[ubuntu/xenial-proposed] containerd 1.2.6-0ubuntu1~16.04.2 (Accepted)
containerd (1.2.6-0ubuntu1~16.04.2) xenial; urgency=medium * Increase runc version requirement. containerd (1.2.6-0ubuntu1~16.04.1) xenial; urgency=medium * Backport to 16.04. (LP: #1824461) * Build with golang-1.10-go. * Build depend on btrfs-tools, not libbtrfs-dev or btrfs-progs. * Re-add Build-Depends: on dh-systemd * Disable race testing as go 1.10 race runtime not yet present in Xenial. * Add Breaks: docker.io (<= 18.09.3~) Date: Thu, 16 May 2019 15:43:29 +1200 Changed-By: Michael Hudson-Doyle Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/+source/containerd/1.2.6-0ubuntu1~16.04.2 Format: 1.8 Date: Thu, 16 May 2019 15:43:29 +1200 Source: containerd Binary: containerd golang-github-docker-containerd-dev Architecture: source Version: 1.2.6-0ubuntu1~16.04.2 Distribution: xenial Urgency: medium Maintainer: Ubuntu Developers Changed-By: Michael Hudson-Doyle Description: containerd - daemon to control runC golang-github-docker-containerd-dev - runC develpoment files Launchpad-Bugs-Fixed: 1824461 Changes: containerd (1.2.6-0ubuntu1~16.04.2) xenial; urgency=medium . * Increase runc version requirement. . containerd (1.2.6-0ubuntu1~16.04.1) xenial; urgency=medium . * Backport to 16.04. (LP: #1824461) * Build with golang-1.10-go. * Build depend on btrfs-tools, not libbtrfs-dev or btrfs-progs. * Re-add Build-Depends: on dh-systemd * Disable race testing as go 1.10 race runtime not yet present in Xenial. * Add Breaks: docker.io (<= 18.09.3~) Checksums-Sha1: 5989828ab92968cabeaeb2d270128e3c736ff14e 2386 containerd_1.2.6-0ubuntu1~16.04.2.dsc d0c6753214d84c8bdf659cdc053884ac3443fcc3 11324 containerd_1.2.6-0ubuntu1~16.04.2.debian.tar.xz 18a9140595a7e6f8f4e255e9a970e203fd17b62e 6370 containerd_1.2.6-0ubuntu1~16.04.2_source.buildinfo Checksums-Sha256: cf5a3383e86b223d6c40f58bec9cd5b3d553cd499aa96956d4451c877fa32000 2386 containerd_1.2.6-0ubuntu1~16.04.2.dsc 1de052b1af59ba61788ffeae2d39f1e74cc410b0054075ecac992baabd13622c 11324 containerd_1.2.6-0ubuntu1~16.04.2.debian.tar.xz e6443f8f582a86d99ece8b23353a0181758faafed660a4f85d1d43fc28a80a3a 6370 containerd_1.2.6-0ubuntu1~16.04.2_source.buildinfo Files: 4ff55572f60348cb317da079cb2085f6 2386 admin optional containerd_1.2.6-0ubuntu1~16.04.2.dsc acf8bb104f986c46ab8b3fc54dffac1f 11324 admin optional containerd_1.2.6-0ubuntu1~16.04.2.debian.tar.xz fb93fb4bc228945986c551097a3267e4 6370 admin optional containerd_1.2.6-0ubuntu1~16.04.2_source.buildinfo Original-Maintainer: Debian Go Packaging Team -- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] cups 2.1.3-4ubuntu0.8 (Accepted)
cups (2.1.3-4ubuntu0.8) xenial; urgency=medium * d/p/systemd-service-for-cupsd-after-sssd.patch: Start cupsd after sssd if installed (LP: #1822062) Date: 2019-05-02 12:02:11.690626+00:00 Changed-By: Victor Tapia Signed-By: Brian Murray https://launchpad.net/ubuntu/+source/cups/2.1.3-4ubuntu0.8 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-proposed] util-linux 2.27.1-6ubuntu3.7 (Accepted)
util-linux (2.27.1-6ubuntu3.7) xenial; urgency=medium * d/patches/lscpu-cleanup-DMI-detection-return-codes.patch: Cherry pick upstream patch to fix correctly identifying virtualization type. LP: #1764628 Date: Tue, 02 Apr 2019 17:20:29 -0500 Changed-By: Manoj Iyer Maintainer: Ubuntu Developers Signed-By: Dimitri John Ledkov https://launchpad.net/ubuntu/+source/util-linux/2.27.1-6ubuntu3.7 Format: 1.8 Date: Tue, 02 Apr 2019 17:20:29 -0500 Source: util-linux Architecture: source Version: 2.27.1-6ubuntu3.7 Distribution: xenial Urgency: medium Maintainer: Ubuntu Developers Changed-By: Manoj Iyer Launchpad-Bugs-Fixed: 1764628 Changes: util-linux (2.27.1-6ubuntu3.7) xenial; urgency=medium . * d/patches/lscpu-cleanup-DMI-detection-return-codes.patch: Cherry pick upstream patch to fix correctly identifying virtualization type. LP: #1764628 Checksums-Sha1: 520bebd98656a50abfa53a8c22d13948303d9962 3956 util-linux_2.27.1-6ubuntu3.7.dsc 043f6a75ebda36dc2818f7e19586d0e59fd4b3f0 86812 util-linux_2.27.1-6ubuntu3.7.debian.tar.xz 9bdf44bfef9220e72142f313d6d431fd27baad8f 8391 util-linux_2.27.1-6ubuntu3.7_source.buildinfo Checksums-Sha256: 36e1049312f83310cd76d7bd0007a196e51b61876df2945bd4026f881e5c6d0c 3956 util-linux_2.27.1-6ubuntu3.7.dsc 113075f3d3a78bad69adbbf6e54409bfc457ef5b6a04e7a4b7bc9d1c94930b30 86812 util-linux_2.27.1-6ubuntu3.7.debian.tar.xz 21caa2bf0da88e9d049eb222e30051eb0bf40a328ce7140cf604ed660b711eef 8391 util-linux_2.27.1-6ubuntu3.7_source.buildinfo Files: 33158c3bc8d6a3f2fdda911f9330eb8c 3956 base required util-linux_2.27.1-6ubuntu3.7.dsc f120ce51a0e934223bcf718fc8ca665f 86812 base required util-linux_2.27.1-6ubuntu3.7.debian.tar.xz 253c1fe18815265bfd561973677809d6 8391 base required util-linux_2.27.1-6ubuntu3.7_source.buildinfo Original-Maintainer: Debian util-linux Maintainers -- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] linux-snapdragon 4.4.0-1113.118 (Accepted)
linux-snapdragon (4.4.0-1113.118) xenial; urgency=medium
[ Ubuntu: 4.4.0-148.174 ]
* CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
- Documentation/l1tf: Fix small spelling typo
- perf/x86/intel: Add model number for Skylake Server to perf
- perf/x86: Add model numbers for Kabylake CPUs
- perf/x86/intel: Use Intel family macros for core perf events
- perf/x86/msr: Use Intel family macros for MSR events code
- perf/x86/msr: Add missing Intel models
- SAUCE: perf/x86/{cstate,rapl,uncore}: Use Intel Model name macros
- perf/x86/msr: Add missing CPU IDs
- x86/speculation: Simplify the CPU bug detection logic
- x86/cpu: Sanitize FAM6_ATOM naming
- kvm: x86: Report STIBP on GET_SUPPORTED_CPUID
- bitops: avoid integer overflow in GENMASK(_ULL)
- locking/atomics, asm-generic: Move some macros from to a
new file
- tools include: Adopt linux/bits.h
- x86/msr-index: Cleanup bit defines
- x86/speculation: Consolidate CPU whitelists
- x86/speculation/mds: Add basic bug infrastructure for MDS
- x86/speculation/mds: Add BUG_MSBDS_ONLY
- x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests
- x86/speculation/mds: Add mds_clear_cpu_buffers()
- locking/static_keys: Provide DECLARE and well as DEFINE macros
- x86/speculation/mds: Clear CPU buffers on exit to user
- x86/kvm/vmx: Add MDS protection when L1D Flush is not active
- x86/speculation/mds: Conditionally clear CPU buffers on idle entry
- SAUCE: sched/smt: Introduce sched_smt_{active,present}
- SAUCE: Rename the Ubuntu-only spec_ctrl_mutex mutex
- SAUCE: x86/speculation: Introduce arch_smt_update()
- x86/speculation: Rework SMT state change
- x86/speculation: Reorder the spec_v2 code
- x86/speculation: Unify conditional spectre v2 print functions
- x86/speculation/mds: Add mitigation control for MDS
- x86/speculation/mds: Add sysfs reporting for MDS
- x86/speculation/mds: Add mitigation mode VMWERV
- Documentation: Move L1TF to separate directory
- Documentation: Add MDS vulnerability documentation
- x86/speculation/mds: Add mds=full,nosmt cmdline option
- x86/speculation: Move arch_smt_update() call to after mitigation decisions
- x86/speculation/mds: Add SMT warning message
- x86/speculation/mds: Fix comment
- x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
- x86/speculation/mds: Add 'mitigations=' support for MDS
* CVE-2017-5715 // CVE-2017-5753
- s390/speculation: Support 'mitigations=' cmdline option
* CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754 // CVE-2018-3639
- powerpc/speculation: Support 'mitigations=' cmdline option
* CVE-2017-5715 // CVE-2017-5754 // CVE-2018-3620 // CVE-2018-3639 //
CVE-2018-3646
- cpu/speculation: Add 'mitigations=' cmdline option
- x86/speculation: Support 'mitigations=' cmdline option
* Packaging resync (LP: #1786013)
- [Packaging] resync git-ubuntu-log
linux-snapdragon (4.4.0-1112.117) xenial; urgency=medium
* linux-snapdragon: 4.4.0-1112.117 -proposed tracker (LP: #1826030)
[ Ubuntu: 4.4.0-147.173 ]
* linux: 4.4.0-147.173 -proposed tracker (LP: #1826036)
* Packaging resync (LP: #1786013)
- [Packaging] resync git-ubuntu-log
* Xenial: Sync to upstream v4.9 (Spectre) (LP: #1820872)
- SAUCE: cpu/hotplug: Fix Documentation/kernel-parameters.txt
- SAUCE: Fix typo in Documentation/kernel-parameters.txt
- SAUCE: x86: Move hunks and sync to upstream stable 4.9
- Revert "module: Add retpoline tag to VERMAGIC"
* CVE-2017-5753
- posix-timers: Protect posix clock array access against speculation
- arm64: fix possible spectre-v1 in ptrace_hbp_get_event()
- sched/autogroup: Fix possible Spectre-v1 indexing for
sched_prio_to_weight[]
- media: dvb_ca_en50221: prevent using slot_info for Spectre attacs
- s390/keyboard: sanitize array index in do_kdsk_ioctl
