[ubuntu/xenial-security] linux-hwe-edge 4.15.0-22.24~16.04.1 (Accepted)
Andy Whitcroft
apw at canonical.com
Tue May 22 00:02:21 UTC 2018
linux-hwe-edge (4.15.0-22.24~16.04.1) xenial; urgency=medium
* CVE-2018-3639 (powerpc)
- powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit
- stf-barrier: set eieio instruction bit 6 for future optimisations
* CVE-2018-3639 (x86)
- x86/nospec: Simplify alternative_msr_write()
- x86/bugs: Concentrate bug detection into a separate function
- x86/bugs: Concentrate bug reporting into a separate function
- x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- x86/bugs, KVM: Support the combination of guest and host IBRS
- x86/bugs: Expose /sys/../spec_store_bypass
- x86/cpufeatures: Add X86_FEATURE_RDS
- x86/bugs: Provide boot parameters for the spec_store_bypass_disable
mitigation
- x86/bugs/intel: Set proper CPU features and setup RDS
- x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
- x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- x86/speculation: Create spec-ctrl.h to avoid include hell
- prctl: Add speculation control prctls
- x86/process: Allow runtime control of Speculative Store Bypass
- x86/speculation: Add prctl for Speculative Store Bypass mitigation
- nospec: Allow getting/setting on non-current task
- proc: Provide details on speculation flaw mitigations
- seccomp: Enable speculation flaw mitigations
- x86/bugs: Make boot modes __ro_after_init
- prctl: Add force disable speculation
- seccomp: Use PR_SPEC_FORCE_DISABLE
- seccomp: Add filter flag to opt-out of SSB mitigation
- seccomp: Move speculation migitation control to arch code
- x86/speculation: Make "seccomp" the default mode for Speculative Store
Bypass
- x86/bugs: Rename _RDS to _SSBD
- proc: Use underscores for SSBD in 'status'
- Documentation/spec_ctrl: Do some minor cleanups
- x86/bugs: Fix __ssb_select_mitigation() return type
- x86/bugs: Make cpu_show_common() static
* LSM Stacking prctl values should be redefined as to not collide with
upstream prctls (LP: #1769263) // CVE-2018-3639
- SAUCE: LSM stacking: adjust prctl values
linux (4.15.0-21.22) bionic; urgency=medium
* linux: 4.15.0-21.22 -proposed tracker (LP: #1767397)
* initramfs-tools exception during pm.DoInstall with do-release-upgrade from
16.04 to 18.04 (LP: #1766727)
- Add linux-image-* Breaks on s390-tools (<< 2.3.0-0ubuntu3)
* linux-image-4.15.0-20-generic install after upgrade from xenial breaks
(LP: #1767133)
- Packaging: Depends on linux-base that provides the necessary tools
* linux-image packages need to Breaks flash-kernel << 3.90ubuntu2
(LP: #1766629)
- linux-image-* breaks on flash-kernel (<< 3.90ubuntu2)
linux (4.15.0-20.21) bionic; urgency=medium
* linux: 4.15.0-20.21 -proposed tracker (LP: #1766452)
* package shim-signed (not installed) failed to install/upgrade: installed
shim-signed package post-installation script subprocess returned error exit
status 5 (LP: #1766391)
- [Packaging] fix invocation of header postinst hooks
Date: 2018-05-17 13:13:13.127880+00:00
Changed-By: Stefan Bader <stefan.bader at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-hwe-edge/4.15.0-22.24~16.04.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list