[ubuntu/bionic-updates] linux-gcp-5.3_5.3.0-1008.9~18.04.1_amd64.tar.gz - (Accepted)

Stefan Bader stefan.bader at canonical.com
Tue Nov 12 22:32:52 UTC 2019 

linux-gcp-5.3 (5.3.0-1008.9~18.04.1) bionic; urgency=medium

  [ Ubuntu: 5.3.0-1008.9 ]

  * CVE-2019-11135
    - [Config] gcp: Disable TSX by default when possible
  * [REGRESSION]  md/raid0: cannot assemble multi-zone RAID0 with default_layout
    setting (LP: #1849682)
    - Revert "md/raid0: avoid RAID0 data corruption due to layout confusion."
  * refcount underflow and type confusion in shiftfs (LP: #1850867) // CVE-2019-15793
    - SAUCE: shiftfs: Correct id translation for lower fs operations
    - SAUCE: shiftfs: prevent type confusion
    - SAUCE: shiftfs: Fix refcount underflow in btrfs ioctl handling
  * CVE-2018-12207
    - kvm: x86, powerpc: do not allow clearing largepages debugfs entry
    - SAUCE: KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is
      active
    - SAUCE: x86: Add ITLB_MULTIHIT bug infrastructure
    - SAUCE: kvm: mmu: ITLB_MULTIHIT mitigation
    - SAUCE: kvm: Add helper function for creating VM worker threads
    - SAUCE: kvm: x86: mmu: Recovery of shattered NX large pages
    - SAUCE: cpu/speculation: Uninline and export CPU mitigations helpers
    - SAUCE: kvm: x86: mmu: Apply global mitigations knob to ITLB_MULTIHIT
  * CVE-2019-11135
    - x86/msr: Add the IA32_TSX_CTRL MSR
    - x86/cpu: Add a helper function x86_read_arch_cap_msr()
    - x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
    - x86/speculation/taa: Add mitigation for TSX Async Abort
    - x86/speculation/taa: Add sysfs reporting for TSX Async Abort
    - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
    - x86/tsx: Add "auto" option to the tsx= cmdline parameter
    - x86/speculation/taa: Add documentation for TSX Async Abort
    - x86/tsx: Add config options to set tsx=on|off|auto
    - [Config] Disable TSX by default when possible
  * CVE-2019-0154
    - SAUCE: drm/i915: Lower RM timeout to avoid DSI hard hangs
    - SAUCE: drm/i915/gen8+: Add RC6 CTX corruption WA
  * CVE-2019-0155
    - SAUCE: drm/i915: Rename gen7 cmdparser tables
    - SAUCE: drm/i915: Disable Secure Batches for gen6+
    - SAUCE: drm/i915: Remove Master tables from cmdparser
    - SAUCE: drm/i915: Add support for mandatory cmdparsing
    - SAUCE: drm/i915: Support ro ppgtt mapped cmdparser shadow buffers
    - SAUCE: drm/i915: Allow parsing of unsized batches
    - SAUCE: drm/i915: Add gen9 BCS cmdparsing
    - SAUCE: drm/i915/cmdparser: Use explicit goto for error paths
    - SAUCE: drm/i915/cmdparser: Add support for backward jumps
    - SAUCE: drm/i915/cmdparser: Ignore Length operands during command matching

Date: Mon, 11 Nov 2019 14:57:26 +0100
Changed-By: Stefan Bader <stefan.bader at canonical.com>
Maintainer: Launchpad Build Daemon <buildd at lgw01-amd64-036.buildd>