- arm64: fix possible spectre-v1 write in ptrace_hbp_set_event()
- pktcdvd: Fix possible Spectre-v1 for pkt_devs
- net: socket: Fix potential spectre v1 gadget in sock_is_registered
- net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd()
- hwmon: (nct6775) Fix potential Spectre v1
- mac80211_hwsim: Fix possible Spectre-v1 for hwsim_world_regdom_custom
- nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT
- ipmi: msghandler: Fix potential Spectre v1 vulnerabilities
- powerpc/ptrace: Mitigate potential Spectre v1
- cfg80211: prevent speculation on cfg80211_classify8021d() return
- ALSA: rawmidi: Fix potential Spectre v1 vulnerability
- ALSA: seq: oss: Fix Spectre v1 vulnerability
* CVE-2019-3874
- sctp: fix the issue that a __u16 variable may overflow in sctp_ulpq_renege
- sctp: use sk_wmem_queued to check for writable space
- sctp: implement memory accounting on tx path
- sctp: implement memory accounting on rx path
* Kprobe event argument
[ubuntu/xenial-security] linux-meta-snapdragon 4.4.0.1113.105 (Accepted)
linux-meta-snapdragon (4.4.0.1113.105) xenial; urgency=medium * Bump ABI 4.4.0-1113 linux-meta-snapdragon (4.4.0.1112.104) xenial; urgency=medium * Bump ABI 4.4.0-1112 linux-meta-snapdragon (4.4.0..103) xenial; urgency=medium * Bump ABI 4.4.0- Date: 2019-05-08 17:44:54.801130+00:00 Changed-By: Stefan Bader Signed-By: Andy Whitcroft https://launchpad.net/ubuntu/+source/linux-meta-snapdragon/4.4.0.1113.105 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] linux-raspi2 4.4.0-1109.117 (Accepted)
linux-raspi2 (4.4.0-1109.117) xenial; urgency=medium
[ Ubuntu: 4.4.0-148.174 ]
* CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
- Documentation/l1tf: Fix small spelling typo
- perf/x86/intel: Add model number for Skylake Server to perf
- perf/x86: Add model numbers for Kabylake CPUs
- perf/x86/intel: Use Intel family macros for core perf events
- perf/x86/msr: Use Intel family macros for MSR events code
- perf/x86/msr: Add missing Intel models
- SAUCE: perf/x86/{cstate,rapl,uncore}: Use Intel Model name macros
- perf/x86/msr: Add missing CPU IDs
- x86/speculation: Simplify the CPU bug detection logic
- x86/cpu: Sanitize FAM6_ATOM naming
- kvm: x86: Report STIBP on GET_SUPPORTED_CPUID
- bitops: avoid integer overflow in GENMASK(_ULL)
- locking/atomics, asm-generic: Move some macros from to a
new file
- tools include: Adopt linux/bits.h
- x86/msr-index: Cleanup bit defines
- x86/speculation: Consolidate CPU whitelists
- x86/speculation/mds: Add basic bug infrastructure for MDS
- x86/speculation/mds: Add BUG_MSBDS_ONLY
- x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests
- x86/speculation/mds: Add mds_clear_cpu_buffers()
- locking/static_keys: Provide DECLARE and well as DEFINE macros
- x86/speculation/mds: Clear CPU buffers on exit to user
- x86/kvm/vmx: Add MDS protection when L1D Flush is not active
- x86/speculation/mds: Conditionally clear CPU buffers on idle entry
- SAUCE: sched/smt: Introduce sched_smt_{active,present}
- SAUCE: Rename the Ubuntu-only spec_ctrl_mutex mutex
- SAUCE: x86/speculation: Introduce arch_smt_update()
- x86/speculation: Rework SMT state change
- x86/speculation: Reorder the spec_v2 code
- x86/speculation: Unify conditional spectre v2 print functions
- x86/speculation/mds: Add mitigation control for MDS
- x86/speculation/mds: Add sysfs reporting for MDS
- x86/speculation/mds: Add mitigation mode VMWERV
- Documentation: Move L1TF to separate directory
- Documentation: Add MDS vulnerability documentation
- x86/speculation/mds: Add mds=full,nosmt cmdline option
- x86/speculation: Move arch_smt_update() call to after mitigation decisions
- x86/speculation/mds: Add SMT warning message
- x86/speculation/mds: Fix comment
- x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
- x86/speculation/mds: Add 'mitigations=' support for MDS
* CVE-2017-5715 // CVE-2017-5753
- s390/speculation: Support 'mitigations=' cmdline option
* CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754 // CVE-2018-3639
- powerpc/speculation: Support 'mitigations=' cmdline option
* CVE-2017-5715 // CVE-2017-5754 // CVE-2018-3620 // CVE-2018-3639 //
CVE-2018-3646
- cpu/speculation: Add 'mitigations=' cmdline option
- x86/speculation: Support 'mitigations=' cmdline option
* Packaging resync (LP: #1786013)
- [Packaging] resync git-ubuntu-log
linux-raspi2 (4.4.0-1108.116) xenial; urgency=medium
* linux-raspi2: 4.4.0-1108.116 -proposed tracker (LP: #1826029)
[ Ubuntu: 4.4.0-147.173 ]
* linux: 4.4.0-147.173 -proposed tracker (LP: #1826036)
* Packaging resync (LP: #1786013)
- [Packaging] resync git-ubuntu-log
* Xenial: Sync to upstream v4.9 (Spectre) (LP: #1820872)
- SAUCE: cpu/hotplug: Fix Documentation/kernel-parameters.txt
- SAUCE: Fix typo in Documentation/kernel-parameters.txt
- SAUCE: x86: Move hunks and sync to upstream stable 4.9
- Revert "module: Add retpoline tag to VERMAGIC"
* CVE-2017-5753
- posix-timers: Protect posix clock array access against speculation
- arm64: fix possible spectre-v1 in ptrace_hbp_get_event()
- sched/autogroup: Fix possible Spectre-v1 indexing for
sched_prio_to_weight[]
- media: dvb_ca_en50221: prevent using slot_info for Spectre attacs
- s390/keyboard: sanitize array index in do_kdsk_ioctl
- arm64: fix possible spectre-v1 write in ptrace_hbp_set_event()
- pktcdvd: Fix possible Spectre-v1 for pkt_devs
- net: socket: Fix potential spectre v1 gadget in sock_is_registered
- net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd()
- hwmon: (nct6775) Fix potential Spectre v1
- mac80211_hwsim: Fix possible Spectre-v1 for hwsim_world_regdom_custom
- nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT
- ipmi: msghandler: Fix potential Spectre v1 vulnerabilities
- powerpc/ptrace: Mitigate potential Spectre v1
- cfg80211: prevent speculation on cfg80211_classify8021d() return
- ALSA: rawmidi: Fix potential Spectre v1 vulnerability
- ALSA: seq: oss: Fix Spectre v1 vulnerability
* CVE-2019-3874
- sctp: fix the issue that a __u16 variable may overflow in sctp_ulpq_renege
- sctp: use sk_wmem_queued to check for writable space
- sctp: implement memory accounting on tx path
- sctp: implement memory accounting on rx path
* Kprobe event argument syntax in f
[ubuntu/xenial-security] linux-meta-raspi2 4.4.0.1109.109 (Accepted)
linux-meta-raspi2 (4.4.0.1109.109) xenial; urgency=medium * Bump ABI 4.4.0-1109 linux-meta-raspi2 (4.4.0.1108.108) xenial; urgency=medium * Bump ABI 4.4.0-1108 linux-meta-raspi2 (4.4.0.1107.107) xenial; urgency=medium * Bump ABI 4.4.0-1107 Date: 2019-05-08 17:24:08.567936+00:00 Changed-By: Stefan Bader Signed-By: Andy Whitcroft https://launchpad.net/ubuntu/+source/linux-meta-raspi2/4.4.0.1109.109 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] linux-signed-oracle 4.15.0-1013.15~16.04.1 (Accepted)
linux-signed-oracle (4.15.0-1013.15~16.04.1) xenial; urgency=medium * Master version: 4.15.0-1013.15~16.04.1 linux-signed-oracle (4.15.0-1012.14~16.04.1) xenial; urgency=medium * Master version: 4.15.0-1012.14~16.04.1 linux-signed-oracle (4.15.0-1011.13~16.04.1) xenial; urgency=medium * Master version: 4.15.0-1011.13~16.04.1 Date: 2019-05-08 15:25:52.675144+00:00 Changed-By: Stefan Bader Signed-By: Andy Whitcroft https://launchpad.net/ubuntu/+source/linux-signed-oracle/4.15.0-1013.15~16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] linux-meta-oracle 4.15.0.1013.7 (Accepted)
linux-meta-oracle (4.15.0.1013.7) xenial; urgency=medium * Bump ABI 4.15.0-1013 linux-meta-oracle (4.15.0.1012.6) xenial; urgency=medium * Bump ABI 4.15.0-1012 linux-meta-oracle (4.15.0.1011.5) xenial; urgency=medium * Bump ABI 4.15.0-1011 Date: 2019-05-08 15:25:54.051079+00:00 Changed-By: Stefan Bader Signed-By: Andy Whitcroft https://launchpad.net/ubuntu/+source/linux-meta-oracle/4.15.0.1013.7 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] linux-oracle 4.15.0-1013.15~16.04.1 (Accepted)
