic-di irda-modules-4.13.0-36-generic-di md-modules-4.13.0-36-generic-di nic-modules-4.13.0-36-generic-di nic-pcmcia-modules-4.13.0-36-generic-di nic-usb-modules-4.13.0-36-generic-di nic-shared-modules-4.13.0-36-generic-di parport-modules-4.13.0-36-generic-di pata-modules-4.13.0-36-generic-di pcmcia-modules-4.13.0-36-generic-di pcmcia-storage-modules-4.13.0-36-generic-di plip-modules-4.13.0-36-generic-di ppp-modules-4.13.0-36-generic-di sata-modules-4.13.0-36-generic-di scsi-modules-4.13.0-36-generic-di serial-modules-4.13.0-36-generic-di storage-core-modules-4.13.0-36-generic-di usb-modules-4.13.0-36-generic-di nfs-modules-4.13.0-36-generic-di block-modules-4.13.0-36-generic-di message-modules-4.13.0-36-generic-di crypto-modules-4.13.0-36-generic-di virtio-modules-4.13.0-36-generic-di mouse-modules-4.13.0-36-generic-di vlan-modules-4.13.0-36-generic-di ipmi-modules-4.13.0-36-generic-di multipath-modules-4.13.0-36-generic-di Architecture: amd64 all amd64_translations Version: 4.13.0-36.40~16.04.1 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Kamal Mostafa Description: block-modules-4.13.0-36-generic-di - Block storage devices (udeb) crypto-modules-4.13.0-36-generic-di - crypto modules (udeb) fat-modules-4.13.0-36-generic-di - FAT filesystem support (udeb) fb-modules-4.13.0-36-generic-di - Framebuffer modules (udeb) firewire-core-modules-4.13.0-36-generic-di - Firewire (IEEE-1394) Support (udeb) floppy-modules-4.13.0-36-generic-di - Floppy driver support (udeb) fs-core-modules-4.13.0-36-generic-di - Base filesystem modules (udeb) fs-secondary-modules-4.13.0-36-generic-di - Extra filesystem modules (udeb) input-modules-4.13.0-36-generic-di - Support for various input methods (udeb) ipmi-modules-4.13.0-36-generic-di - ipmi modules (udeb) irda-modules-4.13.0-36-generic-di - Support for Infrared protocols (udeb) kernel-image-4.13.0-36-generic-di - kernel image and system map (udeb) linux-cloud-tools-4.13.0-36-generic - Linux kernel version specific cloud tools for version 4.13.0-36 linux-cloud-tools-4.13.0-36-generic-lpae - Linux kernel version specific cloud tools for version 4.13.0-36 linux-cloud-tools-4.13.0-36-lowlatency - Linux kernel version specific cloud tools for version 4.13.0-36 linux-headers-4.13.0-36 - Header files related to Linux kernel version 4.13.0 linux-headers-4.13.0-36-generic - Linux kernel headers for version 4.13.0 on 64 bit x86 SMP linux-headers-4.13.0-36-generic-lpae - Linux kernel headers for version 4.13.0 on 64 bit x86 SMP linux-headers-4.13.0-36-lowlatency - Linux kernel headers for version 4.13.0 on 64 bit x86 SMP linux-hwe-cloud-tools-4.13.0-36 - Linux kernel version specific cloud tools for version 4.13.0-36 linux-hwe-tools-4.13.0-36 - Linux kernel version specific tools for version 4.13.0-36 linux-hwe-udebs-generic - Metapackage depending on kernel udebs (udeb) linux-hwe-udebs-generic-lpae - Metapackage depending on kernel udebs (udeb) linux-hwe-udebs-lowlatency - Metapackage depending on kernel udebs (udeb) linux-image-4.13.0-36-generic - Linux kernel image for version 4.13.0 on 64 bit x86 SMP linux-image-4.13.0-36-generic-dbgsym - Linux kernel debug image for version 4.13.0 on 64 bit x86 SMP linux-image-4.13.0-36-generic-lpae - Linux kernel image for
[ubuntu/xenial-security] linux-meta-kvm 4.4.0.1019.18 (Accepted)
linux-meta-kvm (4.4.0.1019.18) xenial; urgency=medium * Bump ABI 4.4.0-1019 linux-meta-kvm (4.4.0.1018.17) xenial; urgency=medium * Bump ABI 4.4.0-1018 Date: 2018-02-13 13:13:12.836802+00:00 Changed-By: Stefan BaderSigned-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/linux-meta-kvm/4.4.0.1019.18 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] linux-meta-oem 4.13.0.1021.25 (Accepted)
linux-meta-oem (4.13.0.1021.25) xenial; urgency=medium * Bump ABI 4.13.0-1021 Date: 2018-02-12 15:22:12.773423+00:00 Changed-By: Timo AaltonenSigned-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/linux-meta-oem/4.13.0.1021.25 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] linux-aws 4.4.0-1052.61 (Accepted)
linux-aws (4.4.0-1052.61) xenial; urgency=medium * linux-aws: 4.4.0-1052.61 -proposed tracker (LP: #1748489) [ Ubuntu: 4.4.0-116.140 ] * linux: 4.4.0-116.140 -proposed tracker (LP: #1748990) * BUG: unable to handle kernel NULL pointer dereference at 0009 (LP: #1748671) - SAUCE: net: ipv4: fix for a race condition in raw_sendmsg -- fix backport [ Ubuntu: 4.4.0-115.139 ] * linux: 4.4.0-115.138 -proposed tracker (LP: #1748745) * CVE-2017-5715 (Spectre v2 Intel) - Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present" - SAUCE: turn off IBRS when full retpoline is present - [Packaging] retpoline files must be sorted - [Packaging] pull in retpoline files [ Ubuntu: 4.4.0-114.137 ] * linux: 4.4.0-114.137 -proposed tracker (LP: #1748484) * ALSA backport missing NVIDIA GPU codec IDs to patch table to Ubuntu 16.04 LTS Kernel (LP: #1744117) - ALSA: hda - Add missing NVIDIA GPU codec IDs to patch table * Shutdown hang on 16.04 with iscsi targets (LP: #1569925) - scsi: libiscsi: Allow sd_shutdown on bad transport * libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (LP: #1743053) - libata: apply MAX_SEC_1024 to all LITEON EP1 series devices * KVM patches for s390x to provide facility bits 81 (ppa15) and 82 (bpb) (LP: #1747090) - KVM: s390: wire up bpb feature - KVM: s390: Enable all facility bits that are known good for passthrough * CVE-2017-5715 (Spectre v2 Intel) - SAUCE: drop lingering gmb() macro - x86/feature: Enable the x86 feature to control Speculation - x86/feature: Report presence of IBPB and IBRS control - x86/enter: MACROS to set/clear IBRS and set IBPB - x86/enter: Use IBRS on syscall and interrupts - x86/idle: Disable IBRS entering idle and enable it on wakeup - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup - x86/mm: Set IBPB upon context switch - x86/mm: Only set IBPB when the new thread cannot ptrace current thread - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm - x86/kvm: Set IBPB when switching VM - x86/kvm: Toggle IBRS on VM entry and exit - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control - x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR - x86/cpu/AMD: Add speculative control support for AMD - x86/microcode: Extend post microcode reload to support IBPB feature - KVM: SVM: Do not intercept new speculative control MSRs - x86/svm: Set IBRS value on VM entry and exit - x86/svm: Set IBPB when running a different VCPU - KVM: x86: Add speculative control CPUID support for guests - SAUCE: Fix spec_ctrl support in KVM - SAUCE: turn off IBPB when full retpoline is present linux-aws (4.4.0-1051.60) xenial; urgency=low * linux-aws: 4.4.0-1051.60 -proposed tracker (LP: #1746946) [ Ubuntu: 4.4.0-113.136 ] * linux: 4.4.0-113.136 -proposed tracker (LP: #1746936) * Missing install-time driver for QLogic QED 25/40/100Gb Ethernet NIC (LP: #1743638) - [d-i] Add qede to nic-modules udeb * CVE-2017-5753 (Spectre v1 Intel) - x86/cpu/AMD: Make the LFENCE instruction serialized - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature - SAUCE: reinstate MFENCE_RDTSC feature definition - locking/barriers: introduce new observable speculation barrier - bpf: prevent speculative execution in eBPF interpreter - x86, bpf, jit: prevent speculative execution when JIT is enabled - SAUCE: FIX: x86, bpf, jit: prevent speculative execution when JIT is enabled - carl9170: prevent speculative execution - qla2xxx: prevent speculative execution - Thermal/int340x: prevent speculative execution - ipv4: prevent speculative execution - ipv6: prevent speculative execution - fs: prevent speculative execution - net: mpls: prevent speculative execution - udf: prevent speculative execution - userns: prevent speculative execution - SAUCE: claim mitigation via observable speculation barrier - SAUCE: powerpc: add osb barrier - SAUCE: s390/spinlock: add osb memory barrier - SAUCE: arm64: no osb() implementation yet - SAUCE: arm: no osb() implementation yet * CVE-2017-5715 (Spectre v2 retpoline) - x86/cpuid: Provide get_scattered_cpuid_leaf() - x86/cpu: Factor out application of forced CPU caps - x86/cpufeatures: Make CPU bugs sticky - x86/cpufeatures: Add X86_BUG_CPU_INSECURE - x86/cpu, x86/pti: Do not enable PTI on AMD processors - x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] - x86/cpu: Merge bugs.c and bugs_64.c - sysfs/cpu: Add vulnerability folder - x86/cpu: Implement CPU vulnerabilites sysfs functions - x86/alternatives: Add missing '\n' at end of ALTERNATIVE inline asm - x86/mm/32:
[ubuntu/xenial-updates] linux-raspi2 4.4.0-1085.93 (Accepted)
linux-raspi2 (4.4.0-1085.93) xenial; urgency=medium * linux-raspi2: 4.4.0-1085.93 -proposed tracker (LP: #1749094) [ Ubuntu: 4.4.0-116.140 ] * linux: 4.4.0-116.140 -proposed tracker (LP: #1748990) * BUG: unable to handle kernel NULL pointer dereference at 0009 (LP: #1748671) - SAUCE: net: ipv4: fix for a race condition in raw_sendmsg -- fix backport linux-raspi2 (4.4.0-1084.92) xenial; urgency=medium * linux-raspi2: 4.4.0-1084.92 -proposed tracker (LP: #1748493) [ Ubuntu: 4.4.0-115.139 ] * linux: 4.4.0-115.138 -proposed tracker (LP: #1748745) * CVE-2017-5715 (Spectre v2 Intel) - Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present" - SAUCE: turn off IBRS when full retpoline is present - [Packaging] retpoline files must be sorted - [Packaging] pull in retpoline files [ Ubuntu: 4.4.0-114.137 ] * linux: 4.4.0-114.137 -proposed tracker (LP: #1748484) * ALSA backport missing NVIDIA GPU codec IDs to patch table to Ubuntu 16.04 LTS Kernel (LP: #1744117) - ALSA: hda - Add missing NVIDIA GPU codec IDs to patch table * Shutdown hang on 16.04 with iscsi targets (LP: #1569925) - scsi: libiscsi: Allow sd_shutdown on bad transport * libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (LP: #1743053) - libata: apply MAX_SEC_1024 to all LITEON EP1 series devices * KVM patches for s390x to provide facility bits 81 (ppa15) and 82 (bpb) (LP: #1747090) - KVM: s390: wire up bpb feature - KVM: s390: Enable all facility bits that are known good for passthrough * CVE-2017-5715 (Spectre v2 Intel) - SAUCE: drop lingering gmb() macro - x86/feature: Enable the x86 feature to control Speculation - x86/feature: Report presence of IBPB and IBRS control - x86/enter: MACROS to set/clear IBRS and set IBPB - x86/enter: Use IBRS on syscall and interrupts - x86/idle: Disable IBRS entering idle and enable it on wakeup - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup - x86/mm: Set IBPB upon context switch - x86/mm: Only set IBPB when the new thread cannot ptrace current thread - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm - x86/kvm: Set IBPB when switching VM - x86/kvm: Toggle IBRS on VM entry and exit - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control - x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR - x86/cpu/AMD: Add speculative control support for AMD - x86/microcode: Extend post microcode reload to support IBPB feature - KVM: SVM: Do not intercept new speculative control MSRs - x86/svm: Set IBRS value on VM entry and exit - x86/svm: Set IBPB when running a different VCPU - KVM: x86: Add speculative control CPUID support for guests - SAUCE: Fix spec_ctrl support in KVM - SAUCE: turn off IBPB when full retpoline is present linux-raspi2 (4.4.0-1083.91) xenial; urgency=low * linux-raspi2: 4.4.0-1083.91 -proposed tracker (LP: #1746941) [ Ubuntu: 4.4.0-113.136 ] * linux: 4.4.0-113.136 -proposed tracker (LP: #1746936) * Missing install-time driver for QLogic QED 25/40/100Gb Ethernet NIC (LP: #1743638) - [d-i] Add qede to nic-modules udeb * CVE-2017-5753 (Spectre v1 Intel) - x86/cpu/AMD: Make the LFENCE instruction serialized - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature - SAUCE: reinstate MFENCE_RDTSC feature definition - locking/barriers: introduce new observable speculation barrier - bpf: prevent speculative execution in eBPF interpreter - x86, bpf, jit: prevent speculative execution when JIT is enabled - SAUCE: FIX: x86, bpf, jit: prevent speculative execution when JIT is enabled - carl9170: prevent speculative execution - qla2xxx: prevent speculative execution - Thermal/int340x: prevent speculative execution - ipv4: prevent speculative execution - ipv6: prevent speculative execution - fs: prevent speculative execution - net: mpls: prevent speculative execution - udf: prevent speculative execution - userns: prevent speculative execution - SAUCE: claim mitigation via observable speculation barrier - SAUCE: powerpc: add osb barrier - SAUCE: s390/spinlock: add osb memory barrier - SAUCE: arm64: no osb() implementation yet - SAUCE: arm: no osb() implementation yet * CVE-2017-5715 (Spectre v2 retpoline) - x86/cpuid: Provide get_scattered_cpuid_leaf() - x86/cpu: Factor out application of forced CPU caps - x86/cpufeatures: Make CPU bugs sticky - x86/cpufeatures: Add X86_BUG_CPU_INSECURE - x86/cpu, x86/pti: Do not enable PTI on AMD processors - x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] - x86/cpu: Merge bugs.c and bugs_64.c - sysfs/cpu: Add vulnerability folder - x86/cpu:
[ubuntu/xenial-updates] linux-snapdragon 4.4.0-1087.92 (Accepted)
linux-snapdragon (4.4.0-1087.92) xenial; urgency=medium * linux-snapdragon: 4.4.0-1087.92 -proposed tracker (LP: #1749096) [ Ubuntu: 4.4.0-116.140 ] * linux: 4.4.0-116.140 -proposed tracker (LP: #1748990) * BUG: unable to handle kernel NULL pointer dereference at 0009 (LP: #1748671) - SAUCE: net: ipv4: fix for a race condition in raw_sendmsg -- fix backport linux-snapdragon (4.4.0-1086.91) xenial; urgency=medium * linux-snapdragon: 4.4.0-1086.91 -proposed tracker (LP: #1748494) [ Ubuntu: 4.4.0-115.139 ] * linux: 4.4.0-115.138 -proposed tracker (LP: #1748745) * CVE-2017-5715 (Spectre v2 Intel) - Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present" - SAUCE: turn off IBRS when full retpoline is present - [Packaging] retpoline files must be sorted - [Packaging] pull in retpoline files [ Ubuntu: 4.4.0-114.137 ] * linux: 4.4.0-114.137 -proposed tracker (LP: #1748484) * ALSA backport missing NVIDIA GPU codec IDs to patch table to Ubuntu 16.04 LTS Kernel (LP: #1744117) - ALSA: hda - Add missing NVIDIA GPU codec IDs to patch table * Shutdown hang on 16.04 with iscsi targets (LP: #1569925) - scsi: libiscsi: Allow sd_shutdown on bad transport * libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (LP: #1743053) - libata: apply MAX_SEC_1024 to all LITEON EP1 series devices * KVM patches for s390x to provide facility bits 81 (ppa15) and 82 (bpb) (LP: #1747090) - KVM: s390: wire up bpb feature - KVM: s390: Enable all facility bits that are known good for passthrough * CVE-2017-5715 (Spectre v2 Intel) - SAUCE: drop lingering gmb() macro - x86/feature: Enable the x86 feature to control Speculation - x86/feature: Report presence of IBPB and IBRS control - x86/enter: MACROS to set/clear IBRS and set IBPB - x86/enter: Use IBRS on syscall and interrupts - x86/idle: Disable IBRS entering idle and enable it on wakeup - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup - x86/mm: Set IBPB upon context switch - x86/mm: Only set IBPB when the new thread cannot ptrace current thread - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm - x86/kvm: Set IBPB when switching VM - x86/kvm: Toggle IBRS on VM entry and exit - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control - x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR - x86/cpu/AMD: Add speculative control support for AMD - x86/microcode: Extend post microcode reload to support IBPB feature - KVM: SVM: Do not intercept new speculative control MSRs - x86/svm: Set IBRS value on VM entry and exit - x86/svm: Set IBPB when running a different VCPU - KVM: x86: Add speculative control CPUID support for guests - SAUCE: Fix spec_ctrl support in KVM - SAUCE: turn off IBPB when full retpoline is present linux-snapdragon (4.4.0-1085.90) xenial; urgency=low * linux-snapdragon: 4.4.0-1085.90 -proposed tracker (LP: #1746942) [ Ubuntu: 4.4.0-113.136 ] * linux: 4.4.0-113.136 -proposed tracker (LP: #1746936) * Missing install-time driver for QLogic QED 25/40/100Gb Ethernet NIC (LP: #1743638) - [d-i] Add qede to nic-modules udeb * CVE-2017-5753 (Spectre v1 Intel) - x86/cpu/AMD: Make the LFENCE instruction serialized - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature - SAUCE: reinstate MFENCE_RDTSC feature definition - locking/barriers: introduce new observable speculation barrier - bpf: prevent speculative execution in eBPF interpreter - x86, bpf, jit: prevent speculative execution when JIT is enabled - SAUCE: FIX: x86, bpf, jit: prevent speculative execution when JIT is enabled - carl9170: prevent speculative execution - qla2xxx: prevent speculative execution - Thermal/int340x: prevent speculative execution - ipv4: prevent speculative execution - ipv6: prevent speculative execution - fs: prevent speculative execution - net: mpls: prevent speculative execution - udf: prevent speculative execution - userns: prevent speculative execution - SAUCE: claim mitigation via observable speculation barrier - SAUCE: powerpc: add osb barrier - SAUCE: s390/spinlock: add osb memory barrier - SAUCE: arm64: no osb() implementation yet - SAUCE: arm: no osb() implementation yet * CVE-2017-5715 (Spectre v2 retpoline) - x86/cpuid: Provide get_scattered_cpuid_leaf() - x86/cpu: Factor out application of forced CPU caps - x86/cpufeatures: Make CPU bugs sticky - x86/cpufeatures: Add X86_BUG_CPU_INSECURE - x86/cpu, x86/pti: Do not enable PTI on AMD processors - x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] - x86/cpu: Merge bugs.c and bugs_64.c - sysfs/cpu: Add vulnerability
[ubuntu/xenial-security] linux-snapdragon 4.4.0-1087.92 (Accepted)
linux-snapdragon (4.4.0-1087.92) xenial; urgency=medium * linux-snapdragon: 4.4.0-1087.92 -proposed tracker (LP: #1749096) [ Ubuntu: 4.4.0-116.140 ] * linux: 4.4.0-116.140 -proposed tracker (LP: #1748990) * BUG: unable to handle kernel NULL pointer dereference at 0009 (LP: #1748671) - SAUCE: net: ipv4: fix for a race condition in raw_sendmsg -- fix backport linux-snapdragon (4.4.0-1086.91) xenial; urgency=medium * linux-snapdragon: 4.4.0-1086.91 -proposed tracker (LP: #1748494) [ Ubuntu: 4.4.0-115.139 ] * linux: 4.4.0-115.138 -proposed tracker (LP: #1748745) * CVE-2017-5715 (Spectre v2 Intel) - Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present" - SAUCE: turn off IBRS when full retpoline is present - [Packaging] retpoline files must be sorted - [Packaging] pull in retpoline files [ Ubuntu: 4.4.0-114.137 ] * linux: 4.4.0-114.137 -proposed tracker (LP: #1748484) * ALSA backport missing NVIDIA GPU codec IDs to patch table to Ubuntu 16.04 LTS Kernel (LP: #1744117) - ALSA: hda - Add missing NVIDIA GPU codec IDs to patch table * Shutdown hang on 16.04 with iscsi targets (LP: #1569925) - scsi: libiscsi: Allow sd_shutdown on bad transport * libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (LP: #1743053) - libata: apply MAX_SEC_1024 to all LITEON EP1 series devices * KVM patches for s390x to provide facility bits 81 (ppa15) and 82 (bpb) (LP: #1747090) - KVM: s390: wire up bpb feature - KVM: s390: Enable all facility bits that are known good for passthrough * CVE-2017-5715 (Spectre v2 Intel) - SAUCE: drop lingering gmb() macro - x86/feature: Enable the x86 feature to control Speculation - x86/feature: Report presence of IBPB and IBRS control - x86/enter: MACROS to set/clear IBRS and set IBPB - x86/enter: Use IBRS on syscall and interrupts - x86/idle: Disable IBRS entering idle and enable it on wakeup - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup - x86/mm: Set IBPB upon context switch - x86/mm: Only set IBPB when the new thread cannot ptrace current thread - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm - x86/kvm: Set IBPB when switching VM - x86/kvm: Toggle IBRS on VM entry and exit - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control - x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR - x86/cpu/AMD: Add speculative control support for AMD - x86/microcode: Extend post microcode reload to support IBPB feature - KVM: SVM: Do not intercept new speculative control MSRs - x86/svm: Set IBRS value on VM entry and exit - x86/svm: Set IBPB when running a different VCPU - KVM: x86: Add speculative control CPUID support for guests - SAUCE: Fix spec_ctrl support in KVM - SAUCE: turn off IBPB when full retpoline is present linux-snapdragon (4.4.0-1085.90) xenial; urgency=low * linux-snapdragon: 4.4.0-1085.90 -proposed tracker (LP: #1746942) [ Ubuntu: 4.4.0-113.136 ] * linux: 4.4.0-113.136 -proposed tracker (LP: #1746936) * Missing install-time driver for QLogic QED 25/40/100Gb Ethernet NIC (LP: #1743638) - [d-i] Add qede to nic-modules udeb * CVE-2017-5753 (Spectre v1 Intel) - x86/cpu/AMD: Make the LFENCE instruction serialized - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature - SAUCE: reinstate MFENCE_RDTSC feature definition - locking/barriers: introduce new observable speculation barrier - bpf: prevent speculative execution in eBPF interpreter - x86, bpf, jit: prevent speculative execution when JIT is enabled - SAUCE: FIX: x86, bpf, jit: prevent speculative execution when JIT is enabled - carl9170: prevent speculative execution - qla2xxx: prevent speculative execution - Thermal/int340x: prevent speculative execution - ipv4: prevent speculative execution - ipv6: prevent speculative execution - fs: prevent speculative execution - net: mpls: prevent speculative execution - udf: prevent speculative execution - userns: prevent speculative execution - SAUCE: claim mitigation via observable speculation barrier - SAUCE: powerpc: add osb barrier - SAUCE: s390/spinlock: add osb memory barrier - SAUCE: arm64: no osb() implementation yet - SAUCE: arm: no osb() implementation yet * CVE-2017-5715 (Spectre v2 retpoline) - x86/cpuid: Provide get_scattered_cpuid_leaf() - x86/cpu: Factor out application of forced CPU caps - x86/cpufeatures: Make CPU bugs sticky - x86/cpufeatures: Add X86_BUG_CPU_INSECURE - x86/cpu, x86/pti: Do not enable PTI on AMD processors - x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] - x86/cpu: Merge bugs.c and bugs_64.c - sysfs/cpu: Add vulnerability