-------------- next part --------------
Format: 1.8
Date: Mon, 11 Nov 2019 14:57:26 +0100
Source: linux-gcp-5.3
Binary: linux-gcp-5.3-headers-5.3.0-1008 linux-gcp-5.3-tools-5.3.0-1008 linux-image-unsigned-5.3.0-1008-gcp linux-modules-5.3.0-1008-gcp linux-modules-extra-5.3.0-1008-gcp linux-headers-5.3.0-1008-gcp linux-image-unsigned-5.3.0-1008-gcp-dbgsym linux-tools-5.3.0-1008-gcp linux-buildinfo-5.3.0-1008-gcp
Architecture: amd64 amd64_translations
Version: 5.3.0-1008.9~18.04.1
Distribution: bionic
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd at lgw01-amd64-036.buildd>
Changed-By: Stefan Bader <stefan.bader at canonical.com>
Description:
 linux-buildinfo-5.3.0-1008-gcp - Linux kernel buildinfo for version 5.3.0 on 64 bit x86 SMP
 linux-gcp-5.3-headers-5.3.0-1008 - Header files related to Linux kernel version 5.3.0
 linux-gcp-5.3-tools-5.3.0-1008 - Linux kernel version specific tools for version 5.3.0-1008
 linux-headers-5.3.0-1008-gcp - Linux kernel headers for version 5.3.0 on 64 bit x86 SMP
 linux-image-unsigned-5.3.0-1008-gcp - Linux kernel image for version 5.3.0 on 64 bit x86 SMP
 linux-image-unsigned-5.3.0-1008-gcp-dbgsym - Linux kernel debug image for version 5.3.0 on 64 bit x86 SMP
 linux-modules-5.3.0-1008-gcp - Linux kernel extra modules for version 5.3.0 on 64 bit x86 SMP
 linux-modules-extra-5.3.0-1008-gcp - Linux kernel extra modules for version 5.3.0 on 64 bit x86 SMP
 linux-tools-5.3.0-1008-gcp - Linux kernel version specific tools for version 5.3.0-1008
Launchpad-Bugs-Fixed: 1849682 1850867
Changes:
 linux-gcp-5.3 (5.3.0-1008.9~18.04.1) bionic; urgency=medium
 .
   [ Ubuntu: 5.3.0-1008.9 ]
 .
   * CVE-2019-11135
     - [Config] gcp: Disable TSX by default when possible
   * [REGRESSION]  md/raid0: cannot assemble multi-zone RAID0 with default_layout
     setting (LP: #1849682)
     - Revert "md/raid0: avoid RAID0 data corruption due to layout confusion."
   * refcount underflow and type confusion in shiftfs (LP: #1850867) // CVE-2019-15793
     - SAUCE: shiftfs: Correct id translation for lower fs operations
     - SAUCE: shiftfs: prevent type confusion
     - SAUCE: shiftfs: Fix refcount underflow in btrfs ioctl handling
   * CVE-2018-12207
     - kvm: x86, powerpc: do not allow clearing largepages debugfs entry
     - SAUCE: KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is
       active
     - SAUCE: x86: Add ITLB_MULTIHIT bug infrastructure
     - SAUCE: kvm: mmu: ITLB_MULTIHIT mitigation
     - SAUCE: kvm: Add helper function for creating VM worker threads
     - SAUCE: kvm: x86: mmu: Recovery of shattered NX large pages
     - SAUCE: cpu/speculation: Uninline and export CPU mitigations helpers
     - SAUCE: kvm: x86: mmu: Apply global mitigations knob to ITLB_MULTIHIT
   * CVE-2019-11135
     - x86/msr: Add the IA32_TSX_CTRL MSR
     - x86/cpu: Add a helper function x86_read_arch_cap_msr()