linux-oracle (4.15.0-1013.15~16.04.1) xenial; urgency=medium [ Ubuntu: 4.15.0-1013.15 ] * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130 - Documentation/l1tf: Fix small spelling typo - x86/cpu: Sanitize FAM6_ATOM naming - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID - locking/atomics, asm-generic: Move some macros from to a new file - tools include: Adopt linux/bits.h - x86/msr-index: Cleanup bit defines - x86/speculation: Consolidate CPU whitelists - x86/speculation/mds: Add basic bug infrastructure for MDS - x86/speculation/mds: Add BUG_MSBDS_ONLY - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests - x86/speculation/mds: Add mds_clear_cpu_buffers() - x86/speculation/mds: Clear CPU buffers on exit to user - x86/kvm/vmx: Add MDS protection when L1D Flush is not active - x86/speculation/mds: Conditionally clear CPU buffers on idle entry - x86/speculation/mds: Add mitigation control for MDS - x86/speculation/mds: Add sysfs reporting for MDS - x86/speculation/mds: Add mitigation mode VMWERV - Documentation: Move L1TF to separate directory - Documentation: Add MDS vulnerability documentation - x86/speculation/mds: Add mds=full,nosmt cmdline option - x86/speculation: Move arch_smt_update() call to after mitigation decisions - x86/speculation/mds: Add SMT warning message - x86/speculation/mds: Fix comment - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off - x86/speculation/mds: Add 'mitigations=' support for MDS * CVE-2017-5715 // CVE-2017-5753 - s390/speculation: Support 'mitigations=' cmdline option * CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754 // CVE-2018-3639 - powerpc/speculation: Support 'mitigations=' cmdline option * CVE-2017-5715 // CVE-2017-5754 // CVE-2018-3620 // CVE-2018-3639 // CVE-2018-3646 - cpu/speculation: Add 'mitigations=' cmdline option - x86/speculation: Support 'mitigations=' cmdline option * Packaging resync (LP: #1786013) - [Packaging] resync git-ubuntu-log linux-oracle (4.15.0-1012.14~16.04.1) xenial; urgency=medium * linux-oracle: 4.15.0-1012.14~16.04.1 -proposed tracker (LP: #1826346) [ Ubuntu: 4.15.0-1012.14 ] * linux-oracle: 4.15.0-1012.14 -proposed tracker (LP: #1826348) * linux-oracle: Use upstream approach to fix a race when hot adding a VF (LP: #1825229) - Revert "UBUNTU: SAUCE: net_failover: delay taking over primary device to accommodate udevd renaming" - ipvlan, l3mdev: fix broken l3s mode wrt local routes - SAUCE: failover: allow name change on IFF_UP slave interfaces * linux: 4.15.0-49.53 -proposed tracker (LP: #1826358) * Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3) (LP: #1822870) - powerpc/64s: Add support for ori barrier_nospec patching - powerpc/64s: Patch barrier_nospec in modules - powerpc/64s: Enable barrier_nospec based on firmware settings - powerpc: Use barrier_nospec in copy_from_user() - powerpc/64: Use barrier_nospec in syscall entry - powerpc/64s: Enhance the information in cpu_show_spectre_v1() - powerpc/64: Disable the speculation barrier from the command line - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific. - powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC - powerpc/64: Call setup_barrier_nospec() from setup_arch() - powerpc/64: Make meltdown reporting Book3S 64 specific - powerpc/lib/code-patching: refactor patch_instruction() - powerpc/lib/feature-fixups: use raw_patch_instruction() - powerpc/asm: Add a patch_site macro & helpers for patching instructions - powerpc/64s: Add new security feature flags for count cache flush - powerpc/64s: Add support for software count cache flush - powerpc/pseries: Query hypervisor for count cache flush settings - powerpc/powernv: Query firmware for count cache flush settings - powerpc/fsl: Add nospectre_v2 command line argument - KVM: PPC: Book3S: Add count cache flush parameters to kvmppc_get_cpu_char() - [Config] Add CONFIG_PPC_BARRIER_NOSPEC * Packaging resync (LP: #1786013) - [Packaging] resync git-ubuntu-log * autopkgtests run too often, too much and don't skip enough (LP: #1823056) - [Debian] Set +x on rebuild testcase. - [Debian] Skip rebuild test, for regression-suite deps. - [Debian] Make ubuntu-regression-suite skippable on unbootable kernels. - [Debian] make rebuild use skippable error codes when skipping. - [Debian] Only run regression-suite, if requested to. * bionic: fork out linux-snapdragon into its own topic kernel (LP: #1820868) - [Packaging] remove arm64 snapdragon from getabis - [Config] config changes for snapdragon split - packaging: arm64: disable building the snapdragon flavour - [Packaging] arm64: Drop snapdragon from kernel-versions * CVE-2017-5753 - KVM: arm/arm64: vgic: fix possible spec
[ubuntu/xenial-security] linux-meta-kvm 4.4.0.1046.46 (Accepted)
linux-meta-kvm (4.4.0.1046.46) xenial; urgency=medium * Bump ABI 4.4.0-1046 linux-meta-kvm (4.4.0.1045.45) xenial; urgency=medium * Bump ABI 4.4.0-1045 linux-meta-kvm (4.4.0.1044.44) xenial; urgency=medium * Bump ABI 4.4.0-1044 Date: 2019-05-08 16:32:08.243320+00:00 Changed-By: Stefan Bader Signed-By: Andy Whitcroft https://launchpad.net/ubuntu/+source/linux-meta-kvm/4.4.0.1046.46 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] linux-kvm 4.4.0-1046.52 (Accepted)
linux-kvm (4.4.0-1046.52) xenial; urgency=medium
[ Ubuntu: 4.4.0-148.174 ]
* CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
- Documentation/l1tf: Fix small spelling typo
- perf/x86/intel: Add model number for Skylake Server to perf
- perf/x86: Add model numbers for Kabylake CPUs
- perf/x86/intel: Use Intel family macros for core perf events
- perf/x86/msr: Use Intel family macros for MSR events code
- perf/x86/msr: Add missing Intel models
- SAUCE: perf/x86/{cstate,rapl,uncore}: Use Intel Model name macros
- perf/x86/msr: Add missing CPU IDs
- x86/speculation: Simplify the CPU bug detection logic
- x86/cpu: Sanitize FAM6_ATOM naming
- kvm: x86: Report STIBP on GET_SUPPORTED_CPUID
- bitops: avoid integer overflow in GENMASK(_ULL)
- locking/atomics, asm-generic: Move some macros from to a
new file
- tools include: Adopt linux/bits.h
- x86/msr-index: Cleanup bit defines
- x86/speculation: Consolidate CPU whitelists
- x86/speculation/mds: Add basic bug infrastructure for MDS
- x86/speculation/mds: Add BUG_MSBDS_ONLY
- x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests
- x86/speculation/mds: Add mds_clear_cpu_buffers()
- locking/static_keys: Provide DECLARE and well as DEFINE macros
- x86/speculation/mds: Clear CPU buffers on exit to user
- x86/kvm/vmx: Add MDS protection when L1D Flush is not active
- x86/speculation/mds: Conditionally clear CPU buffers on idle entry
- SAUCE: sched/smt: Introduce sched_smt_{active,present}
- SAUCE: Rename the Ubuntu-only spec_ctrl_mutex mutex
- SAUCE: x86/speculation: Introduce arch_smt_update()
- x86/speculation: Rework SMT state change
- x86/speculation: Reorder the spec_v2 code
- x86/speculation: Unify conditional spectre v2 print functions
- x86/speculation/mds: Add mitigation control for MDS
- x86/speculation/mds: Add sysfs reporting for MDS
- x86/speculation/mds: Add mitigation mode VMWERV
- Documentation: Move L1TF to separate directory
- Documentation: Add MDS vulnerability documentation
- x86/speculation/mds: Add mds=full,nosmt cmdline option
- x86/speculation: Move arch_smt_update() call to after mitigation decisions
- x86/speculation/mds: Add SMT warning message
- x86/speculation/mds: Fix comment
- x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
- x86/speculation/mds: Add 'mitigations=' support for MDS
* CVE-2017-5715 // CVE-2017-5753
- s390/speculation: Support 'mitigations=' cmdline option
* CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754 // CVE-2018-3639
- powerpc/speculation: Support 'mitigations=' cmdline option
* CVE-2017-5715 // CVE-2017-5754 // CVE-2018-3620 // CVE-2018-3639 //
CVE-2018-3646
- cpu/speculation: Add 'mitigations=' cmdline option
- x86/speculation: Support 'mitigations=' cmdline option
* Packaging resync (LP: #1786013)
- [Packaging] resync git-ubuntu-log
linux-kvm (4.4.0-1045.51) xenial; urgency=medium
* linux-kvm: 4.4.0-1045.51 -proposed tracker (LP: #1826028)
[ Ubuntu: 4.4.0-147.173 ]
* linux: 4.4.0-147.173 -proposed tracker (LP: #1826036)
* Packaging resync (LP: #1786013)
- [Packaging] resync git-ubuntu-log
* Xenial: Sync to upstream v4.9 (Spectre) (LP: #1820872)
- SAUCE: cpu/hotplug: Fix Documentation/kernel-parameters.txt
- SAUCE: Fix typo in Documentation/kernel-parameters.txt
- SAUCE: x86: Move hunks and sync to upstream stable 4.9
- Revert "module: Add retpoline tag to VERMAGIC"
* CVE-2017-5753
- posix-timers: Protect posix clock array access against speculation
- arm64: fix possible spectre-v1 in ptrace_hbp_get_event()
- sched/autogroup: Fix possible Spectre-v1 indexing for
sched_prio_to_weight[]
- media: dvb_ca_en50221: prevent using slot_info for Spectre attacs
- s390/keyboard: sanitize array index in do_kdsk_ioctl
- arm64: fix possible spectre-v1 write in ptrace_hbp_set_event()
- pktcdvd: Fix possible Spectre-v1 for pkt_devs
- net: socket: Fix potential spectre v1 gadget in sock_is_registered
- net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd()
- hwmon: (nct6775) Fix potential Spectre v1
- mac80211_hwsim: Fix possible Spectre-v1 for hwsim_world_regdom_custom
- nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT
- ipmi: msghandler: Fix potential Spectre v1 vulnerabilities
- powerpc/ptrace: Mitigate potential Spectre v1
