[ubuntu/bionic-proposed] linux-gke-5.0_5.0.0-1025.26~18.04.1_amd64.tar.gz - (Accepted)
Stefan Bader
stefan.bader at canonical.com
Tue Nov 12 18:17:57 UTC 2019
linux-gke-5.0 (5.0.0-1025.26~18.04.1) bionic; urgency=medium
[ Ubuntu: 5.0.0-1025.26 ]
* CVE-2019-11135
- [Config] gcp: Disable TSX by default when possible
* [REGRESSION] md/raid0: cannot assemble multi-zone RAID0 with default_layout
setting (LP: #1849682)
- SAUCE: Fix revert "md/raid0: avoid RAID0 data corruption due to layout
confusion."
* refcount underflow and type confusion in shiftfs (LP: #1850867) // CVE-2019-15793
- SAUCE: shiftfs: Correct id translation for lower fs operations
- SAUCE: shiftfs: prevent type confusion
- SAUCE: shiftfs: Fix refcount underflow in btrfs ioctl handling
* CVE-2018-12207
- kvm: Convert kvm_lock to a mutex
- kvm: x86: Do not release the page inside mmu_set_spte()
- KVM: x86: make FNAME(fetch) and __direct_map more similar
- KVM: x86: remove now unneeded hugepage gfn adjustment
- KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON
- KVM: x86: add tracepoints around __direct_map and FNAME(fetch)
- kvm: x86, powerpc: do not allow clearing largepages debugfs entry
- SAUCE: KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is
active
- SAUCE: x86: Add ITLB_MULTIHIT bug infrastructure
- SAUCE: kvm: mmu: ITLB_MULTIHIT mitigation
- SAUCE: kvm: Add helper function for creating VM worker threads
- SAUCE: kvm: x86: mmu: Recovery of shattered NX large pages
- SAUCE: cpu/speculation: Uninline and export CPU mitigations helpers
- SAUCE: kvm: x86: mmu: Apply global mitigations knob to ITLB_MULTIHIT
* CVE-2019-11135
- KVM: x86: use Intel speculation bugs and features as derived in generic x86
code
- x86/msr: Add the IA32_TSX_CTRL MSR
- x86/cpu: Add a helper function x86_read_arch_cap_msr()
- x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
- x86/speculation/taa: Add mitigation for TSX Async Abort
- x86/speculation/taa: Add sysfs reporting for TSX Async Abort
- kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
- x86/tsx: Add "auto" option to the tsx= cmdline parameter
- x86/speculation/taa: Add documentation for TSX Async Abort
- x86/tsx: Add config options to set tsx=on|off|auto
- SAUCE: x86/speculation/taa: Call tsx_init()
- [Config] Disable TSX by default when possible
* CVE-2019-0154
- SAUCE: drm/i915: Lower RM timeout to avoid DSI hard hangs
- SAUCE: drm/i915/gen8+: Add RC6 CTX corruption WA
* CVE-2019-0155
- SAUCE: drm/i915: Rename gen7 cmdparser tables
- SAUCE: drm/i915: Disable Secure Batches for gen6+
- SAUCE: drm/i915: Remove Master tables from cmdparser
- SAUCE: drm/i915: Add support for mandatory cmdparsing
- SAUCE: drm/i915: Support ro ppgtt mapped cmdparser shadow buffers
- SAUCE: drm/i915: Allow parsing of unsized batches
- SAUCE: drm/i915: Add gen9 BCS cmdparsing
- SAUCE: drm/i915/cmdparser: Use explicit goto for error paths
- SAUCE: drm/i915/cmdparser: Add support for backward jumps
- SAUCE: drm/i915/cmdparser: Ignore Length operands during command matching
* disco/linux: <version to be filled> -proposed tracker (LP: #1850574)
* [REGRESSION] md/raid0: cannot assemble multi-zone RAID0 with default_layout
setting (LP: #1849682)
- Revert "md/raid0: avoid RAID0 data corruption due to layout confusion."