[ubuntu/xenial-updates] linux-meta-aws 4.4.0.1052.54 (Accepted)
linux-meta-aws (4.4.0.1052.54) xenial; urgency=medium * Bump ABI 4.4.0-1052 linux-meta-aws (4.4.0.1051.53) xenial; urgency=medium * Bump ABI 4.4.0-1051 Date: 2018-02-12 22:59:07.790994+00:00 Changed-By: Kamal MostafaSigned-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/linux-meta-aws/4.4.0.1052.54 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] linux-gcp 4.13.0-1011.15 (Accepted)
linux-gcp (4.13.0-1011.15) xenial; urgency=medium * linux-gcp: 4.13.0-1011.15 -proposed tracker (LP: #1748478) [ Ubuntu: 4.13.0-35.39 ] * linux: 4.13.0-35.39 -proposed tracker (LP: #1748743) * CVE-2017-5715 (Spectre v2 Intel) - Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present" - SAUCE: turn off IBRS when full retpoline is present - [Packaging] retpoline files must be sorted - [Packaging] pull in retpoline files [ Ubuntu: 4.13.0-34.37 ] * linux: 4.13.0-34.37 -proposed tracker (LP: #1748475) * libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (LP: #1743053) - libata: apply MAX_SEC_1024 to all LITEON EP1 series devices * KVM patches for s390x to provide facility bits 81 (ppa15) and 82 (bpb) (LP: #1747090) - KVM: s390: wire up bpb feature * artful 4.13 i386 kernels crash after memory hotplug remove (LP: #1747069) - Revert "mm, memory_hotplug: do not associate hotadded memory to zones until online" * CVE-2017-5715 (Spectre v2 Intel) - x86/feature: Enable the x86 feature to control Speculation - x86/feature: Report presence of IBPB and IBRS control - x86/enter: MACROS to set/clear IBRS and set IBPB - x86/enter: Use IBRS on syscall and interrupts - x86/idle: Disable IBRS entering idle and enable it on wakeup - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup - x86/mm: Set IBPB upon context switch - x86/mm: Only set IBPB when the new thread cannot ptrace current thread - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm - x86/kvm: Set IBPB when switching VM - x86/kvm: Toggle IBRS on VM entry and exit - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control - x86/cpu/AMD: Add speculative control support for AMD - x86/microcode: Extend post microcode reload to support IBPB feature - KVM: SVM: Do not intercept new speculative control MSRs - x86/svm: Set IBRS value on VM entry and exit - x86/svm: Set IBPB when running a different VCPU - KVM: x86: Add speculative control CPUID support for guests - SAUCE: turn off IBPB when full retpoline is present * Artful 4.13 fixes for tun (LP: #1748846) - tun: call dev_get_valid_name() before register_netdevice() - tun: allow positive return values on dev_get_valid_name() call - tun/tap: sanitize TUNSETSNDBUF input * boot failure on AMD Raven + WestonXT (LP: #1742759) - SAUCE: drm/amdgpu: add atpx quirk handling (v2) linux-gcp (4.13.0-1010.14) xenial; urgency=medium * linux-gcp: 4.13.0-1010.14 -proposed tracker (LP: #1746905) * CVE-2017-5715 (Spectre v2 retpoline) - [Config] enable CONFIG_RETPOLINE for gcp kernel [ Ubuntu: 4.13.0-33.36 ] * linux: 4.13.0-33.36 -proposed tracker (LP: #1746903) * starting VMs causing retpoline4 to reboot (LP: #1747507) // CVE-2017-5715 (Spectre v2 retpoline) - x86/retpoline: Fill RSB on context switch for affected CPUs - x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros - x86/retpoline: Optimize inline assembler for vmexit_fill_RSB - x86/retpoline: Remove the esp/rsp thunk - x86/retpoline: Simplify vmexit_fill_RSB() * Missing install-time driver for QLogic QED 25/40/100Gb Ethernet NIC (LP: #1743638) - [d-i] Add qede to nic-modules udeb * hisi_sas: driver robustness fixes (LP: #1739807) - scsi: hisi_sas: fix reset and port ID refresh issues - scsi: hisi_sas: avoid potential v2 hw interrupt issue - scsi: hisi_sas: fix v2 hw underflow residual value - scsi: hisi_sas: add v2 hw DFX feature - scsi: hisi_sas: add irq and tasklet cleanup in v2 hw - scsi: hisi_sas: service interrupt ITCT_CLR interrupt in v2 hw - scsi: hisi_sas: fix internal abort slot timeout bug - scsi: hisi_sas: us start_phy in PHY_FUNC_LINK_RESET - scsi: hisi_sas: fix NULL check in SMP abort task path - scsi: hisi_sas: fix the risk of freeing slot twice - scsi: hisi_sas: kill tasklet when destroying irq in v3 hw - scsi: hisi_sas: complete all tasklets prior to host reset * [Artful/Zesty] ACPI APEI error handling bug fixes (LP: #1732990) - ACPI: APEI: fix the wrong iteration of generic error status block - ACPI / APEI: clear error status before acknowledging the error * [Zesty/Artful] On ARM64 PCIE physical function passthrough guest fails to boot (LP: #1732804) - vfio/pci: Virtualize Maximum Payload Size - vfio/pci: Virtualize Maximum Read Request Size * hisi_sas: Add ATA command support for SMR disks (LP: #1739891) - scsi: hisi_sas: support zone management commands * thunderx2: i2c driver PEC and ACPI clock fixes (LP: #1738073) - ACPI / APD: Add clock frequency for ThunderX2 I2C controller - i2c: xlp9xx: Get clock frequency with clk API - i2c: xlp9xx: Handle
[ubuntu/xenial-security] linux-meta-snapdragon 4.4.0.1087.79 (Accepted)
linux-meta-snapdragon (4.4.0.1087.79) xenial; urgency=medium * Bump ABI 4.4.0-1087 linux-meta-snapdragon (4.4.0.1086.78) xenial; urgency=medium * Bump ABI 4.4.0-1086 linux-meta-snapdragon (4.4.0.1085.77) xenial; urgency=medium * Bump ABI 4.4.0-1085 Date: 2018-02-13 10:18:12.400392+00:00 Changed-By: Stefan BaderSigned-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/linux-meta-snapdragon/4.4.0.1087.79 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] linux-azure 4.13.0-1011.14 (Accepted)
linux-azure (4.13.0-1011.14) xenial; urgency=medium * linux-azure: 4.13.0-1011.14 -proposed tracker (LP: #1748476) * [Hyper-V] Fixes for Network Direct InfiniBand/RDMA driver (LP: #1749332) - SAUCE: vmbus-rdma: ND142: don't wait forever for disconnection from remote connector - SAUCE: vmbus-rdma: ND142: remove idr handle before calling ND on freeing CQ and QP - SAUCE: vmbus-rdma: ND142: do not crash on idr allocation failure - warn instead - SAUCE: vmbus-rdma: ND144: don't wait forever for disconnection from remote connector - SAUCE: vmbus-rdma: ND144: remove idr handle before calling ND on freeing CQ and QP - SAUCE: vmbus-rdma: ND144: do not crash on idr allocation failure - warn instead * [Hyper-V] vsock: always call vsock_init_tables() (LP: #1747970) - vsock: always call vsock_init_tables() * Update the source code location in the debian package for cloud kernels (LP: #1747890) - [Debian] Update git repository URI [ Ubuntu: 4.13.0-35.39 ] * linux: 4.13.0-35.39 -proposed tracker (LP: #1748743) * CVE-2017-5715 (Spectre v2 Intel) - Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present" - SAUCE: turn off IBRS when full retpoline is present - [Packaging] retpoline files must be sorted - [Packaging] pull in retpoline files [ Ubuntu: 4.13.0-34.37 ] * linux: 4.13.0-34.37 -proposed tracker (LP: #1748475) * libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (LP: #1743053) - libata: apply MAX_SEC_1024 to all LITEON EP1 series devices * KVM patches for s390x to provide facility bits 81 (ppa15) and 82 (bpb) (LP: #1747090) - KVM: s390: wire up bpb feature * artful 4.13 i386 kernels crash after memory hotplug remove (LP: #1747069) - Revert "mm, memory_hotplug: do not associate hotadded memory to zones until online" * CVE-2017-5715 (Spectre v2 Intel) - x86/feature: Enable the x86 feature to control Speculation - x86/feature: Report presence of IBPB and IBRS control - x86/enter: MACROS to set/clear IBRS and set IBPB - x86/enter: Use IBRS on syscall and interrupts - x86/idle: Disable IBRS entering idle and enable it on wakeup - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup - x86/mm: Set IBPB upon context switch - x86/mm: Only set IBPB when the new thread cannot ptrace current thread - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm - x86/kvm: Set IBPB when switching VM - x86/kvm: Toggle IBRS on VM entry and exit - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control - x86/cpu/AMD: Add speculative control support for AMD - x86/microcode: Extend post microcode reload to support IBPB feature - KVM: SVM: Do not intercept new speculative control MSRs - x86/svm: Set IBRS value on VM entry and exit - x86/svm: Set IBPB when running a different VCPU - KVM: x86: Add speculative control CPUID support for guests - SAUCE: turn off IBPB when full retpoline is present * Artful 4.13 fixes for tun (LP: #1748846) - tun: call dev_get_valid_name() before register_netdevice() - tun: allow positive return values on dev_get_valid_name() call - tun/tap: sanitize TUNSETSNDBUF input * boot failure on AMD Raven + WestonXT (LP: #1742759) - SAUCE: drm/amdgpu: add atpx quirk handling (v2) linux-azure (4.13.0-1010.13) xenial; urgency=low * linux-azure: 4.13.0-1010.13 -proposed tracker (LP: #1746907) * CVE-2017-5715 (Spectre v2 retpoline) - x86/retpoline/hyperv: Convert assembler indirect jumps - [Config] azure: enable CONFIG_GENERIC_CPU_VULNERABILITIES - [Config] azure: enable CONFIG_RETPOLINE - [Config] azure: disable retpoline checks for first upload * Update the source code location in the debian package for cloud kernels (LP: #1747890) - [Debian] Update git repository URI * [Hyper-V] linux-azure: PCI: hv: Do not sleep in compose_msi_msg() (LP: #1747543) - PCI: hv: Do not sleep in compose_msi_msg() [ Ubuntu: 4.13.0-33.36 ] * linux: 4.13.0-33.36 -proposed tracker (LP: #1746903) * starting VMs causing retpoline4 to reboot (LP: #1747507) // CVE-2017-5715 (Spectre v2 retpoline) - x86/retpoline: Fill RSB on context switch for affected CPUs - x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros - x86/retpoline: Optimize inline assembler for vmexit_fill_RSB - x86/retpoline: Remove the esp/rsp thunk - x86/retpoline: Simplify vmexit_fill_RSB() * Missing install-time driver for QLogic QED 25/40/100Gb Ethernet NIC (LP: #1743638) - [d-i] Add qede to nic-modules udeb * hisi_sas: driver robustness fixes (LP: #1739807) - scsi: hisi_sas: fix reset and port ID refresh issues - scsi: hisi_sas: avoid