- cfg80211: prevent speculation on cfg80211_classify8021d() return
- ALSA: rawmidi: Fix potential Spectre v1 vulnerability
- ALSA: seq: oss: Fix Spectre v1 vulnerability
* CVE-2019-3874
- sctp: fix the issue that a __u16 variable may overflow in sctp_ulpq_renege
- sctp: use sk_wmem_queued to check for writable space
- sctp: implement memory accounting on tx path
- sctp: implement memory accounting on rx path
* Kprobe event argument syntax in ftrace from u
[ubuntu/xenial-security] linux-signed-hwe 4.15.0-50.54~16.04.1 (Accepted)
linux-signed-hwe (4.15.0-50.54~16.04.1) xenial; urgency=medium * Master version: 4.15.0-50.54~16.04.1 linux-signed-hwe (4.15.0-49.52~16.04.1) xenial; urgency=medium * Master version: 4.15.0-49.52~16.04.1 linux-signed-hwe (4.15.0-48.51~16.04.1) xenial; urgency=medium * Master version: 4.15.0-48.51~16.04.1 Date: 2019-05-08 15:44:55.588377+00:00 Changed-By: Stefan Bader Signed-By: Andy Whitcroft https://launchpad.net/ubuntu/+source/linux-signed-hwe/4.15.0-50.54~16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] linux-hwe 4.15.0-50.54~16.04.1 (Accepted)
linux-hwe (4.15.0-50.54~16.04.1) xenial; urgency=medium [ Ubuntu: 4.15.0-50.54 ] * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130 - Documentation/l1tf: Fix small spelling typo - x86/cpu: Sanitize FAM6_ATOM naming - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID - locking/atomics, asm-generic: Move some macros from to a new file - tools include: Adopt linux/bits.h - x86/msr-index: Cleanup bit defines - x86/speculation: Consolidate CPU whitelists - x86/speculation/mds: Add basic bug infrastructure for MDS - x86/speculation/mds: Add BUG_MSBDS_ONLY - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests - x86/speculation/mds: Add mds_clear_cpu_buffers() - x86/speculation/mds: Clear CPU buffers on exit to user - x86/kvm/vmx: Add MDS protection when L1D Flush is not active - x86/speculation/mds: Conditionally clear CPU buffers on idle entry - x86/speculation/mds: Add mitigation control for MDS - x86/speculation/mds: Add sysfs reporting for MDS - x86/speculation/mds: Add mitigation mode VMWERV - Documentation: Move L1TF to separate directory - Documentation: Add MDS vulnerability documentation - x86/speculation/mds: Add mds=full,nosmt cmdline option - x86/speculation: Move arch_smt_update() call to after mitigation decisions - x86/speculation/mds: Add SMT warning message - x86/speculation/mds: Fix comment - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off - x86/speculation/mds: Add 'mitigations=' support for MDS * CVE-2017-5715 // CVE-2017-5753 - s390/speculation: Support 'mitigations=' cmdline option * CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754 // CVE-2018-3639 - powerpc/speculation: Support 'mitigations=' cmdline option * CVE-2017-5715 // CVE-2017-5754 // CVE-2018-3620 // CVE-2018-3639 // CVE-2018-3646 - cpu/speculation: Add 'mitigations=' cmdline option - x86/speculation: Support 'mitigations=' cmdline option * Packaging resync (LP: #1786013) - [Packaging] resync git-ubuntu-log [ Ubuntu: 4.15.0-49.53 ] * linux: 4.15.0-49.53 -proposed tracker (LP: #1826358) * bionic: fork out linux-snapdragon into its own topic kernel (LP: #1820868) - [Packaging] arm64: Drop snapdragon from kernel-versions linux-hwe (4.15.0-49.52~16.04.1) xenial; urgency=medium * linux-hwe: 4.15.0-49.52~16.04.1 -proposed tracker (LP: #1826357) [ Ubuntu: 4.15.0-49.52 ] * linux: 4.15.0-49.52 -proposed tracker (LP: #1826358) * Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3) (LP: #1822870) - powerpc/64s: Add support for ori barrier_nospec patching - powerpc/64s: Patch barrier_nospec in modules - powerpc/64s: Enable barrier_nospec based on firmware settings - powerpc: Use barrier_nospec in copy_from_user() - powerpc/64: Use barrier_nospec in syscall entry - powerpc/64s: Enhance the information in cpu_show_spectre_v1() - powerpc/64: Disable the speculation barrier from the command line - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific. - powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC - powerpc/64: Call setup_barrier_nospec() from setup_arch() - powerpc/64: Make meltdown reporting Book3S 64 specific - powerpc/lib/code-patching: refactor patch_instruction() - powerpc/lib/feature-fixups: use raw_patch_instruction() - powerpc/asm: Add a patch_site macro & helpers for patching instructions - powerpc/64s: Add new security feature flags for count cache flush - powerpc/64s: Add support for software count cache flush - powerpc/pseries: Query hypervisor for count cache flush settings - powerpc/powernv: Query firmware for count cache flush settings - powerpc/fsl: Add nospectre_v2 command line argument - KVM: PPC: Book3S: Add count cache flush parameters to kvmppc_get_cpu_char() - [Config] Add CONFIG_PPC_BARRIER_NOSPEC * Packaging resync (LP: #1786013) - [Packaging] resync git-ubuntu-log * autopkgtests run too often, too much and don't skip enough (LP: #1823056) - [Debian] Set +x on rebuild testcase. - [Debian] Skip rebuild test, for regression-suite deps. - [Debian] Make ubuntu-regression-suite skippable on unbootable kernels. - [Debian] make rebuild use skippable error codes when skipping. - [Debian] Only run regression-suite, if requested to. * bionic: fork out linux-snapdragon into its own topic kernel (LP: #1820868) - [Packaging] remove arm64 snapdragon from getabis - [Config] config changes for snapdragon split - packaging: arm64: disable building the snapdragon flavour * CVE-2017-5753 - KVM: arm/arm64: vgic: fix possible spectre-v1 in vgic_get_irq() - media: dvb_ca_en50221: prevent using slot_info for Spectre attacs - sysvipc/sem: mitigate semnum index against spectre v1 - libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store() - s390/keyboard: sani
[ubuntu/xenial-security] linux-meta-hwe 4.15.0.50.71 (Accepted)
linux-meta-hwe (4.15.0.50.71) xenial; urgency=medium * Bump ABI 4.15.0-50 linux-meta-hwe (4.15.0.49.70) xenial; urgency=medium * Bump ABI 4.15.0-49 linux-meta-hwe (4.15.0.48.69) xenial; urgency=medium * Bump ABI 4.15.0-48 Date: 2019-05-08 15:44:57.207873+00:00 Changed-By: Stefan Bader Signed-By: Andy Whitcroft https://launchpad.net/ubuntu/+source/linux-meta-hwe/4.15.0.50.71 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] linux-meta-hwe-edge 4.15.0.50.69 (Accepted)
linux-meta-hwe-edge (4.15.0.50.69) xenial; urgency=medium * Bump ABI 4.15.0-50 linux-meta-hwe-edge (4.15.0.49.68) xenial; urgency=medium * Bump ABI 4.15.0-49 linux-meta-hwe-edge (4.15.0.48.67) xenial; urgency=medium * Bump ABI 4.15.0-48 Date: 2019-05-08 15:48:15.898887+00:00 Changed-By: Stefan Bader Signed-By: Andy Whitcroft https://launchpad.net/ubuntu/+source/linux-meta-hwe-edge/4.15.0.50.69 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] linux-meta-gcp 4.15.0.1032.46 (Accepted)
linux-meta-gcp (4.15.0.1032.46) xenial; urgency=medium * Bump ABI 4.15.0-1032 linux-meta-gcp (4.15.0.1031.45) xenial; urgency=medium * Bump ABI 4.15.0-1031 linux-meta-gcp (4.15.0.1030.44) xenial; urgency=medium * Bump ABI 4.15.0-1030 Date: 2019-05-08 13:11:40.254873+00:00 Changed-By: Stefan Bader Signed-By: Andy Whitcroft https://launchpad.net/ubuntu/+source/linux-meta-gcp/4.15.0.1032.46 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] linux-signed-gcp 4.15.0-1032.34~16.04.1 (Accepted)
linux-signed-gcp (4.15.0-1032.34~16.04.1) xenial; urgency=medium * Master version: 4.15.0-1032.34~16.04.1 linux-signed-gcp (4.15.0-1031.33~16.04.1) xenial; urgency=medium * Master version: 4.15.0-1031.33~16.04.1 linux-signed-gcp (4.15.0-1030.32~16.04.1) xenial; urgency=medium * Master version: 4.15.0-1030.32~16.04.1 Date: 2019-05-08 13:11:37.712324+00:00 Changed-By: Stefan Bader Signed-By: Andy Whitcroft https://launchpad.net/ubuntu/+source/linux-signed-gcp/4.15.0-1032.34~16.04.1 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] linux-gcp 4.15.0-1032.34~16.04.1 (Accepted)