Date: Mon, 11 Nov 2019 14:08:41 +0100
Changed-By: Stefan Bader <stefan.bader at canonical.com>
Maintainer: Launchpad Build Daemon <buildd at lcy01-amd64-028.buildd>
-------------- next part --------------
Format: 1.8
Date: Mon, 11 Nov 2019 14:08:41 +0100
Source: linux-gke-5.0
Binary: linux-gke-5.0-headers-5.0.0-1025 linux-gke-5.0-tools-5.0.0-1025 linux-image-unsigned-5.0.0-1025-gke linux-modules-5.0.0-1025-gke linux-modules-extra-5.0.0-1025-gke linux-headers-5.0.0-1025-gke linux-image-unsigned-5.0.0-1025-gke-dbgsym linux-tools-5.0.0-1025-gke linux-buildinfo-5.0.0-1025-gke
Architecture: amd64
Version: 5.0.0-1025.26~18.04.1
Distribution: bionic
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd at lcy01-amd64-028.buildd>
Changed-By: Stefan Bader <stefan.bader at canonical.com>
Description:
linux-buildinfo-5.0.0-1025-gke - Linux kernel buildinfo for version 5.0.0 on 64 bit x86 SMP
linux-gke-5.0-headers-5.0.0-1025 - Header files related to Linux kernel version 5.0.0
linux-gke-5.0-tools-5.0.0-1025 - Linux kernel version specific tools for version 5.0.0-1025
linux-headers-5.0.0-1025-gke - Linux kernel headers for version 5.0.0 on 64 bit x86 SMP
linux-image-unsigned-5.0.0-1025-gke - Linux kernel image for version 5.0.0 on 64 bit x86 SMP
linux-image-unsigned-5.0.0-1025-gke-dbgsym - Linux kernel debug image for version 5.0.0 on 64 bit x86 SMP
linux-modules-5.0.0-1025-gke - Linux kernel extra modules for version 5.0.0 on 64 bit x86 SMP
linux-modules-extra-5.0.0-1025-gke - Linux kernel extra modules for version 5.0.0 on 64 bit x86 SMP
linux-tools-5.0.0-1025-gke - Linux kernel version specific tools for version 5.0.0-1025
Launchpad-Bugs-Fixed: 1849682 1850574 1850867
Changes:
linux-gke-5.0 (5.0.0-1025.26~18.04.1) bionic; urgency=medium
.
[ Ubuntu: 5.0.0-1025.26 ]
.
* CVE-2019-11135
- [Config] gcp: Disable TSX by default when possible
* [REGRESSION] md/raid0: cannot assemble multi-zone RAID0 with default_layout
setting (LP: #1849682)
- SAUCE: Fix revert "md/raid0: avoid RAID0 data corruption due to layout
confusion."
* refcount underflow and type confusion in shiftfs (LP: #1850867) // CVE-2019-15793
- SAUCE: shiftfs: Correct id translation for lower fs operations
- SAUCE: shiftfs: prevent type confusion
- SAUCE: shiftfs: Fix refcount underflow in btrfs ioctl handling
* CVE-2018-12207
- kvm: Convert kvm_lock to a mutex
- kvm: x86: Do not release the page inside mmu_set_spte()
- KVM: x86: make FNAME(fetch) and __direct_map more similar
- KVM: x86: remove now unneeded hugepage gfn adjustment
- KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON
- KVM: x86: add tracepoints around __direct_map and FNAME(fetch)
- kvm: x86, powerpc: do not allow clearing largepages debugfs entry
- SAUCE: KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is
active
- SAUCE: x86: Add ITLB_MULTIHIT bug infrastructure
- SAUCE: kvm: mmu: ITLB_MULTIHIT mitigation
- SAUCE: kvm: Add helper function for creating VM worker threads