     - x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
     - x86/speculation/taa: Add mitigation for TSX Async Abort
     - x86/speculation/taa: Add sysfs reporting for TSX Async Abort
     - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
     - x86/tsx: Add "auto" option to the tsx= cmdline parameter
     - x86/speculation/taa: Add documentation for TSX Async Abort
     - x86/tsx: Add config options to set tsx=on|off|auto
     - [Config] Disable TSX by default when possible
   * CVE-2019-0154
     - SAUCE: drm/i915: Lower RM timeout to avoid DSI hard hangs
     - SAUCE: drm/i915/gen8+: Add RC6 CTX corruption WA
   * CVE-2019-0155
     - SAUCE: drm/i915: Rename gen7 cmdparser tables
     - SAUCE: drm/i915: Disable Secure Batches for gen6+
     - SAUCE: drm/i915: Remove Master tables from cmdparser
     - SAUCE: drm/i915: Add support for mandatory cmdparsing
     - SAUCE: drm/i915: Support ro ppgtt mapped cmdparser shadow buffers
     - SAUCE: drm/i915: Allow parsing of unsized batches
     - SAUCE: drm/i915: Add gen9 BCS cmdparsing
     - SAUCE: drm/i915/cmdparser: Use explicit goto for error paths
     - SAUCE: drm/i915/cmdparser: Add support for backward jumps
     - SAUCE: drm/i915/cmdparser: Ignore Length operands during command matching
Checksums-Sha1:
 5588634adb56ced376387bff8dc5529c15cd373b 246432 linux-buildinfo-5.3.0-1008-gcp_5.3.0-1008.9~18.04.1_amd64.deb
 c25ae6e55e4958da7b85a4751a3c844988954981 10951036 linux-gcp-5.3-headers-5.3.0-1008_5.3.0-1008.9~18.04.1_amd64.deb
 e27178f59c07503838e1b51e685b7ef48acb08ac 5080076 linux-gcp-5.3-tools-5.3.0-1008_5.3.0-1008.9~18.04.1_amd64.deb
 fd017c65a9c010161e353bec160db2882482a0ec 16163 linux-gcp-5.3_5.3.0-1008.9~18.04.1_amd64.buildinfo
 a8ae072fbc36dacbbc9caed1939e36eeca248811 8774087 linux-gcp-5.3_5.3.0-1008.9~18.04.1_amd64.tar.gz
 4af1a87552caff01a1ef4df31cf5890d5b7e6c1c 24517 linux-gcp-5.3_5.3.0-1008.9~18.04.1_amd64_translations.tar.gz
 cb66ed04366ecf37d543cffc269b8872ec65607c 1121260 linux-headers-5.3.0-1008-gcp_5.3.0-1008.9~18.04.1_amd64.deb
 0ecd5551afa8a459d2179140e998b5b4f9073803 849561324 linux-image-unsigned-5.3.0-1008-gcp-dbgsym_5.3.0-1008.9~18.04.1_amd64.ddeb
 e3d5231ec42d4b5c5c71acc5765002d453336009 8788652 linux-image-unsigned-5.3.0-1008-gcp_5.3.0-1008.9~18.04.1_amd64.deb
 599c56dd6236fccbab205f2915f64dbebe380cd6 13071180 linux-modules-5.3.0-1008-gcp_5.3.0-1008.9~18.04.1_amd64.deb
 771ddf7da45689c2cae3b46333e154653c59ade6 30227608 linux-modules-extra-5.3.0-1008-gcp_5.3.0-1008.9~18.04.1_amd64.deb
 dffc63c07418c5105b9237283d0b6cc1f528a034 1972 linux-tools-5.3.0-1008-gcp_5.3.0-1008.9~18.04.1_amd64.deb
Checksums-Sha256:
 5c370a9fa6ee7996f10bb98aceaf5b568ecdbce6a35e3b76a76d7bf4ce251fc4 246432 linux-buildinfo-5.3.0-1008-gcp_5.3.0-1008.9~18.04.1_amd64.deb
 3805b29b91de515075fcf129e833b71a8808c03a2806759d3e9c1d375b39e69c 10951036 linux-gcp-5.3-headers-5.3.0-1008_5.3.0-1008.9~18.04.1_amd64.deb