[ubuntu/xenial-updates] linux-gcp 4.13.0-1011.15 (Accepted)
linux-gcp (4.13.0-1011.15) xenial; urgency=medium * linux-gcp: 4.13.0-1011.15 -proposed tracker (LP: #1748478) [ Ubuntu: 4.13.0-35.39 ] * linux: 4.13.0-35.39 -proposed tracker (LP: #1748743) * CVE-2017-5715 (Spectre v2 Intel) - Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present" - SAUCE: turn off IBRS when full retpoline is present - [Packaging] retpoline files must be sorted - [Packaging] pull in retpoline files [ Ubuntu: 4.13.0-34.37 ] * linux: 4.13.0-34.37 -proposed tracker (LP: #1748475) * libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (LP: #1743053) - libata: apply MAX_SEC_1024 to all LITEON EP1 series devices * KVM patches for s390x to provide facility bits 81 (ppa15) and 82 (bpb) (LP: #1747090) - KVM: s390: wire up bpb feature * artful 4.13 i386 kernels crash after memory hotplug remove (LP: #1747069) - Revert "mm, memory_hotplug: do not associate hotadded memory to zones until online" * CVE-2017-5715 (Spectre v2 Intel) - x86/feature: Enable the x86 feature to control Speculation - x86/feature: Report presence of IBPB and IBRS control - x86/enter: MACROS to set/clear IBRS and set IBPB - x86/enter: Use IBRS on syscall and interrupts - x86/idle: Disable IBRS entering idle and enable it on wakeup - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup - x86/mm: Set IBPB upon context switch - x86/mm: Only set IBPB when the new thread cannot ptrace current thread - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm - x86/kvm: Set IBPB when switching VM - x86/kvm: Toggle IBRS on VM entry and exit - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control - x86/cpu/AMD: Add speculative control support for AMD - x86/microcode: Extend post microcode reload to support IBPB feature - KVM: SVM: Do not intercept new speculative control MSRs - x86/svm: Set IBRS value on VM entry and exit - x86/svm: Set IBPB when running a different VCPU - KVM: x86: Add speculative control CPUID support for guests - SAUCE: turn off IBPB when full retpoline is present * Artful 4.13 fixes for tun (LP: #1748846) - tun: call dev_get_valid_name() before register_netdevice() - tun: allow positive return values on dev_get_valid_name() call - tun/tap: sanitize TUNSETSNDBUF input * boot failure on AMD Raven + WestonXT (LP: #1742759) - SAUCE: drm/amdgpu: add atpx quirk handling (v2) linux-gcp (4.13.0-1010.14) xenial; urgency=medium * linux-gcp: 4.13.0-1010.14 -proposed tracker (LP: #1746905) * CVE-2017-5715 (Spectre v2 retpoline) - [Config] enable CONFIG_RETPOLINE for gcp kernel [ Ubuntu: 4.13.0-33.36 ] * linux: 4.13.0-33.36 -proposed tracker (LP: #1746903) * starting VMs causing retpoline4 to reboot (LP: #1747507) // CVE-2017-5715 (Spectre v2 retpoline) - x86/retpoline: Fill RSB on context switch for affected CPUs - x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros - x86/retpoline: Optimize inline assembler for vmexit_fill_RSB - x86/retpoline: Remove the esp/rsp thunk - x86/retpoline: Simplify vmexit_fill_RSB() * Missing install-time driver for QLogic QED 25/40/100Gb Ethernet NIC (LP: #1743638) - [d-i] Add qede to nic-modules udeb * hisi_sas: driver robustness fixes (LP: #1739807) - scsi: hisi_sas: fix reset and port ID refresh issues - scsi: hisi_sas: avoid potential v2 hw interrupt issue - scsi: hisi_sas: fix v2 hw underflow residual value - scsi: hisi_sas: add v2 hw DFX feature - scsi: hisi_sas: add irq and tasklet cleanup in v2 hw - scsi: hisi_sas: service interrupt ITCT_CLR interrupt in v2 hw - scsi: hisi_sas: fix internal abort slot timeout bug - scsi: hisi_sas: us start_phy in PHY_FUNC_LINK_RESET - scsi: hisi_sas: fix NULL check in SMP abort task path - scsi: hisi_sas: fix the risk of freeing slot twice - scsi: hisi_sas: kill tasklet when destroying irq in v3 hw - scsi: hisi_sas: complete all tasklets prior to host reset * [Artful/Zesty] ACPI APEI error handling bug fixes (LP: #1732990) - ACPI: APEI: fix the wrong iteration of generic error status block - ACPI / APEI: clear error status before acknowledging the error * [Zesty/Artful] On ARM64 PCIE physical function passthrough guest fails to boot (LP: #1732804) - vfio/pci: Virtualize Maximum Payload Size - vfio/pci: Virtualize Maximum Read Request Size * hisi_sas: Add ATA command support for SMR disks (LP: #1739891) - scsi: hisi_sas: support zone management commands * thunderx2: i2c driver PEC and ACPI clock fixes (LP: #1738073) - ACPI / APD: Add clock frequency for ThunderX2 I2C controller - i2c: xlp9xx: Get clock frequency with clk API - i2c: xlp9xx: Handle
[ubuntu/xenial-updates] linux-oem_4.13.0-1021.23_amd64.tar.gz - (Accepted)
linux-oem (4.13.0-1021.23) xenial; urgency=low * linux-oem: 4.13.0-1021.23 -proposed tracker (LP: #1748481) * Intel 9462 A370:42A4 doesn't work (LP: #1748853) - SAUCE: iwlwifi: Adding missing id A370:42A4 * headset mic can't be detected on two Dell machines (LP: #1748807) - ALSA: hda/realtek - Support headset mode for ALC215/ALC285/ALC289 - ALSA: hda - Fix headset mic detection problem for two Dell machines * [linux-oem] Use I2C transport for touchpad on Precision M5530 (LP: #1746661) - SAUCE: ACPI: Parse entire table as a term_list for Dell XPS 9570 and Precision M5530 * QCA9377 requires more IRAM banks for its new firmware (LP: #1748345) - SAUCE: ath10k: change QCA9377 IRAM back to 9 * TrackPoint: middle button doesn't work on TrackPoint-compatible device. (LP: #1746002) - Input: trackpoint - force 3 buttons if 0 button is reported * [linux-oem] Fix out of bound VBT pin on CNP (LP: #1746411) - drm/i914/bios: amend child device config parameters - drm/i915/bios: document BDB versions of child device config fields - drm/i915/bios: remove the raw version of child device config - drm/i915/bios: add legacy contents to common child device config - drm/i915/bios: throw away high level child device union - drm/i915/bios: throw away struct old_child_dev_config - drm/i915/bios: document child device config dvo_port values a bit better - drm/i915/bios: group device type definitions together - drm/i915/bios: throw away unused DVO_* macros - drm/i915/bios: drop the rest of the p_ prefixes from pointers - drm/i915/cnl: Don't trust VBT's alternate pin for port D for now. - drm/i915/cnl: Map VBT DDC Pin to BSpec DDC Pin. - drm/i915/bios: split up iboost to hdmi and dp bitfields - drm/i915/bios: add DP max link rate to VBT child device struct - drm/i915/cnp: Ignore VBT request for know invalid DDC pin. - drm/i915/cnp: Properly handle VBT ddc pin out of bounds. * Miscellaneous upstream changes - Rebase to 4.13.0-35.39 - [Config] update configs following rebase to 4.13.0-35.39 - [oem config] Keep ignoring retpoline [ Ubuntu: 4.13.0-35.39 ] * linux: 4.13.0-35.39 -proposed tracker (LP: #1748743) * CVE-2017-5715 (Spectre v2 Intel) - Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present" - SAUCE: turn off IBRS when full retpoline is present - [Packaging] retpoline files must be sorted - [Packaging] pull in retpoline files [ Ubuntu: 4.13.0-34.37 ] * linux: 4.13.0-34.37 -proposed tracker (LP: #1748475) * libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (LP: #1743053) - libata: apply MAX_SEC_1024 to all LITEON EP1 series devices * KVM patches for s390x to provide facility bits 81 (ppa15) and 82 (bpb) (LP: #1747090) - KVM: s390: wire up bpb feature * artful 4.13 i386 kernels crash after memory hotplug remove (LP: #1747069) - Revert "mm, memory_hotplug: do not associate hotadded memory to zones until online" * CVE-2017-5715 (Spectre v2 Intel) - x86/feature: Enable the x86 feature to control Speculation - x86/feature: Report presence of IBPB and IBRS control - x86/enter: MACROS to set/clear IBRS and set IBPB - x86/enter: Use IBRS on syscall and interrupts - x86/idle: Disable IBRS entering idle and enable it on wakeup - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup - x86/mm: Set IBPB upon context switch - x86/mm: Only set IBPB when the new thread cannot ptrace current thread - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm - x86/kvm: Set IBPB when switching VM - x86/kvm: Toggle IBRS on VM entry and exit - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control - x86/cpu/AMD: Add speculative control support for AMD - x86/microcode: Extend post microcode reload to support IBPB feature - KVM: SVM: Do not intercept new speculative control MSRs - x86/svm: Set IBRS value on VM entry and exit - x86/svm: Set IBPB when running a different VCPU - KVM: x86: Add speculative control CPUID support for guests - SAUCE: turn off IBPB when full retpoline is present * Artful 4.13 fixes for tun (LP: #1748846) - tun: call dev_get_valid_name() before register_netdevice() - tun: allow positive return values on dev_get_valid_name() call - tun/tap: sanitize TUNSETSNDBUF input * boot failure on AMD Raven + WestonXT (LP: #1742759) - SAUCE: drm/amdgpu: add atpx quirk handling (v2) [ Ubuntu: 4.13.0-33.36 ] * linux: 4.13.0-33.36 -proposed tracker (LP: #1746903) * starting VMs causing retpoline4 to reboot (LP: #1747507) // CVE-2017-5715 (Spectre v2 retpoline) - x86/retpoline: Fill RSB on context switch for affected CPUs - x86/retpoline: Add
[ubuntu/xenial-security] linux-meta-raspi2 4.4.0.1085.85 (Accepted)