- SAUCE: kvm: x86: mmu: Recovery of shattered NX large pages
- SAUCE: cpu/speculation: Uninline and export CPU mitigations helpers
- SAUCE: kvm: x86: mmu: Apply global mitigations knob to ITLB_MULTIHIT
* CVE-2019-11135
- KVM: x86: use Intel speculation bugs and features as derived in generic x86
code
- x86/msr: Add the IA32_TSX_CTRL MSR
- x86/cpu: Add a helper function x86_read_arch_cap_msr()
- x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
- x86/speculation/taa: Add mitigation for TSX Async Abort
- x86/speculation/taa: Add sysfs reporting for TSX Async Abort
- kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
- x86/tsx: Add "auto" option to the tsx= cmdline parameter
- x86/speculation/taa: Add documentation for TSX Async Abort
- x86/tsx: Add config options to set tsx=on|off|auto
- SAUCE: x86/speculation/taa: Call tsx_init()
- [Config] Disable TSX by default when possible
* CVE-2019-0154
- SAUCE: drm/i915: Lower RM timeout to avoid DSI hard hangs
- SAUCE: drm/i915/gen8+: Add RC6 CTX corruption WA
* CVE-2019-0155
- SAUCE: drm/i915: Rename gen7 cmdparser tables
- SAUCE: drm/i915: Disable Secure Batches for gen6+
- SAUCE: drm/i915: Remove Master tables from cmdparser
- SAUCE: drm/i915: Add support for mandatory cmdparsing
- SAUCE: drm/i915: Support ro ppgtt mapped cmdparser shadow buffers
- SAUCE: drm/i915: Allow parsing of unsized batches
- SAUCE: drm/i915: Add gen9 BCS cmdparsing
- SAUCE: drm/i915/cmdparser: Use explicit goto for error paths
- SAUCE: drm/i915/cmdparser: Add support for backward jumps
- SAUCE: drm/i915/cmdparser: Ignore Length operands during command matching
* disco/linux: <version to be filled> -proposed tracker (LP: #1850574)
* [REGRESSION] md/raid0: cannot assemble multi-zone RAID0 with default_layout
setting (LP: #1849682)
- Revert "md/raid0: avoid RAID0 data corruption due to layout confusion."
Checksums-Sha1:
bfe75776bd7571a9aecc665e1d9c2d5ba6d6c083 313640 linux-buildinfo-5.0.0-1025-gke_5.0.0-1025.26~18.04.1_amd64.deb
ee449569594e66d80aa23f44ae02eef7f5f7f37b 10757916 linux-gke-5.0-headers-5.0.0-1025_5.0.0-1025.26~18.04.1_amd64.deb
4d1ba01b290c166f590b533eefbbc60941319446 4797060 linux-gke-5.0-tools-5.0.0-1025_5.0.0-1025.26~18.04.1_amd64.deb
49ff3b258e1e48ccb6ef501006abdd55cebf3115 15568 linux-gke-5.0_5.0.0-1025.26~18.04.1_amd64.buildinfo
d56122072660fd1f660b25e1627cb13302bc5acc 8508621 linux-gke-5.0_5.0.0-1025.26~18.04.1_amd64.tar.gz
8808d99430a851cbdd05d1d7102f7c258cf51df3 1176464 linux-headers-5.0.0-1025-gke_5.0.0-1025.26~18.04.1_amd64.deb
5684486a3e127de7867b84e698ced1458e66f62e 834707560 linux-image-unsigned-5.0.0-1025-gke-dbgsym_5.0.0-1025.26~18.04.1_amd64.ddeb
0982e241f39e1cde116ff89a339f6f6ff270e342 8593956 linux-image-unsigned-5.0.0-1025-gke_5.0.0-1025.26~18.04.1_amd64.deb
958da7721a31ff74f4f9a64eade406b2d8577866 13479840 linux-modules-5.0.0-1025-gke_5.0.0-1025.26~18.04.1_amd64.deb
ca59dd39fcb7790648189673d925c572539b9a5d 33269664 linux-modules-extra-5.0.0-1025-gke_5.0.0-1025.26~18.04.1_amd64.deb
