[ubuntu/focal-security] linux-aws 5.4.0-1108.116 (Accepted)

Andy Whitcroft apw at canonical.com
Tue Aug 29 09:20:29 UTC 2023


linux-aws (5.4.0-1108.116) focal; urgency=medium

  * focal/linux-aws: 5.4.0-1108.116 -proposed tracker (LP: #2030597)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync update-dkms-versions helper

  [ Ubuntu: 5.4.0-159.176 ]

  * focal/linux: 5.4.0-159.176 -proposed tracker (LP: #2031149)
  * libgnutls report "trap invalid opcode" when trying to install packages over
    https (LP: #2031093)
    - [Config]: disable CONFIG_GDS_FORCE_MITIGATION
  * Fix boot test warning for log_check "CPU: 0 PID: 0 at
    arch/x86/kernel/fpu/xstate.c:878 get_xsave_addr+0x98/0xb0" (LP: #2031022)
    - x86/pkeys: Revert a5eff7259790 ("x86/pkeys: Add PKRU value to init_fpstate")

  [ Ubuntu: 5.4.0-157.174 ]

  * focal/linux: 5.4.0-157.174 -proposed tracker (LP: #2030632)
  * CVE-2022-40982
    - x86/mm: Initialize text poking earlier
    - x86/mm: fix poking_init() for Xen PV guests
    - x86/mm: Use mm_alloc() in poking_init()
    - mm: Move mm_cachep initialization to mm_init()
    - init: Provide arch_cpu_finalize_init()
    - x86/cpu: Switch to arch_cpu_finalize_init()
    - ARM: cpu: Switch to arch_cpu_finalize_init()
    - sparc/cpu: Switch to arch_cpu_finalize_init()
    - um/cpu: Switch to arch_cpu_finalize_init()
    - init: Remove check_bugs() leftovers
    - init: Invoke arch_cpu_finalize_init() earlier
    - init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init()
    - x86/fpu: Remove cpuinfo argument from init functions
    - x86/fpu: Mark init functions __init
    - x86/fpu: Move FPU initialization into arch_cpu_finalize_init()
    - x86/xen: Fix secondary processors' FPU initialization
    - x86/speculation: Add Gather Data Sampling mitigation
    - x86/speculation: Add force option to GDS mitigation
    - x86/speculation: Add Kconfig option for GDS
    - KVM: Add GDS_NO support to KVM
    - Documentation/x86: Fix backwards on/off logic about YMM support
    - [Config]: Enable CONFIG_ARCH_HAS_CPU_FINALIZE_INIT and
      CONFIG_GDS_FORCE_MITIGATION
  * CVE-2023-20593
    - x86/cpu/amd: Move the errata checking functionality up
    - x86/cpu/amd: Add a Zenbleed fix
  * CVE-2023-3776
    - net/sched: cls_fw: Fix improper refcount update leads to use-after-free
  * CVE-2023-3611
    - net/sched: sch_qfq: account for stab overhead in qfq_enqueue
  * CVE-2023-3609
    - net/sched: cls_u32: Fix reference counter leak leading to overflow

Date: 2023-08-16 15:23:07.736682+00:00
Changed-By: Tim Gardner <tim.gardner at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1108.116
-------------- next part --------------
Sorry, changesfile not available.


More information about the Focal-changes mailing list