linux-gcp (4.15.0-1032.34~16.04.1) xenial; urgency=medium [ Ubuntu: 4.15.0-1032.34 ] * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130 - Documentation/l1tf: Fix small spelling typo - x86/cpu: Sanitize FAM6_ATOM naming - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID - locking/atomics, asm-generic: Move some macros from to a new file - tools include: Adopt linux/bits.h - x86/msr-index: Cleanup bit defines - x86/speculation: Consolidate CPU whitelists - x86/speculation/mds: Add basic bug infrastructure for MDS - x86/speculation/mds: Add BUG_MSBDS_ONLY - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests - x86/speculation/mds: Add mds_clear_cpu_buffers() - x86/speculation/mds: Clear CPU buffers on exit to user - x86/kvm/vmx: Add MDS protection when L1D Flush is not active - x86/speculation/mds: Conditionally clear CPU buffers on idle entry - x86/speculation/mds: Add mitigation control for MDS - x86/speculation/mds: Add sysfs reporting for MDS - x86/speculation/mds: Add mitigation mode VMWERV - Documentation: Move L1TF to separate directory - Documentation: Add MDS vulnerability documentation - x86/speculation/mds: Add mds=full,nosmt cmdline option - x86/speculation: Move arch_smt_update() call to after mitigation decisions - x86/speculation/mds: Add SMT warning message - x86/speculation/mds: Fix comment - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off - x86/speculation/mds: Add 'mitigations=' support for MDS * CVE-2017-5715 // CVE-2017-5753 - s390/speculation: Support 'mitigations=' cmdline option * CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754 // CVE-2018-3639 - powerpc/speculation: Support 'mitigations=' cmdline option * CVE-2017-5715 // CVE-2017-5754 // CVE-2018-3620 // CVE-2018-3639 // CVE-2018-3646 - cpu/speculation: Add 'mitigations=' cmdline option - x86/speculation: Support 'mitigations=' cmdline option * Packaging resync (LP: #1786013) - [Packaging] resync git-ubuntu-log * linux: 4.15.0-49.53 -proposed tracker (LP: #1826358) * bionic: fork out linux-snapdragon into its own topic kernel (LP: #1820868) - [Packaging] arm64: Drop snapdragon from kernel-versions linux-gcp (4.15.0-1031.33~16.04.1) xenial; urgency=medium * linux-gcp: 4.15.0-1031.33~16.04.1 -proposed tracker (LP: #1826339) [ Ubuntu: 4.15.0-1031.33 ] * linux-gcp: 4.15.0-1031.33 -proposed tracker (LP: #1826340) * linux: 4.15.0-49.52 -proposed tracker (LP: #1826358) * Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3) (LP: #1822870) - powerpc/64s: Add support for ori barrier_nospec patching - powerpc/64s: Patch barrier_nospec in modules - powerpc/64s: Enable barrier_nospec based on firmware settings - powerpc: Use barrier_nospec in copy_from_user() - powerpc/64: Use barrier_nospec in syscall entry - powerpc/64s: Enhance the information in cpu_show_spectre_v1() - powerpc/64: Disable the speculation barrier from the command line - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific. - powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC - powerpc/64: Call setup_barrier_nospec() from setup_arch() - powerpc/64: Make meltdown reporting Book3S 64 specific - powerpc/lib/code-patching: refactor patch_instruction() - powerpc/lib/feature-fixups: use raw_patch_instruction() - powerpc/asm: Add a patch_site macro & helpers for patching instructions - powerpc/64s: Add new security feature flags for count cache flush - powerpc/64s: Add support for software count cache flush - powerpc/pseries: Query hypervisor for count cache flush settings - powerpc/powernv: Query firmware for count cache flush settings - powerpc/fsl: Add nospectre_v2 command line argument - KVM: PPC: Book3S: Add count cache flush parameters to kvmppc_get_cpu_char() - [Config] Add CONFIG_PPC_BARRIER_NOSPEC * Packaging resync (LP: #1786013) - [Packaging] resync git-ubuntu-log * autopkgtests run too often, too much and don't skip enough (LP: #1823056) - [Debian] Set +x on rebuild testcase. - [Debian] Skip rebuild test, for regression-suite deps. - [Debian] Make ubuntu-regression-suite skippable on unbootable kernels. - [Debian] make rebuild use skippable error codes when skipping. - [Debian] Only run regression-suite, if requested to. * bionic: fork out linux-snapdragon into its own topic kernel (LP: #1820868) - [Packaging] remove arm64 snapdragon from getabis - [Config] config changes for snapdragon split - packaging: arm64: disable building the snapdragon flavour * CVE-2017-5753 - KVM: arm/arm64: vgic: fix possible spectre-v1 in vgic_get_irq() - media: dvb_ca_en50221: prevent using slot_info for Spectre attacs - sysvipc/sem: mitigate semnum index against spectre v1 - libahci: Fix possible Spectre-v1 pmp indexing i
[ubuntu/xenial-security] linux-signed-azure 4.15.0-1045.49 (Accepted)
linux-signed-azure (4.15.0-1045.49) xenial; urgency=medium * Master version: 4.15.0-1045.49 linux-signed-azure (4.15.0-1044.48) xenial; urgency=medium * Master version: 4.15.0-1044.48 linux-signed-azure (4.15.0-1043.47) xenial; urgency=medium * Master version: 4.15.0-1043.47 linux-signed-azure (4.15.0-1042.46) xenial; urgency=medium * Master version: 4.15.0-1042.46 Date: 2019-05-13 16:26:56.917710+00:00 Changed-By: Stefan Bader Signed-By: Andy Whitcroft https://launchpad.net/ubuntu/+source/linux-signed-azure/4.15.0-1045.49 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] linux-meta-azure 4.15.0.1045.49 (Accepted)
linux-meta-azure (4.15.0.1045.49) xenial; urgency=medium * Bump ABI 4.15.0-1045 linux-meta-azure (4.15.0.1044.48) xenial; urgency=medium * Bump ABI 4.15.0-1044 linux-meta-azure (4.15.0.1043.47) xenial; urgency=medium * Bump ABI 4.15.0-1043 linux-meta-azure (4.15.0.1042.46) xenial; urgency=medium * Bump ABI 4.15.0-1042 Date: 2019-05-13 16:26:58.638878+00:00 Changed-By: Stefan Bader Signed-By: Andy Whitcroft https://launchpad.net/ubuntu/+source/linux-meta-azure/4.15.0.1045.49 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] linux-azure 4.15.0-1045.49 (Accepted)
linux-azure (4.15.0-1045.49) xenial; urgency=medium * [linux-azure] Storage performance drop on RAID (LP: #1828248) - Revert "blk-mq: remove the request_list usage" [ Ubuntu: 4.15.0-50.54 ] * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130 - Documentation/l1tf: Fix small spelling typo - x86/cpu: Sanitize FAM6_ATOM naming - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID - locking/atomics, asm-generic: Move some macros from to a new file - tools include: Adopt linux/bits.h - x86/msr-index: Cleanup bit defines - x86/speculation: Consolidate CPU whitelists - x86/speculation/mds: Add basic bug infrastructure for MDS - x86/speculation/mds: Add BUG_MSBDS_ONLY - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests - x86/speculation/mds: Add mds_clear_cpu_buffers() - x86/speculation/mds: Clear CPU buffers on exit to user - x86/kvm/vmx: Add MDS protection when L1D Flush is not active - x86/speculation/mds: Conditionally clear CPU buffers on idle entry - x86/speculation/mds: Add mitigation control for MDS - x86/speculation/mds: Add sysfs reporting for MDS - x86/speculation/mds: Add mitigation mode VMWERV - Documentation: Move L1TF to separate directory - Documentation: Add MDS vulnerability documentation - x86/speculation/mds: Add mds=full,nosmt cmdline option - x86/speculation: Move arch_smt_update() call to after mitigation decisions - x86/speculation/mds: Add SMT warning message - x86/speculation/mds: Fix comment - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off - x86/speculation/mds: Add 'mitigations=' support for MDS * CVE-2017-5715 // CVE-2017-5753 - s390/speculation: Support 'mitigations=' cmdline option * CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754 // CVE-2018-3639 - powerpc/speculation: Support 'mitigations=' cmdline option * CVE-2017-5715 // CVE-2017-5754 // CVE-2018-3620 // CVE-2018-3639 // CVE-2018-3646 - cpu/speculation: Add 'mitigations=' cmdline option - x86/speculation: Support 'mitigations=' cmdline option * Packaging resync (LP: #1786013) - [Packaging] resync git-ubuntu-log linux-azure (4.15.0-1044.48) xenial; urgency=medium * linux-azure: 4.15.0-1044.48 -proposed tracker (LP: #1826354) * [linux-azure] Include mainline commits fc96df16a1ce and ba50bf1ce9a5 in Azure kernel (LP: #1821378) - Drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels - Drivers: hv: vmbus: Check for ring when getting debug info * [linux-azure] Commit To Improve NVMe Performance (LP: #1819689) - blk-mq: remove the request_list usage [ Ubuntu: 4.15.0-49.53 ] * linux: 4.15.0-49.53 -proposed tracker (LP: #1826358) * Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3) (LP: #1822870) - powerpc/64s: Add support for ori barrier_nospec patching - powerpc/64s: Patch barrier_nospec in modules - powerpc/64s: Enable barrier_nospec based on firmware settings - powerpc: Use barrier_nospec in copy_from_user() - powerpc/64: Use barrier_nospec in syscall entry - powerpc/64s: Enhance the information in cpu_show_spectre_v1() - powerpc/64: Disable the speculation barrier from the command line - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific. - powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC - powerpc/64: Call setup_barrier_nospec() from setup_arch() - powerpc/64: Make meltdown reporting Book3S 64 specific - powerpc/lib/code-patching: refactor patch_instruction() - powerpc/lib/feature-fixups: use raw_patch_instruction() - powerpc/asm: Add a patch_site macro & helpers for patching instructions - powerpc/64s: Add new security feature flags for count cache flush - powerpc/64s: Add support for software count cache flush - powerpc/pseries: Query hypervisor for count cache flush settings - powerpc/powernv: Query firmware for count cache flush settings - powerpc/fsl: Add nospectre_v2 command line argument - KVM: PPC: Book3S: Add count cache flush parameters to kvmppc_get_cpu_char() - [Config] Add CONFIG_PPC_BARRIER_NOSPEC * Packaging resync (LP: #1786013) - [Packaging] resync git-ubuntu-log * autopkgtests run too often, too much and don't skip enough (LP: #1823056) - [Debian] Set +x on rebuild testcase. - [Debian] Skip rebuild test, for regression-suite deps. - [Debian] Make ubuntu-regression-suite skippable on unbootable kernels. - [Debian] make rebuild use skippable error codes when skipping. - [Debian] Only run regression-suite, if requested to. * bionic: fork out linux-snapdragon into its own topic kernel (LP: #1820868) - [Packaging] remove arm64 snapdragon from getabis - [Config] config changes for snapdragon split - packaging: arm64: disable building the snapdragon flavour - [Packaging] arm64: Drop snapdragon from kernel-versions * CV