linux-meta-raspi2 (4.4.0.1085.85) xenial; urgency=medium * Bump ABI 4.4.0-1085 linux-meta-raspi2 (4.4.0.1084.84) xenial; urgency=medium * Bump ABI 4.4.0-1084 linux-meta-raspi2 (4.4.0.1083.83) xenial; urgency=medium * Bump ABI 4.4.0-1083 Date: 2018-02-13 09:44:24.489811+00:00 Changed-By: Stefan BaderSigned-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/linux-meta-raspi2/4.4.0.1085.85 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] linux-meta-kvm 4.4.0.1019.18 (Accepted)
linux-meta-kvm (4.4.0.1019.18) xenial; urgency=medium * Bump ABI 4.4.0-1019 linux-meta-kvm (4.4.0.1018.17) xenial; urgency=medium * Bump ABI 4.4.0-1018 Date: 2018-02-13 13:13:12.836802+00:00 Changed-By: Stefan BaderSigned-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/linux-meta-kvm/4.4.0.1019.18 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] linux-azure 4.13.0-1011.14 (Accepted)
linux-azure (4.13.0-1011.14) xenial; urgency=medium * linux-azure: 4.13.0-1011.14 -proposed tracker (LP: #1748476) * [Hyper-V] Fixes for Network Direct InfiniBand/RDMA driver (LP: #1749332) - SAUCE: vmbus-rdma: ND142: don't wait forever for disconnection from remote connector - SAUCE: vmbus-rdma: ND142: remove idr handle before calling ND on freeing CQ and QP - SAUCE: vmbus-rdma: ND142: do not crash on idr allocation failure - warn instead - SAUCE: vmbus-rdma: ND144: don't wait forever for disconnection from remote connector - SAUCE: vmbus-rdma: ND144: remove idr handle before calling ND on freeing CQ and QP - SAUCE: vmbus-rdma: ND144: do not crash on idr allocation failure - warn instead * [Hyper-V] vsock: always call vsock_init_tables() (LP: #1747970) - vsock: always call vsock_init_tables() * Update the source code location in the debian package for cloud kernels (LP: #1747890) - [Debian] Update git repository URI [ Ubuntu: 4.13.0-35.39 ] * linux: 4.13.0-35.39 -proposed tracker (LP: #1748743) * CVE-2017-5715 (Spectre v2 Intel) - Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present" - SAUCE: turn off IBRS when full retpoline is present - [Packaging] retpoline files must be sorted - [Packaging] pull in retpoline files [ Ubuntu: 4.13.0-34.37 ] * linux: 4.13.0-34.37 -proposed tracker (LP: #1748475) * libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (LP: #1743053) - libata: apply MAX_SEC_1024 to all LITEON EP1 series devices * KVM patches for s390x to provide facility bits 81 (ppa15) and 82 (bpb) (LP: #1747090) - KVM: s390: wire up bpb feature * artful 4.13 i386 kernels crash after memory hotplug remove (LP: #1747069) - Revert "mm, memory_hotplug: do not associate hotadded memory to zones until online" * CVE-2017-5715 (Spectre v2 Intel) - x86/feature: Enable the x86 feature to control Speculation - x86/feature: Report presence of IBPB and IBRS control - x86/enter: MACROS to set/clear IBRS and set IBPB - x86/enter: Use IBRS on syscall and interrupts - x86/idle: Disable IBRS entering idle and enable it on wakeup - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup - x86/mm: Set IBPB upon context switch - x86/mm: Only set IBPB when the new thread cannot ptrace current thread - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm - x86/kvm: Set IBPB when switching VM - x86/kvm: Toggle IBRS on VM entry and exit - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control - x86/cpu/AMD: Add speculative control support for AMD - x86/microcode: Extend post microcode reload to support IBPB feature - KVM: SVM: Do not intercept new speculative control MSRs - x86/svm: Set IBRS value on VM entry and exit - x86/svm: Set IBPB when running a different VCPU - KVM: x86: Add speculative control CPUID support for guests - SAUCE: turn off IBPB when full retpoline is present * Artful 4.13 fixes for tun (LP: #1748846) - tun: call dev_get_valid_name() before register_netdevice() - tun: allow positive return values on dev_get_valid_name() call - tun/tap: sanitize TUNSETSNDBUF input * boot failure on AMD Raven + WestonXT (LP: #1742759) - SAUCE: drm/amdgpu: add atpx quirk handling (v2) linux-azure (4.13.0-1010.13) xenial; urgency=low * linux-azure: 4.13.0-1010.13 -proposed tracker (LP: #1746907) * CVE-2017-5715 (Spectre v2 retpoline) - x86/retpoline/hyperv: Convert assembler indirect jumps - [Config] azure: enable CONFIG_GENERIC_CPU_VULNERABILITIES - [Config] azure: enable CONFIG_RETPOLINE - [Config] azure: disable retpoline checks for first upload * Update the source code location in the debian package for cloud kernels (LP: #1747890) - [Debian] Update git repository URI * [Hyper-V] linux-azure: PCI: hv: Do not sleep in compose_msi_msg() (LP: #1747543) - PCI: hv: Do not sleep in compose_msi_msg() [ Ubuntu: 4.13.0-33.36 ] * linux: 4.13.0-33.36 -proposed tracker (LP: #1746903) * starting VMs causing retpoline4 to reboot (LP: #1747507) // CVE-2017-5715 (Spectre v2 retpoline) - x86/retpoline: Fill RSB on context switch for affected CPUs - x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros - x86/retpoline: Optimize inline assembler for vmexit_fill_RSB - x86/retpoline: Remove the esp/rsp thunk - x86/retpoline: Simplify vmexit_fill_RSB() * Missing install-time driver for QLogic QED 25/40/100Gb Ethernet NIC (LP: #1743638) - [d-i] Add qede to nic-modules udeb * hisi_sas: driver robustness fixes (LP: #1739807) - scsi: hisi_sas: fix reset and port ID refresh issues - scsi: hisi_sas: avoid
[ubuntu/xenial-security] linux-meta-oem 4.13.0.1021.25 (Accepted)
linux-meta-oem (4.13.0.1021.25) xenial; urgency=medium * Bump ABI 4.13.0-1021 Date: 2018-02-12 15:22:12.773423+00:00 Changed-By: Timo AaltonenSigned-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/linux-meta-oem/4.13.0.1021.25 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] linux-signed-oem 4.13.0-1021.23 (Accepted)
linux-signed-oem (4.13.0-1021.23) xenial; urgency=medium * Master version: 4.13.0-1021.23 linux-signed-oem (4.13.0-1021.22) xenial; urgency=medium * Master version: 4.13.0-1021.22 Date: 2018-02-13 12:24:13.448887+00:00 Changed-By: Timo AaltonenSigned-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/linux-signed-oem/4.13.0-1021.23 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] linux-oem 4.13.0-1021.23 (Accepted)
linux-oem (4.13.0-1021.23) xenial; urgency=low * linux-oem: 4.13.0-1021.23 -proposed tracker (LP: #1748481) * Intel 9462 A370:42A4 doesn't work (LP: #1748853) - SAUCE: iwlwifi: Adding missing id A370:42A4 * headset mic can't be detected on two Dell machines (LP: #1748807) - ALSA: hda/realtek - Support headset mode for ALC215/ALC285/ALC289 - ALSA: hda - Fix headset mic detection problem for two Dell machines * [linux-oem] Use I2C transport for touchpad on Precision M5530 (LP: #1746661) - SAUCE: ACPI: Parse entire table as a term_list for Dell XPS 9570 and Precision M5530 * QCA9377 requires more IRAM banks for its new firmware (LP: #1748345) - SAUCE: ath10k: change QCA9377 IRAM back to 9 * TrackPoint: middle button doesn't work on TrackPoint-compatible device. (LP: #1746002) - Input: trackpoint - force 3 buttons if 0 button is reported * [linux-oem] Fix out of bound VBT pin on CNP (LP: #1746411) - drm/i914/bios: amend child device config parameters - drm/i915/bios: document BDB versions of child device config fields - drm/i915/bios: remove the raw version of child device config - drm/i915/bios: add legacy contents to common child device config - drm/i915/bios: throw away high level child device union - drm/i915/bios: throw away struct old_child_dev_config - drm/i915/bios: document child device config dvo_port values a bit better - drm/i915/bios: group device type definitions together - drm/i915/bios: throw away unused DVO_* macros - drm/i915/bios: drop the rest of the p_ prefixes from pointers - drm/i915/cnl: Don't trust VBT's alternate pin for port D for now. - drm/i915/cnl: Map VBT DDC Pin to BSpec DDC Pin. - drm/i915/bios: split up iboost to hdmi and dp bitfields - drm/i915/bios: add DP max link rate to VBT child device struct - drm/i915/cnp: Ignore VBT request for know invalid DDC pin. - drm/i915/cnp: Properly handle VBT ddc pin out of bounds. * Miscellaneous upstream changes - Rebase to 4.13.0-35.39 - [Config] update configs following rebase to 4.13.0-35.39 - [oem config] Keep ignoring retpoline [ Ubuntu: 4.13.0-35.39 ] * linux: 4.13.0-35.39 -proposed tracker (LP: #1748743) * CVE-2017-5715 (Spectre v2 Intel) - Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present" - SAUCE: turn off IBRS when full retpoline is present - [Packaging] retpoline files must be sorted - [Packaging] pull in retpoline files [ Ubuntu: 4.13.0-34.37 ] * linux: 4.13.0-34.37 -proposed tracker (LP: #1748475) * libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (LP: #1743053) - libata: apply MAX_SEC_1024 to all LITEON EP1 series devices * KVM patches for s390x to provide facility bits 81 (ppa15) and 82 (bpb) (LP: #1747090) - KVM: s390: wire up bpb feature * artful 4.13 i386 kernels crash after memory hotplug remove (LP: #1747069) - Revert "mm, memory_hotplug: do not associate hotadded memory to zones until online" * CVE-2017-5715 (Spectre v2 Intel) - x86/feature: Enable the x86 feature to control Speculation - x86/feature: Report presence of IBPB and IBRS control - x86/enter: MACROS to set/clear IBRS and set IBPB - x86/enter: Use IBRS on syscall and interrupts - x86/idle: Disable IBRS entering idle and enable it on wakeup - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup - x86/mm: Set IBPB upon context switch - x86/mm: Only set IBPB when the new thread cannot ptrace current thread - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm - x86/kvm: Set IBPB when switching VM - x86/kvm: Toggle IBRS on VM entry and exit - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control - x86/cpu/AMD: Add speculative control support for AMD - x86/microcode: Extend post microcode reload to support IBPB feature - KVM: SVM: Do not intercept new speculative control MSRs - x86/svm: Set IBRS value on VM entry and exit - x86/svm: Set IBPB when running a different VCPU - KVM: x86: Add speculative control CPUID support for guests - SAUCE: turn off IBPB when full retpoline is present * Artful 4.13 fixes for tun (LP: #1748846) - tun: call dev_get_valid_name() before register_netdevice() - tun: allow positive return values on dev_get_valid_name() call - tun/tap: sanitize TUNSETSNDBUF input * boot failure on AMD Raven + WestonXT (LP: #1742759) - SAUCE: drm/amdgpu: add atpx quirk handling (v2) [ Ubuntu: 4.13.0-33.36 ] * linux: 4.13.0-33.36 -proposed tracker (LP: #1746903) * starting VMs causing retpoline4 to reboot (LP: #1747507) // CVE-2017-5715 (Spectre v2 retpoline) - x86/retpoline: Fill RSB on context switch for affected CPUs - x86/retpoline: Add