 5a79bcc9260be3ed4e252034d0ae0cd23d4ee8de349b0ca4f2aad8eba3263a01 5080076 linux-gcp-5.3-tools-5.3.0-1008_5.3.0-1008.9~18.04.1_amd64.deb
 a1a87d62caab10266edf0cba25693c46e76905364ac0a013a4b3d563515f2946 16163 linux-gcp-5.3_5.3.0-1008.9~18.04.1_amd64.buildinfo
 c61f4708b152b9ebe4c86c4b41b9d4500615b88e3b608840b75656942e58deda 8774087 linux-gcp-5.3_5.3.0-1008.9~18.04.1_amd64.tar.gz
 2f7fea9bd281ece1fe3ccc20b2a6c884ba1440e4be7d3456f80cf1ec0a46e83c 24517 linux-gcp-5.3_5.3.0-1008.9~18.04.1_amd64_translations.tar.gz
 f21e1702e7547feefc81aa303e5d932195e3ae6378f3f0c6c428229179e2a2a9 1121260 linux-headers-5.3.0-1008-gcp_5.3.0-1008.9~18.04.1_amd64.deb
 fe0b94213cf01588593f257e4e1115aadd177500042e8f95bc98fa60a004ccac 849561324 linux-image-unsigned-5.3.0-1008-gcp-dbgsym_5.3.0-1008.9~18.04.1_amd64.ddeb
 213929dcf1a24e3d5c3baad84c86b4e5e6caecf996e3e80bb073a34fb593993b 8788652 linux-image-unsigned-5.3.0-1008-gcp_5.3.0-1008.9~18.04.1_amd64.deb
 2503f853f791fbd70fdaf5675e4215baa0d1da8948c1ea17a6c6972cc321f99b 13071180 linux-modules-5.3.0-1008-gcp_5.3.0-1008.9~18.04.1_amd64.deb
 ebe8a435c2a71e32a4a6f4acbef794bf87986abc9467a3b54a88e0a61ed1d3f9 30227608 linux-modules-extra-5.3.0-1008-gcp_5.3.0-1008.9~18.04.1_amd64.deb
 b406b5543abfe4382197e3a3b059817a3521746b4a1a9f9420c6d267ee17f45b 1972 linux-tools-5.3.0-1008-gcp_5.3.0-1008.9~18.04.1_amd64.deb
Files:
 c893239a3888746fa21e7f1d4d5a4c47 246432 kernel optional linux-buildinfo-5.3.0-1008-gcp_5.3.0-1008.9~18.04.1_amd64.deb
 ece6c5b15d25272a0dc9c4de64394d5c 10951036 devel optional linux-gcp-5.3-headers-5.3.0-1008_5.3.0-1008.9~18.04.1_amd64.deb
 625a99e5265da1ba5abe57b42a298096 5080076 devel optional linux-gcp-5.3-tools-5.3.0-1008_5.3.0-1008.9~18.04.1_amd64.deb
 bcfa1ee843b643b858b8c9c19572431a 16163 devel optional linux-gcp-5.3_5.3.0-1008.9~18.04.1_amd64.buildinfo
 8aa7c3a3439c14a8b5140392208d45d8 8774087 raw-signing - linux-gcp-5.3_5.3.0-1008.9~18.04.1_amd64.tar.gz
 7bc4cac099ce266a73e01745461ec61c 24517 raw-translations - linux-gcp-5.3_5.3.0-1008.9~18.04.1_amd64_translations.tar.gz
 4f49f8a020d99d4b7c5b053e454d12b3 1121260 devel optional linux-headers-5.3.0-1008-gcp_5.3.0-1008.9~18.04.1_amd64.deb
 bd39680fc0c967b14281b67e8277fdd4 849561324 devel optional linux-image-unsigned-5.3.0-1008-gcp-dbgsym_5.3.0-1008.9~18.04.1_amd64.ddeb
 f3076f6f61fb06eed1507f134ec92291 8788652 kernel optional linux-image-unsigned-5.3.0-1008-gcp_5.3.0-1008.9~18.04.1_amd64.deb
 61e17f537a1febb29cdfd1e05db4a40b 13071180 kernel optional linux-modules-5.3.0-1008-gcp_5.3.0-1008.9~18.04.1_amd64.deb
 462c24f644e3dd460a9146aeafc5e1e6 30227608 kernel optional linux-modules-extra-5.3.0-1008-gcp_5.3.0-1008.9~18.04.1_amd64.deb
 8f72dec95d659ce693289425aae17a37 1972 devel optional linux-tools-5.3.0-1008-gcp_5.3.0-1008.9~18.04.1_amd64.deb

More information about the Bionic-changes mailing list