[ubuntu/xenial-security] linux-meta-aws-hwe 4.15.0.1039.39 (Accepted)
linux-meta-aws-hwe (4.15.0.1039.39) xenial; urgency=medium * Bump ABI 4.15.0-1039 linux-meta-aws-hwe (4.15.0.1038.38) xenial; urgency=medium * Bump ABI 4.15.0-1038 linux-meta-aws-hwe (4.15.0.1037.37) xenial; urgency=medium * Bump ABI 4.15.0-1037 linux-meta-aws-hwe (4.15.0.1036.36) xenial; urgency=medium * Bump ABI 4.15.0-1036 Date: 2019-05-08 12:41:55.839631+00:00 Changed-By: Stefan Bader Signed-By: Andy Whitcroft https://launchpad.net/ubuntu/+source/linux-meta-aws-hwe/4.15.0.1039.39 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] linux-meta-azure-edge 4.15.0.1045.28 (Accepted)
linux-meta-azure-edge (4.15.0.1045.28) xenial; urgency=medium * Bump ABI 4.15.0-1045 linux-meta-azure-edge (4.15.0.1044.27) xenial; urgency=medium * Bump ABI 4.15.0-1044 linux-meta-azure-edge (4.15.0.1042.26) xenial; urgency=medium * Bump ABI 4.15.0-1042 Date: 2019-05-13 17:46:14.336672+00:00 Changed-By: Stefan Bader Signed-By: Andy Whitcroft https://launchpad.net/ubuntu/+source/linux-meta-azure-edge/4.15.0.1045.28 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] linux-meta-aws 4.4.0.1083.86 (Accepted)
linux-meta-aws (4.4.0.1083.86) xenial; urgency=medium * Bump ABI 4.4.0-1083 linux-meta-aws (4.4.0.1082.85) xenial; urgency=medium * Bump ABI 4.4.0-1082 linux-meta-aws (4.4.0.1081.84) xenial; urgency=medium * Bump ABI 4.4.0-1081 linux-meta-aws (4.4.0.1080.83) xenial; urgency=medium * Bump ABI 4.4.0-1080 Date: 2019-05-08 16:01:09.167197+00:00 Changed-By: Stefan Bader Signed-By: Andy Whitcroft https://launchpad.net/ubuntu/+source/linux-meta-aws/4.4.0.1083.86 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] linux-aws 4.4.0-1083.93 (Accepted)
linux-aws (4.4.0-1083.93) xenial; urgency=medium
[ Ubuntu: 4.4.0-148.174 ]
* CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
- Documentation/l1tf: Fix small spelling typo
- perf/x86/intel: Add model number for Skylake Server to perf
- perf/x86: Add model numbers for Kabylake CPUs
- perf/x86/intel: Use Intel family macros for core perf events
- perf/x86/msr: Use Intel family macros for MSR events code
- perf/x86/msr: Add missing Intel models
- SAUCE: perf/x86/{cstate,rapl,uncore}: Use Intel Model name macros
- perf/x86/msr: Add missing CPU IDs
- x86/speculation: Simplify the CPU bug detection logic
- x86/cpu: Sanitize FAM6_ATOM naming
- kvm: x86: Report STIBP on GET_SUPPORTED_CPUID
- bitops: avoid integer overflow in GENMASK(_ULL)
- locking/atomics, asm-generic: Move some macros from to a
new file
- tools include: Adopt linux/bits.h
- x86/msr-index: Cleanup bit defines
- x86/speculation: Consolidate CPU whitelists
- x86/speculation/mds: Add basic bug infrastructure for MDS
- x86/speculation/mds: Add BUG_MSBDS_ONLY
- x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests
- x86/speculation/mds: Add mds_clear_cpu_buffers()
- locking/static_keys: Provide DECLARE and well as DEFINE macros
- x86/speculation/mds: Clear CPU buffers on exit to user
- x86/kvm/vmx: Add MDS protection when L1D Flush is not active
- x86/speculation/mds: Conditionally clear CPU buffers on idle entry
- SAUCE: sched/smt: Introduce sched_smt_{active,present}
- SAUCE: Rename the Ubuntu-only spec_ctrl_mutex mutex
- SAUCE: x86/speculation: Introduce arch_smt_update()
- x86/speculation: Rework SMT state change
- x86/speculation: Reorder the spec_v2 code
- x86/speculation: Unify conditional spectre v2 print functions
- x86/speculation/mds: Add mitigation control for MDS
- x86/speculation/mds: Add sysfs reporting for MDS
- x86/speculation/mds: Add mitigation mode VMWERV
- Documentation: Move L1TF to separate directory
- Documentation: Add MDS vulnerability documentation
- x86/speculation/mds: Add mds=full,nosmt cmdline option
- x86/speculation: Move arch_smt_update() call to after mitigation decisions
- x86/speculation/mds: Add SMT warning message
- x86/speculation/mds: Fix comment
- x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
- x86/speculation/mds: Add 'mitigations=' support for MDS
* CVE-2017-5715 // CVE-2017-5753
- s390/speculation: Support 'mitigations=' cmdline option
* CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754 // CVE-2018-3639
- powerpc/speculation: Support 'mitigations=' cmdline option
* CVE-2017-5715 // CVE-2017-5754 // CVE-2018-3620 // CVE-2018-3639 //
CVE-2018-3646
- cpu/speculation: Add 'mitigations=' cmdline option
- x86/speculation: Support 'mitigations=' cmdline option
* Packaging resync (LP: #1786013)
- [Packaging] resync git-ubuntu-log
linux-aws (4.4.0-1082.92) xenial; urgency=medium
* linux-aws: 4.4.0-1082.92 -proposed tracker (LP: #1826024)
* Packaging resync (LP: #1786013)
- [Packaging] resync git-ubuntu-log
* Please ship modules nvme, nvmem_core as built-in (LP: #1823045)
- aws: [Config] make CONFIG_BLK_DEV_NVME, NVMEM builtin
[ Ubuntu: 4.4.0-147.173 ]
* linux: 4.4.0-147.173 -proposed tracker (LP: #1826036)
* Packaging resync (LP: #1786013)
- [Packaging] resync git-ubuntu-log
* Xenial: Sync to upstream v4.9 (Spectre) (LP: #1820872)
- SAUCE: cpu/hotplug: Fix Documentation/kernel-parameters.txt
- SAUCE: Fix typo in Documentation/kernel-parameters.txt
- SAUCE: x86: Move hunks and sync to upstream stable 4.9
- Revert "module: Add retpoline tag to VERMAGIC"
* CVE-2017-5753
- posix-timers: Protect posix clock array access against speculation
- arm64: fix possible spectre-v1 in ptrace_hbp_get_event()
- sched/autogroup: Fix possible Spectre-v1 indexing for
sched_prio_to_weight[]
- media: dvb_ca_en50221: prevent using slot_info for Spectre attacs
- s390/keyboard: sanitize array index in do_kdsk_ioctl
- arm64: fix possible spectre-v1 write in ptrace_hbp_set_event()
- pktcdvd: Fix possible Spectre-v1 for pkt_devs
- net: socket: Fix potential spectre v1 gadget in sock_is_registered
- net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd()
- hwmon: (nct6775) Fix potential Spectre v1
- mac80211_hwsim: Fix possible Spectre-v1 for hwsim_world_regdom_custom
- nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT
- ipmi: msghandler: Fix potential Spectre v1 vulnerabilities
- powerpc/ptrace: Mitigate potential Spectre v1
- cfg80211: prevent speculation on cfg80211_classify8021d() return
- ALSA: rawmidi: Fix potential Spectre v1 vulnerability
- ALSA: seq: oss: Fix Spectre v1 vulnerability
* CVE-2019-3874
- sctp: fix the issue that a __u16 variable may overflow in sctp_ulpq_renege
[ubuntu/xenial-security] linux-aws-hwe 4.15.0-1039.41~16.04.1 (Accepted)
linux-aws-hwe (4.15.0-1039.41~16.04.1) xenial; urgency=medium [ Ubuntu: 4.15.0-1039.41 ] * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130 - Documentation/l1tf: Fix small spelling typo - x86/cpu: Sanitize FAM6_ATOM naming - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID - locking/atomics, asm-generic: Move some macros from to a new file - tools include: Adopt linux/bits.h - x86/msr-index: Cleanup bit defines - x86/speculation: Consolidate CPU whitelists - x86/speculation/mds: Add basic bug infrastructure for MDS - x86/speculation/mds: Add BUG_MSBDS_ONLY - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests - x86/speculation/mds: Add mds_clear_cpu_buffers() - x86/speculation/mds: Clear CPU buffers on exit to user - x86/kvm/vmx: Add MDS protection when L1D Flush is not active - x86/speculation/mds: Conditionally clear CPU buffers on idle entry - x86/speculation/mds: Add mitigation control for MDS - x86/speculation/mds: Add sysfs reporting for MDS - x86/speculation/mds: Add mitigation mode VMWERV - Documentation: Move L1TF to separate directory - Documentation: Add MDS vulnerability documentation - x86/speculation/mds: Add mds=full,nosmt cmdline option - x86/speculation: Move arch_smt_update() call to after mitigation decisions - x86/speculation/mds: Add SMT warning message - x86/speculation/mds: Fix comment - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off - x86/speculation/mds: Add 'mitigations=' support for MDS * CVE-2017-5715 // CVE-2017-5753 - s390/speculation: Support 'mitigations=' cmdline option * CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754 // CVE-2018-3639 - powerpc/speculation: Support 'mitigations=' cmdline option * CVE-2017-5715 // CVE-2017-5754 // CVE-2018-3620 // CVE-2018-3639 // CVE-2018-3646 - cpu/speculation: Add 'mitigations=' cmdline option - x86/speculation: Support 'mitigations=' cmdline option * Packaging resync (LP: #1786013) - [Packaging] resync git-ubuntu-log linux-aws-hwe (4.15.0-1038.40~16.04.1) xenial; urgency=medium * linux-aws-hwe: 4.15.0-1038.40~16.04.1 -proposed tracker (LP: #1826337) [ Ubuntu: 4.15.0-1038.40 ] * linux-aws: 4.15.0-1038.40 -proposed tracker (LP: #1826338) * Packaging resync (LP: #1786013) - [Packaging] resync git-ubuntu-log * linux: 4.15.0-49.53 -proposed tracker (LP: #1826358) * Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3) (LP: #1822870) - powerpc/64s: Add support for ori barrier_nospec patching - powerpc/64s: Patch barrier_nospec in modules - powerpc/64s: Enable barrier_nospec based on firmware settings - powerpc: Use barrier_nospec in copy_from_user() - powerpc/64: Use barrier_nospec in syscall entry - powerpc/64s: Enhance the information in cpu_show_spectre_v1() - powerpc/64: Disable the speculation barrier from the command line - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific. - powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC - powerpc/64: Call setup_barrier_nospec() from setup_arch() - powerpc/64: Make meltdown reporting Book3S 64 specific - powerpc/lib/code-patching: refactor patch_instruction() - powerpc/lib/feature-fixups: use raw_patch_instruction() - powerpc/asm: Add a patch_site macro & helpers for patching instructions - powerpc/64s: Add new security feature flags for count cache flush - powerpc/64s: Add support for software count cache flush - powerpc/pseries: Query hypervisor for count cache flush settings - powerpc/powernv: Query firmware for count cache flush settings - powerpc/fsl: Add nospectre_v2 command line argument - KVM: PPC: Book3S: Add count cache flush parameters to kvmppc_get_cpu_char() - [Config] Add CONFIG_PPC_BARRIER_NOSPEC * Packaging resync (LP: #1786013) - [Packaging] resync git-ubuntu-log * autopkgtests run too often, too much and don't skip enough (LP: #1823056) - [Debian] Set +x on rebuild testcase. - [Debian] Skip rebuild test, for regression-suite deps. - [Debian] Make ubuntu-regression-suite skippable on unbootable kernels. - [Debian] make rebuild use skippable error codes when skipping. - [Debian] Only run regression-suite, if requested to. * bionic: fork out linux-snapdragon into its own topic kernel (LP: #1820868) - [Packaging] remove arm64 snapdragon from getabis - [Config] config changes for snapdragon split - packaging: arm64: disable building the snapdragon flavour - [Packaging] arm64: Drop snapdragon from kernel-versions * CVE-2017-5753 - KVM: arm/arm64: vgic: fix possible spectre-v1 in vgic_get_irq() - media: dvb_ca_en50221: prevent using slot_info for Spectre attacs - sysvipc/sem: mitigate semnum index against spectre v1 - libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store() - s390/keyboard: sanitize
[ubuntu/xenial-proposed] cloud-init 19.1-1-gbaa47854-0ubuntu1~16.04.1 (Accepted)
cloud-init (19.1-1-gbaa47854-0ubuntu1~16.04.1) xenial; urgency=medium * debian/patches/ubuntu-advantage-revert-tip.patch Revert ubuntu-advantage config module changes until ubuntu-advantage-tools 19.1 publishes to Xenial (LP: #1828641) * refresh patches: + debian/patches/azure-apply-network-config-false.patch + debian/patches/azure-use-walinux-agent.patch + debian/patches/ec2-classic-dont-reapply-networking.patch * refresh patches: + debian/patches/azure-apply-network-config-false.patch + debian/patches/azure-use-walinux-agent.patch * New upstream snapshot. (LP: #1828637) - Azure: Return static fallback address as if failed to find endpoint [Jason Zions (MSFT)] - release 19.1 - freebsd: add chpasswd pkg in the image [Gonéri Le Bouder] - tests: add Eoan release [Paride Legovini] - cc_mounts: check if mount -a on no-change fstab path [Jason Zions (MSFT)] - replace remaining occurrences of LOG.warn - DataSourceAzure: Adjust timeout for polling IMDS [Anh Vo] - Azure: Changes to the Hyper-V KVP Reporter [Anh Vo] - git tests: no longer show warning about safe yaml. [Scott Moser] - tools/read-version: handle errors [Chad Miller] - net/sysconfig: only indicate available on known sysconfig distros - packages: update rpm specs for new bash completion path - test_azure: mock util.SeLinuxGuard where needed [Jason Zions (MSFT)] - setup.py: install bash completion script in new location - mount_cb: do not pass sync and rw options to mount [Gonéri Le Bouder] - cc_apt_configure: fix typo in apt documentation [Dominic Schlegel] - Revert "DataSource: move update_events from a class to an instance..." - Change DataSourceNoCloud to ignore file system label's case. [Risto Oikarinen] - cmd:main.py: Fix missing 'modules-init' key in modes dict [Antonio Romito] - ubuntu_advantage: rewrite cloud-config module - Azure: Treat _unset network configuration as if it were absent [Jason Zions (MSFT)] - DatasourceAzure: add additional logging for azure datasource [Anh Vo] - cloud_tests: fix apt_pipelining test-cases - Azure: Ensure platform random_seed is always serializable as JSON. [Jason Zions (MSFT)] - net/sysconfig: write out SUSE-compatible IPv6 config [Robert Schweikert] - tox: Update testenv for openSUSE Leap to 15.0 [Thomas Bechtold] - net: Fix ipv6 static routes when using eni renderer [Raphael Glon] - Add ubuntu_drivers config module - doc: Refresh Azure walinuxagent docs - tox: bump pylint version to latest (2.3.1) - DataSource: move update_events from a class to an instance attribute - net/sysconfig: Handle default route setup for dhcp configured NICs [Robert Schweikert] - DataSourceEc2: update RELEASE_BLOCKER to be more accurate Date: Fri, 10 May 2019 16:26:48 -0600 Changed-By: Chad Smith Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/+source/cloud-init/19.1-1-gbaa47854-0ubuntu1~16.04.1 Format: 1.8 Date: Fri, 10 May 2019 16:26:48 -0600 Source: cloud-init Architecture: source Version: 19.1-1-gbaa47854-0ubuntu1~16.04.1 Distribution: xenial Urgency: medium Maintainer: Ubuntu Developers Changed-By: Chad Smith Launchpad-Bugs-Fixed: 1828637 1828641 Changes: cloud-init (19.1-1-gbaa47854-0ubuntu1~16.04.1) xenial; urgency=medium . * debian/patches/ubuntu-advantage-revert-tip.patch Revert ubuntu-advantage config module changes until ubuntu-advantage-tools 19.1 publishes to Xenial (LP: #1828641) * refresh patches: + debian/patches/azure-apply-network-config-false.patch + debian/patches/azure-use-walinux-agent.patch + debian/patches/ec2-classic-dont-reapply-networking.patch * refresh patches: + debian/patches/azure-apply-network-config-false.patch + debian/patches/azure-use-walinux-agent.patch * New upstream snapshot. (LP: #1828637) - Azure: Return static fallback address as if failed to find endpoint [Jason Zions (MSFT)] - release 19.1 - freebsd: add chpasswd pkg in the image [Gonéri Le Bouder] - tests: add Eoan release [Paride Legovini] - cc_mounts: check if mount -a on no-change fstab path [Jason Zions (MSFT)] - replace remaining occurrences of LOG.warn - DataSourceAzure: Adjust timeout for polling IMDS [Anh Vo] - Azure: Changes to the Hyper-V KVP Reporter [Anh Vo] - git tests: no longer show warning about safe yaml. [Scott Moser] - tools/read-version: handle errors [Chad Miller] - net/sysconfig: only indicate available on known sysconfig distros - packages: update rpm specs for new bash completion path - test_azure: mock util.SeLinuxGuard where needed [Jason Zions (MSFT)] - setup.py: install bash completion script in new location - mount_cb: do not pass sync and rw options to mount [Gonéri Le Bouder] - cc_apt_configure: fix typo in apt documentation [Dominic Schlegel] - Revert "DataSour
[ubuntu/xenial-updates] libvirt 1.3.1-1ubuntu10.26 (Accepted)
libvirt (1.3.1-1ubuntu10.26) xenial-security; urgency=medium * SECURITY UPDATE: Add support for md-clear functionality - debian/patches/md-clear.patch: Define md-clear CPUID bit in src/cpu/cpu_map.xml. - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 Date: 2019-05-14 19:26:51.728875+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/libvirt/1.3.1-1ubuntu10.26 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] libvirt 1.3.1-1ubuntu10.26 (Accepted)
libvirt (1.3.1-1ubuntu10.26) xenial-security; urgency=medium * SECURITY UPDATE: Add support for md-clear functionality - debian/patches/md-clear.patch: Define md-clear CPUID bit in src/cpu/cpu_map.xml. - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 Date: 2019-05-14 19:26:51.728875+00:00 Changed-By: Marc Deslauriers https://launchpad.net/ubuntu/+source/libvirt/1.3.1-1ubuntu10.26 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] linux 4.4.0-148.174 (Accepted)
linux (4.4.0-148.174) xenial; urgency=medium
* CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
- Documentation/l1tf: Fix small spelling typo
- perf/x86/intel: Add model number for Skylake Server to perf
- perf/x86: Add model numbers for Kabylake CPUs
- perf/x86/intel: Use Intel family macros for core perf events
- perf/x86/msr: Use Intel family macros for MSR events code
- perf/x86/msr: Add missing Intel models
- SAUCE: perf/x86/{cstate,rapl,uncore}: Use Intel Model name macros
- perf/x86/msr: Add missing CPU IDs
- x86/speculation: Simplify the CPU bug detection logic
- x86/cpu: Sanitize FAM6_ATOM naming
- kvm: x86: Report STIBP on GET_SUPPORTED_CPUID
- bitops: avoid integer overflow in GENMASK(_ULL)
- locking/atomics, asm-generic: Move some macros from to a
new file
- tools include: Adopt linux/bits.h
- x86/msr-index: Cleanup bit defines
- x86/speculation: Consolidate CPU whitelists
- x86/speculation/mds: Add basic bug infrastructure for MDS
- x86/speculation/mds: Add BUG_MSBDS_ONLY
- x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests
- x86/speculation/mds: Add mds_clear_cpu_buffers()
- locking/static_keys: Provide DECLARE and well as DEFINE macros
- x86/speculation/mds: Clear CPU buffers on exit to user
- x86/kvm/vmx: Add MDS protection when L1D Flush is not active
- x86/speculation/mds: Conditionally clear CPU buffers on idle entry
- SAUCE: sched/smt: Introduce sched_smt_{active,present}
- SAUCE: Rename the Ubuntu-only spec_ctrl_mutex mutex
- SAUCE: x86/speculation: Introduce arch_smt_update()
- x86/speculation: Rework SMT state change
- x86/speculation: Reorder the spec_v2 code
- x86/speculation: Unify conditional spectre v2 print functions
- x86/speculation/mds: Add mitigation control for MDS
- x86/speculation/mds: Add sysfs reporting for MDS
- x86/speculation/mds: Add mitigation mode VMWERV
- Documentation: Move L1TF to separate directory
- Documentation: Add MDS vulnerability documentation
- x86/speculation/mds: Add mds=full,nosmt cmdline option
- x86/speculation: Move arch_smt_update() call to after mitigation decisions
- x86/speculation/mds: Add SMT warning message
- x86/speculation/mds: Fix comment
- x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
- x86/speculation/mds: Add 'mitigations=' support for MDS
* CVE-2017-5715 // CVE-2017-5753
- s390/speculation: Support 'mitigations=' cmdline option
* CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754 // CVE-2018-3639
- powerpc/speculation: Support 'mitigations=' cmdline option
* CVE-2017-5715 // CVE-2017-5754 // CVE-2018-3620 // CVE-2018-3639 //
CVE-2018-3646
- cpu/speculation: Add 'mitigations=' cmdline option
- x86/speculation: Support 'mitigations=' cmdline option
* Packaging resync (LP: #1786013)
- [Packaging] resync git-ubuntu-log
linux (4.4.0-147.173) xenial; urgency=medium
* linux: 4.4.0-147.173 -proposed tracker (LP: #1826036)
* Packaging resync (LP: #1786013)
- [Packaging] resync git-ubuntu-log
* Xenial: Sync to upstream v4.9 (Spectre) (LP: #1820872)
- SAUCE: cpu/hotplug: Fix Documentation/kernel-parameters.txt
- SAUCE: Fix typo in Documentation/kernel-parameters.txt
- SAUCE: x86: Move hunks and sync to upstream stable 4.9
- Revert "module: Add retpoline tag to VERMAGIC"
* CVE-2017-5753
- posix-timers: Protect posix clock array access against speculation
- arm64: fix possible spectre-v1 in ptrace_hbp_get_event()
- sched/autogroup: Fix possible Spectre-v1 indexing for
sched_prio_to_weight[]
- media: dvb_ca_en50221: prevent using slot_info for Spectre attacs
- s390/keyboard: sanitize array index in do_kdsk_ioctl
- arm64: fix possible spectre-v1 write in ptrace_hbp_set_event()
- pktcdvd: Fix possible Spectre-v1 for pkt_devs
- net: socket: Fix potential spectre v1 gadget in sock_is_registered
- net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd()
- hwmon: (nct6775) Fix potential Spectre v1
- mac80211_hwsim: Fix possible Spectre-v1 for hwsim_world_regdom_custom
- nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT
- ipmi: msghandler: Fix potential Spectre v1 vulnerabilities
- powerpc/ptrace: Mitigate potential Spectre v1
- cfg80211: prevent speculation on cfg80211_classify8021d() return
- ALSA: rawmidi: Fix potential Spectre v1 vulnerability
- ALSA: seq: oss: Fix Spectre v1 vulnerability
* CVE-2019-3874
- sctp: fix the issue that a __u16 variable may overflow in sctp_ulpq_renege
- sctp: use sk_wmem_queued to check for writable space
- sctp: implement memory accounting on tx path
- sctp: implement memory accounting on rx path
* Kprobe event argument syntax in ftrace from ubuntu_kernel_selftests failed
on B PowerPC (LP: #1812809)
- selftests/ftrace: Add ppc support for kprobe args tes
[ubuntu/xenial-security] linux-signed 4.4.0-148.174 (Accepted)
linux-signed (4.4.0-148.174) xenial; urgency=medium * Master version: 4.4.0-148.174 linux-signed (4.4.0-147.173) xenial; urgency=medium * Master version: 4.4.0-147.173 linux-signed (4.4.0-146.172) xenial; urgency=medium * Master version: 4.4.0-146.172 Date: 2019-05-07 12:06:25.883723+00:00 Changed-By: Stefan Bader Signed-By: Andy Whitcroft https://launchpad.net/ubuntu/+source/linux-signed/4.4.0-148.174 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] linux-meta 4.4.0.148.156 (Accepted)
linux-meta (4.4.0.148.156) xenial; urgency=medium * Bump ABI 4.4.0-148 linux-meta (4.4.0.147.155) xenial; urgency=medium * Bump ABI 4.4.0-147 linux-meta (4.4.0.146.154) xenial; urgency=medium * Bump ABI 4.4.0-146 Date: 2019-05-07 12:06:28.310802+00:00 Changed-By: Stefan Bader Signed-By: Andy Whitcroft https://launchpad.net/ubuntu/+source/linux-meta/4.4.0.148.156 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-proposed] resolvconf 1.78ubuntu7 (Accepted)
resolvconf (1.78ubuntu7) xenial; urgency=medium * bin/resolvconf: use flock so resolvconf can be called in parallel safely (LP: #1825194). Date: Mon, 06 May 2019 10:39:40 +0200 Changed-By: Alfonso Sanchez-Beato (email Canonical) Maintainer: Ubuntu Developers Signed-By: Steve Langasek https://launchpad.net/ubuntu/+source/resolvconf/1.78ubuntu7 Format: 1.8 Date: Mon, 06 May 2019 10:39:40 +0200 Source: resolvconf Architecture: source Version: 1.78ubuntu7 Distribution: xenial Urgency: medium Maintainer: Ubuntu Developers Changed-By: Alfonso Sanchez-Beato (email Canonical) Launchpad-Bugs-Fixed: 1825194 Changes: resolvconf (1.78ubuntu7) xenial; urgency=medium . * bin/resolvconf: use flock so resolvconf can be called in parallel safely (LP: #1825194). Checksums-Sha1: 4bc1592689c8f21f5f587b043f0360be71eec7bc 1850 resolvconf_1.78ubuntu7.dsc 3bfc0a1983b695a223ee6eff0a2e40da7ed5a4a2 77668 resolvconf_1.78ubuntu7.tar.xz 61c1a1b58f8ee90bbd173728896aeb620836ae2e 6369 resolvconf_1.78ubuntu7_source.buildinfo Checksums-Sha256: 441f854ba34cef584ac85a5cb3380bd18a949f9f10bf2bbfa57027b8dd343fc8 1850 resolvconf_1.78ubuntu7.dsc 22f68241dd30f8d2c8dc8cc75e9fa6fd86878fd953b948713cd159523e4ff228 77668 resolvconf_1.78ubuntu7.tar.xz 70e484af11ce480ec9a2d1ed4d6fc8d0c11a0d09da5d1b9ef911ef225aa34726 6369 resolvconf_1.78ubuntu7_source.buildinfo Files: 705b8d552759d97a73a4779e60c9c83f 1850 net optional resolvconf_1.78ubuntu7.dsc cf4892fae5f434d8d1244dd2696d0ffa 77668 net optional resolvconf_1.78ubuntu7.tar.xz 1808629a0cf2f6e9da20375cee34a1de 6369 net optional resolvconf_1.78ubuntu7_source.buildinfo Original-Maintainer: resolvconf maintainers -- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] nova 2:13.1.4-0ubuntu4.4 (Accepted)
nova (2:13.1.4-0ubuntu4.4) xenial; urgency=medium * Refix disk size during live migration with disk over-commit - (LP: #1708572) and (LP: #1744079) - d/p/0001-Fix-disk-size-during-live-migration-with-disk-over-c.patch - d/p/0002-Refix-disk-size-during-live-migration-with-disk-over.patch Date: 2019-04-03 14:32:09.120300+00:00 Changed-By: Hua Zhang Signed-By: Robie Basak https://launchpad.net/ubuntu/+source/nova/2:13.1.4-0ubuntu4.4 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