[ubuntu/xenial-security] linux-meta-gcp 4.13.0.1011.13 (Accepted)
linux-meta-gcp (4.13.0.1011.13) xenial; urgency=medium * Bump ABI 4.13.0-1011 linux-meta-gcp (4.13.0.1010.12) xenial; urgency=medium * Bump ABI 4.13.0-1010 linux-meta-gcp (4.13.0.1009.11) xenial; urgency=medium * Bump ABI 4.13.0-1009 Date: 2018-02-12 17:22:17.39+00:00 Changed-By: Stefan BaderSigned-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/linux-meta-gcp/4.13.0.1011.13 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] linux-meta 4.4.0.116.122 (Accepted)
linux-meta (4.4.0.116.122) xenial; urgency=medium * Bump ABI 4.4.0-116 linux-meta (4.4.0.115.121) xenial; urgency=medium * Bump ABI 4.4.0-115 linux-meta (4.4.0.114.120) xenial; urgency=medium * Bump ABI 4.4.0-114 linux-meta (4.4.0.113.119) xenial; urgency=medium * Bump ABI 4.4.0-113 Date: 2018-02-12 21:19:12.220448+00:00 Changed-By: Khaled El MouslySigned-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/linux-meta/4.4.0.116.122 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] linux-signed 4.4.0-116.140 (Accepted)
linux-signed (4.4.0-116.140) xenial; urgency=medium * Version 4.4.0-116.140 linux-signed (4.4.0-115.138) xenial; urgency=medium * Version 4.4.0-115.138 linux-signed (4.4.0-114.137) xenial; urgency=medium * Version 4.4.0-114.137 linux-signed (4.4.0-113.136) xenial; urgency=medium * Version 4.4.0-113.136 Date: 2018-02-12 21:19:25.925684+00:00 Changed-By: Khaled El MouslySigned-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/linux-signed/4.4.0-116.140 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] linux-hwe 4.13.0-36.40~16.04.1 (Accepted)
linux-hwe (4.13.0-36.40~16.04.1) xenial; urgency=medium * linux-hwe: 4.13.0-36.40~16.04.1 -proposed tracker (LP: #1750052) * linux: 4.13.0-36.40 -proposed tracker (LP: #1750010) * Rebuild without "CVE-2017-5754 ARM64 KPTI fixes" patch set linux (4.13.0-35.39) artful; urgency=medium * linux: 4.13.0-35.39 -proposed tracker (LP: #1748743) * CVE-2017-5715 (Spectre v2 Intel) - Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present" - SAUCE: turn off IBRS when full retpoline is present - [Packaging] retpoline files must be sorted - [Packaging] pull in retpoline files linux (4.13.0-34.37) artful; urgency=medium * linux: 4.13.0-34.37 -proposed tracker (LP: #1748475) * libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (LP: #1743053) - libata: apply MAX_SEC_1024 to all LITEON EP1 series devices * KVM patches for s390x to provide facility bits 81 (ppa15) and 82 (bpb) (LP: #1747090) - KVM: s390: wire up bpb feature * artful 4.13 i386 kernels crash after memory hotplug remove (LP: #1747069) - Revert "mm, memory_hotplug: do not associate hotadded memory to zones until online" * CVE-2017-5715 (Spectre v2 Intel) - x86/feature: Enable the x86 feature to control Speculation - x86/feature: Report presence of IBPB and IBRS control - x86/enter: MACROS to set/clear IBRS and set IBPB - x86/enter: Use IBRS on syscall and interrupts - x86/idle: Disable IBRS entering idle and enable it on wakeup - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup - x86/mm: Set IBPB upon context switch - x86/mm: Only set IBPB when the new thread cannot ptrace current thread - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm - x86/kvm: Set IBPB when switching VM - x86/kvm: Toggle IBRS on VM entry and exit - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control - x86/cpu/AMD: Add speculative control support for AMD - x86/microcode: Extend post microcode reload to support IBPB feature - KVM: SVM: Do not intercept new speculative control MSRs - x86/svm: Set IBRS value on VM entry and exit - x86/svm: Set IBPB when running a different VCPU - KVM: x86: Add speculative control CPUID support for guests - SAUCE: turn off IBPB when full retpoline is present * Artful 4.13 fixes for tun (LP: #1748846) - tun: call dev_get_valid_name() before register_netdevice() - tun: allow positive return values on dev_get_valid_name() call - tun/tap: sanitize TUNSETSNDBUF input * boot failure on AMD Raven + WestonXT (LP: #1742759) - SAUCE: drm/amdgpu: add atpx quirk handling (v2) linux (4.13.0-33.36) artful; urgency=low * linux: 4.13.0-33.36 -proposed tracker (LP: #1746903) [ Stefan Bader ] * starting VMs causing retpoline4 to reboot (LP: #1747507) // CVE-2017-5715 (Spectre v2 retpoline) - x86/retpoline: Fill RSB on context switch for affected CPUs - x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros - x86/retpoline: Optimize inline assembler for vmexit_fill_RSB - x86/retpoline: Remove the esp/rsp thunk - x86/retpoline: Simplify vmexit_fill_RSB() * Missing install-time driver for QLogic QED 25/40/100Gb Ethernet NIC (LP: #1743638) - [d-i] Add qede to nic-modules udeb * hisi_sas: driver robustness fixes (LP: #1739807) - scsi: hisi_sas: fix reset and port ID refresh issues - scsi: hisi_sas: avoid potential v2 hw interrupt issue - scsi: hisi_sas: fix v2 hw underflow residual value - scsi: hisi_sas: add v2 hw DFX feature - scsi: hisi_sas: add irq and tasklet cleanup in v2 hw - scsi: hisi_sas: service interrupt ITCT_CLR interrupt in v2 hw - scsi: hisi_sas: fix internal abort slot timeout bug - scsi: hisi_sas: us start_phy in PHY_FUNC_LINK_RESET - scsi: hisi_sas: fix NULL check in SMP abort task path - scsi: hisi_sas: fix the risk of freeing slot twice - scsi: hisi_sas: kill tasklet when destroying irq in v3 hw - scsi: hisi_sas: complete all tasklets prior to host reset * [Artful/Zesty] ACPI APEI error handling bug fixes (LP: #1732990) - ACPI: APEI: fix the wrong iteration of generic error status block - ACPI / APEI: clear error status before acknowledging the error * [Zesty/Artful] On ARM64 PCIE physical function passthrough guest fails to boot (LP: #1732804) - vfio/pci: Virtualize Maximum Payload Size - vfio/pci: Virtualize Maximum Read Request Size * hisi_sas: Add ATA command support for SMR disks (LP: #1739891) - scsi: hisi_sas: support zone management commands * thunderx2: i2c driver PEC and ACPI clock fixes (LP: #1738073) - ACPI / APD: Add clock frequency for ThunderX2 I2C controller - i2c: xlp9xx: Get clock frequency with clk API - i2c: xlp9xx:
[ubuntu/xenial-updates] linux-hwe 4.13.0-36.40~16.04.1 (Accepted)
linux-hwe (4.13.0-36.40~16.04.1) xenial; urgency=medium * linux-hwe: 4.13.0-36.40~16.04.1 -proposed tracker (LP: #1750052) * linux: 4.13.0-36.40 -proposed tracker (LP: #1750010) * Rebuild without "CVE-2017-5754 ARM64 KPTI fixes" patch set linux (4.13.0-35.39) artful; urgency=medium * linux: 4.13.0-35.39 -proposed tracker (LP: #1748743) * CVE-2017-5715 (Spectre v2 Intel) - Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present" - SAUCE: turn off IBRS when full retpoline is present - [Packaging] retpoline files must be sorted - [Packaging] pull in retpoline files linux (4.13.0-34.37) artful; urgency=medium * linux: 4.13.0-34.37 -proposed tracker (LP: #1748475) * libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (LP: #1743053) - libata: apply MAX_SEC_1024 to all LITEON EP1 series devices * KVM patches for s390x to provide facility bits 81 (ppa15) and 82 (bpb) (LP: #1747090) - KVM: s390: wire up bpb feature * artful 4.13 i386 kernels crash after memory hotplug remove (LP: #1747069) - Revert "mm, memory_hotplug: do not associate hotadded memory to zones until online" * CVE-2017-5715 (Spectre v2 Intel) - x86/feature: Enable the x86 feature to control Speculation - x86/feature: Report presence of IBPB and IBRS control - x86/enter: MACROS to set/clear IBRS and set IBPB - x86/enter: Use IBRS on syscall and interrupts - x86/idle: Disable IBRS entering idle and enable it on wakeup - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup - x86/mm: Set IBPB upon context switch - x86/mm: Only set IBPB when the new thread cannot ptrace current thread - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm - x86/kvm: Set IBPB when switching VM - x86/kvm: Toggle IBRS on VM entry and exit - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control - x86/cpu/AMD: Add speculative control support for AMD - x86/microcode: Extend post microcode reload to support IBPB feature - KVM: SVM: Do not intercept new speculative control MSRs - x86/svm: Set IBRS value on VM entry and exit - x86/svm: Set IBPB when running a different VCPU - KVM: x86: Add speculative control CPUID support for guests - SAUCE: turn off IBPB when full retpoline is present * Artful 4.13 fixes for tun (LP: #1748846) - tun: call dev_get_valid_name() before register_netdevice() - tun: allow positive return values on dev_get_valid_name() call - tun/tap: sanitize TUNSETSNDBUF input * boot failure on AMD Raven + WestonXT (LP: #1742759) - SAUCE: drm/amdgpu: add atpx quirk handling (v2) linux (4.13.0-33.36) artful; urgency=low * linux: 4.13.0-33.36 -proposed tracker (LP: #1746903) [ Stefan Bader ] * starting VMs causing retpoline4 to reboot (LP: #1747507) // CVE-2017-5715 (Spectre v2 retpoline) - x86/retpoline: Fill RSB on context switch for affected CPUs - x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros - x86/retpoline: Optimize inline assembler for vmexit_fill_RSB - x86/retpoline: Remove the esp/rsp thunk - x86/retpoline: Simplify vmexit_fill_RSB() * Missing install-time driver for QLogic QED 25/40/100Gb Ethernet NIC (LP: #1743638) - [d-i] Add qede to nic-modules udeb * hisi_sas: driver robustness fixes (LP: #1739807) - scsi: hisi_sas: fix reset and port ID refresh issues - scsi: hisi_sas: avoid potential v2 hw interrupt issue - scsi: hisi_sas: fix v2 hw underflow residual value - scsi: hisi_sas: add v2 hw DFX feature - scsi: hisi_sas: add irq and tasklet cleanup in v2 hw - scsi: hisi_sas: service interrupt ITCT_CLR interrupt in v2 hw - scsi: hisi_sas: fix internal abort slot timeout bug - scsi: hisi_sas: us start_phy in PHY_FUNC_LINK_RESET - scsi: hisi_sas: fix NULL check in SMP abort task path - scsi: hisi_sas: fix the risk of freeing slot twice - scsi: hisi_sas: kill tasklet when destroying irq in v3 hw - scsi: hisi_sas: complete all tasklets prior to host reset * [Artful/Zesty] ACPI APEI error handling bug fixes (LP: #1732990) - ACPI: APEI: fix the wrong iteration of generic error status block - ACPI / APEI: clear error status before acknowledging the error * [Zesty/Artful] On ARM64 PCIE physical function passthrough guest fails to boot (LP: #1732804) - vfio/pci: Virtualize Maximum Payload Size - vfio/pci: Virtualize Maximum Read Request Size * hisi_sas: Add ATA command support for SMR disks (LP: #1739891) - scsi: hisi_sas: support zone management commands * thunderx2: i2c driver PEC and ACPI clock fixes (LP: #1738073) - ACPI / APD: Add clock frequency for ThunderX2 I2C controller - i2c: xlp9xx: Get clock frequency with clk API - i2c: xlp9xx:
[ubuntu/xenial-security] linux-signed-hwe 4.13.0-36.40~16.04.1 (Accepted)
linux-signed-hwe (4.13.0-36.40~16.04.1) xenial; urgency=medium * Master version: 4.13.0-36.40~16.04.1 linux-signed-hwe (4.13.0-35.39~16.04.1) xenial; urgency=medium * Master version: 4.13.0-35.39~16.04.1 linux-signed-hwe (4.13.0-33.36~16.04.1) xenial; urgency=medium * Master version: 4.13.0-33.36~16.04.1 Date: 2018-02-16 23:22:54.455755+00:00 Changed-By: Kamal MostafaSigned-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/linux-signed-hwe/4.13.0-36.40~16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] linux-meta 4.4.0.116.122 (Accepted)
linux-meta (4.4.0.116.122) xenial; urgency=medium * Bump ABI 4.4.0-116 linux-meta (4.4.0.115.121) xenial; urgency=medium * Bump ABI 4.4.0-115 linux-meta (4.4.0.114.120) xenial; urgency=medium * Bump ABI 4.4.0-114 linux-meta (4.4.0.113.119) xenial; urgency=medium * Bump ABI 4.4.0-113 Date: 2018-02-12 21:19:12.220448+00:00 Changed-By: Khaled El MouslySigned-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/linux-meta/4.4.0.116.122 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-proposed] hw-detect 1.117ubuntu2.3 (Accepted)
hw-detect (1.117ubuntu2.3) xenial; urgency=medium * hw-detect.sh: install opal-prd on OpenPOWER machines. LP: #1555904 * Drop hw-detect.pre-pkgsel.d/20install-hwpackages, as it installs universe package, which is probably in itself not useful on Ubuntu. LP: #1577833 Date: Wed, 21 Feb 2018 15:36:54 + Changed-By: Dimitri John LedkovMaintainer: Ubuntu Installer Team https://launchpad.net/ubuntu/+source/hw-detect/1.117ubuntu2.3 Format: 1.8 Date: Wed, 21 Feb 2018 15:36:54 + Source: hw-detect Binary: hw-detect ethdetect disk-detect driver-injection-disk-detect archdetect archdetect-deb Architecture: source Version: 1.117ubuntu2.3 Distribution: xenial Urgency: medium Maintainer: Ubuntu Installer Team Changed-By: Dimitri John Ledkov Description: archdetect - Hardware architecture detector (udeb) archdetect-deb - Hardware architecture detector disk-detect - Detect disk drives (udeb) driver-injection-disk-detect - Detect OEM driver injection disks (udeb) ethdetect - Detect network hardware and load kernel drivers for it (udeb) hw-detect - Detect hardware and load kernel drivers for it (udeb) Launchpad-Bugs-Fixed: 1555904 1577833 Changes: hw-detect (1.117ubuntu2.3) xenial; urgency=medium . * hw-detect.sh: install opal-prd on OpenPOWER machines. LP: #1555904 * Drop hw-detect.pre-pkgsel.d/20install-hwpackages, as it installs universe package, which is probably in itself not useful on Ubuntu. LP: #1577833 Checksums-Sha1: 9fe0ad5bf31cd994ee078e2bc5be940295083afc 1970 hw-detect_1.117ubuntu2.3.dsc 97c38db7801399fc8a0e82f38a64108a492df315 192940 hw-detect_1.117ubuntu2.3.tar.xz d5734dfb9b47b07bc2de1752b87e7dd0e98d1366 6699 hw-detect_1.117ubuntu2.3_source.buildinfo Checksums-Sha256: 0e2f09a7e56beb8601c9088ce753c3023478ab6b99113be4aa36aa51ca34a419 1970 hw-detect_1.117ubuntu2.3.dsc e7238c5b1e0e01e9bdb01a97b567db772db0d54f44730e20e1fc1a9f0faa7420 192940 hw-detect_1.117ubuntu2.3.tar.xz 376273ecb202522b0c6ecf0d93799fc393f2ac4b67763529f1ee162073de4bc8 6699 hw-detect_1.117ubuntu2.3_source.buildinfo Files: 763fe4becc4fdce196cafad8487d1291 1970 debian-installer standard hw-detect_1.117ubuntu2.3.dsc 641e6a87fc51d5d17b5d21f4eb9873d7 192940 debian-installer standard hw-detect_1.117ubuntu2.3.tar.xz 26011a2c63a139642a35f13505b6600b 6699 debian-installer standard hw-detect_1.117ubuntu2.3_source.buildinfo Original-Maintainer: Debian Install System Team -- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-proposed] s390-tools 1.34.0-0ubuntu8.5 (Accepted)
s390-tools (1.34.0-0ubuntu8.5) xenial; urgency=medium * Correct postinst, which cleans up erroneous directory from 1.34.0-0ubuntu8 upload and earlier. LP: #1608927 Date: Wed, 21 Feb 2018 16:44:02 + Changed-By: Dimitri John LedkovMaintainer: Ubuntu Developers https://launchpad.net/ubuntu/+source/s390-tools/1.34.0-0ubuntu8.5 Format: 1.8 Date: Wed, 21 Feb 2018 16:44:02 + Source: s390-tools Binary: s390-tools s390-tools-cpuplugd s390-tools-statd s390-tools-osasnmpd s390-tools-udeb Architecture: source Version: 1.34.0-0ubuntu8.5 Distribution: xenial Urgency: medium Maintainer: Ubuntu Developers Changed-By: Dimitri John Ledkov Description: s390-tools - fundamental utilities for Linux on z Systems s390-tools-cpuplugd - cpuplugd utility for Linux on z Systems s390-tools-osasnmpd - osasnmpd utility for Linux on z Systems s390-tools-statd - mon_statd monitoring daemons for Linux on z Systems s390-tools-udeb - utilities for Linux on z Systems (udeb) Launchpad-Bugs-Fixed: 1608927 Changes: s390-tools (1.34.0-0ubuntu8.5) xenial; urgency=medium . * Correct postinst, which cleans up erroneous directory from 1.34.0-0ubuntu8 upload and earlier. LP: #1608927 Checksums-Sha1: 25c6439991d0317ba86ae9ef1f090347204e5d0f 2069 s390-tools_1.34.0-0ubuntu8.5.dsc c4a88bb7fd2089570fe9680f83e0087ca99e5d46 20236 s390-tools_1.34.0-0ubuntu8.5.debian.tar.xz 01c6570775b889bcf7a47f29b8b32b193d51602f 7547 s390-tools_1.34.0-0ubuntu8.5_source.buildinfo Checksums-Sha256: adaf3a5731733a715c52bbe59651c0874c3390cc825b70a08003d6c7bb4814e3 2069 s390-tools_1.34.0-0ubuntu8.5.dsc da0b1da4d4e8a93fd84e609867eacc0916cc795e966455397c975825a9c253df 20236 s390-tools_1.34.0-0ubuntu8.5.debian.tar.xz 794b0d043a5ea132160bc3b349d1cce6b11b31fc34d9025245785081cddd079e 7547 s390-tools_1.34.0-0ubuntu8.5_source.buildinfo Files: 256853e1d0a9edb7ee96413c4acd7091 2069 admin optional s390-tools_1.34.0-0ubuntu8.5.dsc c0b5107f785f845f7d4ccb3f304b6d84 20236 admin optional s390-tools_1.34.0-0ubuntu8.5.debian.tar.xz 6acd2bc248073266bd6243e18dc568f8 7547 admin optional s390-tools_1.34.0-0ubuntu8.5_source.buildinfo Original-Maintainer: Debian S/390 Team -- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-proposed] libgcrypt20 1.6.5-2ubuntu0.4 (Accepted)
libgcrypt20 (1.6.5-2ubuntu0.4) xenial; urgency=medium * Disable the library reading /proc/sys/crypto/fips_enabled file and going into FIPS mode. This fixes a hang on boot when using a FIPS-enabled kernel with encrypted installations (LP: #1748310) - debian/patches/disable_fips_enabled_read.patch Date: Fri, 16 Feb 2018 13:31:19 -0500 Changed-By: Vineetha PaiMaintainer: Ubuntu Developers Signed-By: Robie Basak https://launchpad.net/ubuntu/+source/libgcrypt20/1.6.5-2ubuntu0.4 Format: 1.8 Date: Fri, 16 Feb 2018 13:31:19 -0500 Source: libgcrypt20 Binary: libgcrypt20-doc libgcrypt20-dev libgcrypt20 libgcrypt20-udeb libgcrypt11-dev Architecture: source Version: 1.6.5-2ubuntu0.4 Distribution: xenial Urgency: medium Maintainer: Ubuntu Developers Changed-By: Vineetha Pai Description: libgcrypt11-dev - transitional libgcrypt11-dev package libgcrypt20 - LGPL Crypto library - runtime library libgcrypt20-dev - LGPL Crypto library - development files libgcrypt20-doc - LGPL Crypto library - documentation libgcrypt20-udeb - LGPL Crypto library - runtime library (udeb) Launchpad-Bugs-Fixed: 1748310 Changes: libgcrypt20 (1.6.5-2ubuntu0.4) xenial; urgency=medium . * Disable the library reading /proc/sys/crypto/fips_enabled file and going into FIPS mode. This fixes a hang on boot when using a FIPS-enabled kernel with encrypted installations (LP: #1748310) - debian/patches/disable_fips_enabled_read.patch Checksums-Sha1: a10a7291615ba753a0690bcc55ad52b2181ae1b8 2639 libgcrypt20_1.6.5-2ubuntu0.4.dsc 6ef38e9f470e1ff2585ec84c0f1fbb20afafe672 36840 libgcrypt20_1.6.5-2ubuntu0.4.debian.tar.xz Checksums-Sha256: 8563d406770c214117424b8d5f6744f988c18ec3bed8f593984661bff0b3 2639 libgcrypt20_1.6.5-2ubuntu0.4.dsc c27b1256f1d63cf3c7e410d3be397ada333be229edbfb6d24723325f7deb9748 36840 libgcrypt20_1.6.5-2ubuntu0.4.debian.tar.xz Files: 2db2e6724a3d41daceb4e8bfbbd62e76 2639 libs optional libgcrypt20_1.6.5-2ubuntu0.4.dsc 2cad482b477253f252c813c7c04c8cd8 36840 libs optional libgcrypt20_1.6.5-2ubuntu0.4.debian.tar.xz Original-Maintainer: Debian GnuTLS Maintainers -- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-proposed] apparmor 2.10.95-0ubuntu2.9 (Accepted)
apparmor (2.10.95-0ubuntu2.9) xenial; urgency=medium * debian/patches/base-journald-updates.patch: update base abstraction for additional journald sockets (LP: #1670408) Backport from 2.11.0-2ubuntu5 by Jamie StrandbogeDate: Tue, 20 Feb 2018 16:04:02 +0100 Changed-By: Christian Ehrhardt Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/+source/apparmor/2.10.95-0ubuntu2.9 Format: 1.8 Date: Tue, 20 Feb 2018 16:04:02 +0100 Source: apparmor Binary: apparmor apparmor-utils apparmor-profiles apparmor-docs libapparmor-dev libapparmor1 libapparmor-perl libapache2-mod-apparmor libpam-apparmor apparmor-notify python-libapparmor python3-libapparmor python-apparmor python3-apparmor dh-apparmor apparmor-easyprof Architecture: source Version: 2.10.95-0ubuntu2.9 Distribution: xenial Urgency: medium Maintainer: Ubuntu Developers Changed-By: Christian Ehrhardt Description: apparmor - user-space parser utility for AppArmor apparmor-docs - documentation for AppArmor apparmor-easyprof - AppArmor easyprof profiling tool apparmor-notify - AppArmor notification system apparmor-profiles - profiles for AppArmor Security policies apparmor-utils - utilities for controlling AppArmor dh-apparmor - AppArmor debhelper routines libapache2-mod-apparmor - changehat AppArmor library as an Apache module libapparmor-dev - AppArmor development libraries and header files libapparmor-perl - AppArmor library Perl bindings libapparmor1 - changehat AppArmor library libpam-apparmor - changehat AppArmor library as a PAM module python-apparmor - AppArmor Python utility library python-libapparmor - AppArmor library Python bindings python3-apparmor - AppArmor Python3 utility library python3-libapparmor - AppArmor library Python3 bindings Launchpad-Bugs-Fixed: 1670408 Changes: apparmor (2.10.95-0ubuntu2.9) xenial; urgency=medium . * debian/patches/base-journald-updates.patch: update base abstraction for additional journald sockets (LP: #1670408) Backport from 2.11.0-2ubuntu5 by Jamie Strandboge Checksums-Sha1: ac020002013fe640092bdf573febdcbd957e1941 3252 apparmor_2.10.95-0ubuntu2.9.dsc 5dc329254c18572a4b26fded93aec0f947100187 97000 apparmor_2.10.95-0ubuntu2.9.debian.tar.xz Checksums-Sha256: e0ffa6f0c0610e68e87bdc44af9c86dd02e4e98fbed4a4ac531ea8ebd112a6f0 3252 apparmor_2.10.95-0ubuntu2.9.dsc 22afd37e164269a152f37bd33e5c3fd208dbd35b324e9a0d13154acc45792be9 97000 apparmor_2.10.95-0ubuntu2.9.debian.tar.xz Files: 841f2b7bc19ede2cda1ddb2141a69257 3252 admin extra apparmor_2.10.95-0ubuntu2.9.dsc 17385aa78ab290228d952a0ef037895c 97000 admin extra apparmor_2.10.95-0ubuntu2.9.debian.tar.xz Original-Maintainer: Debian AppArmor Team -- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-proposed] net-snmp 5.7.3+dfsg-1ubuntu4.1 (Accepted)