8de70dbd521c39e24b5369e2cb43d013d52243e3 1964 linux-tools-5.0.0-1025-gke_5.0.0-1025.26~18.04.1_amd64.deb
Checksums-Sha256:
03d6c0e7eaaccb5ced8da096ec1e93cf64605f377eae93ab793a3ba3870287eb 313640 linux-buildinfo-5.0.0-1025-gke_5.0.0-1025.26~18.04.1_amd64.deb
4c0278de0229e6693b3e60ce3c1558fe868aa1551ca90ab8f34e376aec604b4d 10757916 linux-gke-5.0-headers-5.0.0-1025_5.0.0-1025.26~18.04.1_amd64.deb
715e1e5662ffde4f7d20ffe31eaf460b9ff4f84bc2559bb80dd34d8b637a6915 4797060 linux-gke-5.0-tools-5.0.0-1025_5.0.0-1025.26~18.04.1_amd64.deb
b153891b4f8907fb39fe2f57f39c5006f326900a05721485d7d43b0c1c0cefaa 15568 linux-gke-5.0_5.0.0-1025.26~18.04.1_amd64.buildinfo
53c10e0a0162edeb62fe488dcbe06fedd91d66f1d2a5c83df3fcb7392df63ff9 8508621 linux-gke-5.0_5.0.0-1025.26~18.04.1_amd64.tar.gz
48053fc9e48454d45f848f0682377751072ef3738b8282ffad7ada3d3b7d85de 1176464 linux-headers-5.0.0-1025-gke_5.0.0-1025.26~18.04.1_amd64.deb
0921ac14c9b2c1d82ec4dfe1b4eb54c43491061d69eccaffb11ade4efb7d5e16 834707560 linux-image-unsigned-5.0.0-1025-gke-dbgsym_5.0.0-1025.26~18.04.1_amd64.ddeb
2e62f44b05b5722d2f2404d47d1b1a21fac19cdb2ab4bb4091c4661d4d630e8d 8593956 linux-image-unsigned-5.0.0-1025-gke_5.0.0-1025.26~18.04.1_amd64.deb
6c46de44b968c537ead860d261f55dfd9158e8c9e88e6027cd35e82ed1d903bb 13479840 linux-modules-5.0.0-1025-gke_5.0.0-1025.26~18.04.1_amd64.deb
4767ada6a3359e1728045aa96cd83dcb3cdc560423afa5dc57997668af55b08a 33269664 linux-modules-extra-5.0.0-1025-gke_5.0.0-1025.26~18.04.1_amd64.deb
d2209c338b25c4be181dd97baa25c1d3b4bd570c679d8d2ee5e90901a957d34f 1964 linux-tools-5.0.0-1025-gke_5.0.0-1025.26~18.04.1_amd64.deb
Files:
05b18f5045d3922b64999961d2536336 313640 kernel optional linux-buildinfo-5.0.0-1025-gke_5.0.0-1025.26~18.04.1_amd64.deb
8f4f7c838663fc16c38a6324a53b84fd 10757916 devel optional linux-gke-5.0-headers-5.0.0-1025_5.0.0-1025.26~18.04.1_amd64.deb
cc7311cf2e86af930d0711964cdd066a 4797060 devel optional linux-gke-5.0-tools-5.0.0-1025_5.0.0-1025.26~18.04.1_amd64.deb
848f8197d733353a383e9a92fabf60a3 15568 devel optional linux-gke-5.0_5.0.0-1025.26~18.04.1_amd64.buildinfo
254eeaf3319db1489fbc145887c3a4bb 8508621 raw-signing - linux-gke-5.0_5.0.0-1025.26~18.04.1_amd64.tar.gz
e5b92cb0e78167551351e8ef2db90376 1176464 devel optional linux-headers-5.0.0-1025-gke_5.0.0-1025.26~18.04.1_amd64.deb
6092f84cb85702fcf5a227c93c8c9f5c 834707560 devel optional linux-image-unsigned-5.0.0-1025-gke-dbgsym_5.0.0-1025.26~18.04.1_amd64.ddeb
e6e10d74464c01aa4c1a15cfaec35329 8593956 kernel optional linux-image-unsigned-5.0.0-1025-gke_5.0.0-1025.26~18.04.1_amd64.deb
cb67d1579a618cf465d2712718be8b8f 13479840 kernel optional linux-modules-5.0.0-1025-gke_5.0.0-1025.26~18.04.1_amd64.deb
a228b8e40496c804607207ce25338960 33269664 kernel optional linux-modules-extra-5.0.0-1025-gke_5.0.0-1025.26~18.04.1_amd64.deb
66d2f12b785d364217dd6a12fc8d4489 1964 devel optional linux-tools-5.0.0-1025-gke_5.0.0-1025.26~18.04.1_amd64.deb
More information about the Bionic-changes
mailing list