net-snmp (5.7.3+dfsg-1ubuntu4.1) xenial; urgency=medium * d/snmpd.init: also match start-stop-daemon against pidfile to avoid killing extra snmpd processes for example in container (LP: #1720109) Date: Tue, 20 Feb 2018 14:53:51 +0100 Changed-By: Christian EhrhardtMaintainer: Ubuntu Developers https://launchpad.net/ubuntu/+source/net-snmp/5.7.3+dfsg-1ubuntu4.1 Format: 1.8 Date: Tue, 20 Feb 2018 14:53:51 +0100 Source: net-snmp Binary: snmpd snmptrapd snmp libsnmp-base libsnmp30 libsnmp30-dbg libsnmp-dev libsnmp-perl python-netsnmp tkmib Architecture: source Version: 5.7.3+dfsg-1ubuntu4.1 Distribution: xenial Urgency: medium Maintainer: Ubuntu Developers Changed-By: Christian Ehrhardt Description: libsnmp-base - SNMP configuration script, MIBs and documentation libsnmp-dev - SNMP (Simple Network Management Protocol) development files libsnmp-perl - SNMP (Simple Network Management Protocol) Perl5 support libsnmp30 - SNMP (Simple Network Management Protocol) library libsnmp30-dbg - SNMP (Simple Network Management Protocol) library debug python-netsnmp - SNMP (Simple Network Management Protocol) Python support snmp - SNMP (Simple Network Management Protocol) applications snmpd - SNMP (Simple Network Management Protocol) agents snmptrapd - Net-SNMP notification receiver tkmib - SNMP (Simple Network Management Protocol) MIB browser Launchpad-Bugs-Fixed: 1720109 Changes: net-snmp (5.7.3+dfsg-1ubuntu4.1) xenial; urgency=medium . * d/snmpd.init: also match start-stop-daemon against pidfile to avoid killing extra snmpd processes for example in container (LP: #1720109) Checksums-Sha1: 51edecaaebc0223e8acdd0b3744cd0f87bf1c6bf 3142 net-snmp_5.7.3+dfsg-1ubuntu4.1.dsc 6d0563414c9039e22e9af9425a6c7adaf8a81d92 66164 net-snmp_5.7.3+dfsg-1ubuntu4.1.debian.tar.xz Checksums-Sha256: 63001c618006cf7bc39c8f2e1e48504092fa8854ff75cfd6632cae585c6f6541 3142 net-snmp_5.7.3+dfsg-1ubuntu4.1.dsc 0ce3964cd1be0bfad3528e55db01560aa6dcb319cd4a51c8f3fb109c661fda1a 66164 net-snmp_5.7.3+dfsg-1ubuntu4.1.debian.tar.xz Files: 1f4aadede925dba7ebe34f402d02b887 3142 net optional net-snmp_5.7.3+dfsg-1ubuntu4.1.dsc d068431a5b82a5db348a76fbb428650b 66164 net optional net-snmp_5.7.3+dfsg-1ubuntu4.1.debian.tar.xz Original-Maintainer: Net-SNMP Packaging Team -- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] tor 0.2.9.14-1ubuntu1~16.04.1 (Accepted)
tor (0.2.9.14-1ubuntu1~16.04.1) xenial; urgency=medium [ Peter Palfrader ] * apparmor: use Pix instead of PUx for obfs4proxy, giving us better confinement of the child process while actually working with systemd's NoNewPrivileges. (closes: #867342) * Do not rely on aa-exec and aa-enabled being in /usr/sbin in the SysV init script. This change enables apparmor confinement on some system-V systems again. (closes: #869153) * Update apparmor profile: replace CAP_DAC_OVERRIDE with CAP_DAC_READ_SEARCH to match the systemd capability bounding set changed with 0.3.0.4-rc-1. This change will allow tor to start again under apparmor if hidden services are configured. Patch by intrigeri. (closes: #862993) * Replace CAP_DAC_OVERRIDE with CAP_DAC_READ_SEARCH in systemd's service capability bounding set. Read access is sufficient for Tor (as root on startup) to check its onion service directories (see #847598). * Change "AppArmorProfile=system_tor" to AppArmorProfile=-system_tor, causing all errors while switching to the new apparmor profile to be ignored. This is not ideal, but for now it's probably the best solution. Thanks to intrigeri; closes: #880490. [ Simon Deziel ] * Backport 0.2.9.14 to 16.04 (LP: #1731698) * debian/rules: stop overriding micro-revision.i * debian/control: drop build-conflicts * debian/control: Limit the seccomp build-dependency to [amd64 i386 x32 armel armhf] * Resync with Debian Stretch tor (0.2.9.14-1) stretch-security; urgency=medium * New upstream version, including among others: - Fix an issue causing DNS to fail on high-bandwidth exit nodes, making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on 0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for identifying and finding a workaround to this bug and to Moritz, Arthur Edelstein, and Roger for helping to track it down and analyze it. - Fix a denial of service bug where an attacker could use a malformed directory object to cause a Tor instance to pause while OpenSSL would try to read a passphrase from the terminal. (Tor instances run without a terminal, which is the case for most Tor packages, are not impacted.) Fixes bug 24246; bugfix on every version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821. Found by OSS-Fuzz as testcase 6360145429790720. - Fix a denial of service issue where an attacker could crash a directory authority using a malformed router descriptor. Fixes bug 24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010 and CVE-2017-8820. - When checking for replays in the INTRODUCE1 cell data for a (legacy) onion service, correctly detect replays in the RSA- encrypted part of the cell. We were previously checking for replays on the entire cell, but those can be circumvented due to the malleability of Tor's legacy hybrid encryption. This fix helps prevent a traffic confirmation attack. Fixes bug 24244; bugfix on 0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009 and CVE-2017-8819. - Fix a use-after-free error that could crash v2 Tor onion services when they failed to open circuits while expiring introduction points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is also tracked as TROVE-2017-013 and CVE-2017-8823. - When running as a relay, make sure that we never build a path through ourselves, even in the case where we have somehow lost the version of our descriptor appearing in the consensus. Fixes part of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked as TROVE-2017-012 and CVE-2017-8822. tor (0.2.9.13-1) stretch; urgency=medium * New upstream version: - update directory authority set tor (0.2.9.12-1) stretch-security; urgency=medium * New upstream version: - CVE-2017-0380 (TROVE-2017-008): Stack disclosure in hidden services logs when SafeLogging disabled - other maintenance and security related fixes, see upstream changelog. Date: 2018-02-13 23:57:11.143810+00:00 Changed-By: Simon DézielSigned-By: Robie Basak https://launchpad.net/ubuntu/+source/tor/0.2.9.14-1ubuntu1~16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-proposed] debian-installer 20101020ubuntu451.22 (Accepted)
debian-installer (20101020ubuntu451.22) xenial; urgency=medium [ dann frazier ] * arm64-efi/netboot: Improvements to mini.iso generation: - Add an EFI System Partition to fix booting from USB stick on same platforms LP: #1692876. - Remove no-op arguments -boot-load-size and -boot-info-table. - Use simpler "-e" instead of "--efi-boot" since we only have 1 el torito image. - Add -partition_offset 16 so that the output of commands like 'isosize' is correct. * netboot/arm64: Include nic-firmware. LP: #1743638. [ Łukasz 'sil2100' Zemczak ] * Bump FLOPPY_SIZE on amd64, i386, and powerpc for kernel growth. Date: Wed, 21 Feb 2018 10:43:54 +0100 Changed-By: Łukasz 'sil2100' ZemczakMaintainer: Ubuntu Installer Team https://launchpad.net/ubuntu/+source/debian-installer/20101020ubuntu451.22 Format: 1.8 Date: Wed, 21 Feb 2018 10:43:54 +0100 Source: debian-installer Binary: debian-installer debian-installer-udebs Architecture: source Version: 20101020ubuntu451.22 Distribution: xenial Urgency: medium Maintainer: Ubuntu Installer Team Changed-By: Łukasz 'sil2100' Zemczak Description: debian-installer - Debian installer debian-installer-udebs - Metapackage depending on debian-installer's built-in udebs (udeb) Launchpad-Bugs-Fixed: 1692876 1743638 Changes: debian-installer (20101020ubuntu451.22) xenial; urgency=medium . [ dann frazier ] * arm64-efi/netboot: Improvements to mini.iso generation: - Add an EFI System Partition to fix booting from USB stick on same platforms LP: #1692876. - Remove no-op arguments -boot-load-size and -boot-info-table. - Use simpler "-e" instead of "--efi-boot" since we only have 1 el torito image. - Add -partition_offset 16 so that the output of commands like 'isosize' is correct. * netboot/arm64: Include nic-firmware. LP: #1743638. . [ Łukasz 'sil2100' Zemczak ] * Bump FLOPPY_SIZE on amd64, i386, and powerpc for kernel growth. Checksums-Sha1: a7c3a832d3a8f5c4bffc20748d3ed462f4e6ae63 3447 debian-installer_20101020ubuntu451.22.dsc 13688d74a3b205c3ccc89af3c3391210ef3b1016 1396692 debian-installer_20101020ubuntu451.22.tar.xz 1f4dc640ac8677c14c64b07459a570a16d50360e 12262 debian-installer_20101020ubuntu451.22_source.buildinfo Checksums-Sha256: fc9a5b3bb2bfcea7027349aa1851c889175e1ebd04167359726991415b41b206 3447 debian-installer_20101020ubuntu451.22.dsc 5005228040411dff1b5b6b716c0ff68ea34d31bb4101d8be28a0c7421b699731 1396692 debian-installer_20101020ubuntu451.22.tar.xz 9b6c9337761cd9458779ff9f1daf829246519726dd07dc0fd66c7883bfd7c7b0 12262 debian-installer_20101020ubuntu451.22_source.buildinfo Files: fadb59f449757761b9ab071cb3f32a7d 3447 devel optional debian-installer_20101020ubuntu451.22.dsc 0a1468ef2df58a39d5cca164de6a7b34 1396692 devel optional debian-installer_20101020ubuntu451.22.tar.xz c2091d59c0bbd05fc0fcc545c1c544ed 12262 devel optional debian-installer_20101020ubuntu451.22_source.buildinfo Original-Maintainer: Debian Install System Team -- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes