[ubuntu/xenial-updates] linux-azure_4.15.0-1063.68_amd64.tar.gz - (Accepted)
Stefan Bader
stefan.bader at canonical.com
Tue Nov 12 22:43:19 UTC 2019
linux-azure (4.15.0-1063.68) xenial; urgency=medium
* CVE-2019-11135
- [Config] azure: Disable TSX by default when possible
[ Ubuntu: 4.15.0-69.78 ]
* KVM NULL pointer deref (LP: #1851205)
- KVM: nVMX: handle page fault in vmread fix
* CVE-2018-12207
- KVM: MMU: drop vcpu param in gpte_access
- kvm: Convert kvm_lock to a mutex
- kvm: x86: Do not release the page inside mmu_set_spte()
- KVM: x86: make FNAME(fetch) and __direct_map more similar
- KVM: x86: remove now unneeded hugepage gfn adjustment
- KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON
- KVM: x86: add tracepoints around __direct_map and FNAME(fetch)
- kvm: x86, powerpc: do not allow clearing largepages debugfs entry
- SAUCE: KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is
active
- SAUCE: x86: Add ITLB_MULTIHIT bug infrastructure
- SAUCE: kvm: mmu: ITLB_MULTIHIT mitigation
- SAUCE: kvm: Add helper function for creating VM worker threads
- SAUCE: kvm: x86: mmu: Recovery of shattered NX large pages
- SAUCE: cpu/speculation: Uninline and export CPU mitigations helpers
- SAUCE: kvm: x86: mmu: Apply global mitigations knob to ITLB_MULTIHIT
* CVE-2019-11135
- KVM: x86: use Intel speculation bugs and features as derived in generic x86
code
- x86/msr: Add the IA32_TSX_CTRL MSR
- x86/cpu: Add a helper function x86_read_arch_cap_msr()
- x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
- x86/speculation/taa: Add mitigation for TSX Async Abort
- x86/speculation/taa: Add sysfs reporting for TSX Async Abort
- kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
- x86/tsx: Add "auto" option to the tsx= cmdline parameter
- x86/speculation/taa: Add documentation for TSX Async Abort
- x86/tsx: Add config options to set tsx=on|off|auto
- SAUCE: x86/speculation/taa: Call tsx_init()
- SAUCE: x86/cpu: Include cpu header from bugs.c
- [Config] Disable TSX by default when possible
* CVE-2019-0154
- SAUCE: drm/i915: Lower RM timeout to avoid DSI hard hangs
- SAUCE: drm/i915/gen8+: Add RC6 CTX corruption WA
* CVE-2019-0155
- drm/i915/gtt: Add read only pages to gen8_pte_encode
- drm/i915/gtt: Read-only pages for insert_entries on bdw+
- drm/i915/gtt: Disable read-only support under GVT
- drm/i915: Prevent writing into a read-only object via a GGTT mmap
- drm/i915/cmdparser: Check reg_table_count before derefencing.
- drm/i915/cmdparser: Do not check past the cmd length.
- drm/i915: Silence smatch for cmdparser
- drm/i915: Move engine->needs_cmd_parser to engine->flags
- SAUCE: drm/i915: Rename gen7 cmdparser tables
- SAUCE: drm/i915: Disable Secure Batches for gen6+
- SAUCE: drm/i915: Remove Master tables from cmdparser
- SAUCE: drm/i915: Add support for mandatory cmdparsing
- SAUCE: drm/i915: Support ro ppgtt mapped cmdparser shadow buffers
- SAUCE: drm/i915: Allow parsing of unsized batches
- SAUCE: drm/i915: Add gen9 BCS cmdparsing
- SAUCE: drm/i915/cmdparser: Use explicit goto for error paths
- SAUCE: drm/i915/cmdparser: Add support for backward jumps
- SAUCE: drm/i915/cmdparser: Ignore Length operands during command matching
[ Ubuntu: 4.15.0-68.77 ]
* bionic/linux: 4.15.0-68.77 -proposed tracker (LP: #1849855)
* [REGRESSION] md/raid0: cannot assemble multi-zone RAID0 with default_layout
setting (LP: #1849682)
- Revert "md/raid0: avoid RAID0 data corruption due to layout confusion."
Date: Fri, 08 Nov 2019 10:08:59 +0100
Changed-By: Stefan Bader <stefan.bader at canonical.com>
Maintainer: Launchpad Build Daemon <buildd at lcy01-amd64-006.buildd>
-------------- next part --------------
Format: 1.8
Date: Fri, 08 Nov 2019 10:08:59 +0100
Source: linux-azure
Binary: linux-azure-headers-4.15.0-1063 linux-azure-tools-4.15.0-1063 linux-azure-cloud-tools-4.15.0-1063 linux-image-unsigned-4.15.0-1063-azure linux-modules-4.15.0-1063-azure linux-modules-extra-4.15.0-1063-azure linux-headers-4.15.0-1063-azure linux-image-unsigned-4.15.0-1063-azure-dbgsym linux-tools-4.15.0-1063-azure linux-cloud-tools-4.15.0-1063-azure linux-udebs-azure linux-buildinfo-4.15.0-1063-azure
Architecture: amd64 all amd64_translations
Version: 4.15.0-1063.68
Distribution: xenial
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd at lcy01-amd64-006.buildd>
Changed-By: Stefan Bader <stefan.bader at canonical.com>
Description:
linux-azure-cloud-tools-4.15.0-1063 - Linux kernel version specific cloud tools for version 4.15.0-1063
linux-azure-headers-4.15.0-1063 - Header files related to Linux kernel version 4.15.0
linux-azure-tools-4.15.0-1063 - Linux kernel version specific tools for version 4.15.0-1063
linux-buildinfo-4.15.0-1063-azure - Linux kernel buildinfo for version 4.15.0 on 64 bit x86 SMP
linux-cloud-tools-4.15.0-1063-azure - Linux kernel version specific cloud tools for version 4.15.0-1063
linux-headers-4.15.0-1063-azure - Linux kernel headers for version 4.15.0 on 64 bit x86 SMP
linux-image-unsigned-4.15.0-1063-azure - Linux kernel image for version 4.15.0 on 64 bit x86 SMP
linux-image-unsigned-4.15.0-1063-azure-dbgsym - Linux kernel debug image for version 4.15.0 on 64 bit x86 SMP
linux-modules-4.15.0-1063-azure - Linux kernel extra modules for version 4.15.0 on 64 bit x86 SMP
linux-modules-extra-4.15.0-1063-azure - Linux kernel extra modules for version 4.15.0 on 64 bit x86 SMP
linux-tools-4.15.0-1063-azure - Linux kernel version specific tools for version 4.15.0-1063
linux-udebs-azure - Metapackage depending on kernel udebs (udeb)
Launchpad-Bugs-Fixed: 1849682 1849855 1851205
Changes:
linux-azure (4.15.0-1063.68) xenial; urgency=medium
.
* CVE-2019-11135
- [Config] azure: Disable TSX by default when possible
.
[ Ubuntu: 4.15.0-69.78 ]
.
* KVM NULL pointer deref (LP: #1851205)
- KVM: nVMX: handle page fault in vmread fix
* CVE-2018-12207
- KVM: MMU: drop vcpu param in gpte_access
- kvm: Convert kvm_lock to a mutex
- kvm: x86: Do not release the page inside mmu_set_spte()
- KVM: x86: make FNAME(fetch) and __direct_map more similar
- KVM: x86: remove now unneeded hugepage gfn adjustment
- KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON
- KVM: x86: add tracepoints around __direct_map and FNAME(fetch)
- kvm: x86, powerpc: do not allow clearing largepages debugfs entry
- SAUCE: KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is
active
- SAUCE: x86: Add ITLB_MULTIHIT bug infrastructure
- SAUCE: kvm: mmu: ITLB_MULTIHIT mitigation
- SAUCE: kvm: Add helper function for creating VM worker threads
- SAUCE: kvm: x86: mmu: Recovery of shattered NX large pages
- SAUCE: cpu/speculation: Uninline and export CPU mitigations helpers
- SAUCE: kvm: x86: mmu: Apply global mitigations knob to ITLB_MULTIHIT
* CVE-2019-11135
- KVM: x86: use Intel speculation bugs and features as derived in generic x86
code
- x86/msr: Add the IA32_TSX_CTRL MSR
- x86/cpu: Add a helper function x86_read_arch_cap_msr()
- x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
- x86/speculation/taa: Add mitigation for TSX Async Abort
- x86/speculation/taa: Add sysfs reporting for TSX Async Abort
- kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
- x86/tsx: Add "auto" option to the tsx= cmdline parameter
- x86/speculation/taa: Add documentation for TSX Async Abort
- x86/tsx: Add config options to set tsx=on|off|auto
- SAUCE: x86/speculation/taa: Call tsx_init()
- SAUCE: x86/cpu: Include cpu header from bugs.c
- [Config] Disable TSX by default when possible
* CVE-2019-0154
- SAUCE: drm/i915: Lower RM timeout to avoid DSI hard hangs
- SAUCE: drm/i915/gen8+: Add RC6 CTX corruption WA
* CVE-2019-0155
- drm/i915/gtt: Add read only pages to gen8_pte_encode
- drm/i915/gtt: Read-only pages for insert_entries on bdw+
- drm/i915/gtt: Disable read-only support under GVT
- drm/i915: Prevent writing into a read-only object via a GGTT mmap
- drm/i915/cmdparser: Check reg_table_count before derefencing.
- drm/i915/cmdparser: Do not check past the cmd length.
- drm/i915: Silence smatch for cmdparser
- drm/i915: Move engine->needs_cmd_parser to engine->flags
- SAUCE: drm/i915: Rename gen7 cmdparser tables
- SAUCE: drm/i915: Disable Secure Batches for gen6+
- SAUCE: drm/i915: Remove Master tables from cmdparser
- SAUCE: drm/i915: Add support for mandatory cmdparsing
- SAUCE: drm/i915: Support ro ppgtt mapped cmdparser shadow buffers
- SAUCE: drm/i915: Allow parsing of unsized batches
- SAUCE: drm/i915: Add gen9 BCS cmdparsing
- SAUCE: drm/i915/cmdparser: Use explicit goto for error paths
- SAUCE: drm/i915/cmdparser: Add support for backward jumps
- SAUCE: drm/i915/cmdparser: Ignore Length operands during command matching
.
[ Ubuntu: 4.15.0-68.77 ]
.
* bionic/linux: 4.15.0-68.77 -proposed tracker (LP: #1849855)
* [REGRESSION] md/raid0: cannot assemble multi-zone RAID0 with default_layout
setting (LP: #1849682)
- Revert "md/raid0: avoid RAID0 data corruption due to layout confusion."
Checksums-Sha1:
da0d85c1ae9be53fc65bdf69a63aabe42bb5d746 201752 linux-azure-cloud-tools-4.15.0-1063_4.15.0-1063.68_amd64.deb
cd5be65d1673d57564a3d7ec911d3b993c5d6658 11032032 linux-azure-headers-4.15.0-1063_4.15.0-1063.68_all.deb
6617e1493469c32e27f652242ea13704e519de09 3927868 linux-azure-tools-4.15.0-1063_4.15.0-1063.68_amd64.deb
5b0016105a34d3dfb389cb334535c85583bb749e 7235572 linux-azure_4.15.0-1063.68_amd64.tar.gz
fe6f0ff790300fab02a2dbb3f25370102dc8cd43 24551 linux-azure_4.15.0-1063.68_amd64_translations.tar.gz
19c588a435bd290ec260bcc8e36019a19d26f8fb 313234 linux-buildinfo-4.15.0-1063-azure_4.15.0-1063.68_amd64.deb
ba992f78ae9e3fda73ee40eaae883337ad4ea639 1812 linux-cloud-tools-4.15.0-1063-azure_4.15.0-1063.68_amd64.deb
6c20f64c6d158c1234ae9c58e4bb8b9ce7533dc4 1048574 linux-headers-4.15.0-1063-azure_4.15.0-1063.68_amd64.deb
b05ce5ce9d32edd1c203afc09a7e0ccf73fd6d5a 327713590 linux-image-unsigned-4.15.0-1063-azure-dbgsym_4.15.0-1063.68_amd64.ddeb
3dc664eea1ff7d9693098a260d36122911fe7dd8 7409886 linux-image-unsigned-4.15.0-1063-azure_4.15.0-1063.68_amd64.deb
c20eb281d2480c03668a4ce17ab0b35365bde786 11859028 linux-modules-4.15.0-1063-azure_4.15.0-1063.68_amd64.deb
24240769de3ea9f88d62ad77b7fed4d36481aa8b 10483000 linux-modules-extra-4.15.0-1063-azure_4.15.0-1063.68_amd64.deb
6817088bccef76f552e38de0cf06b2bad79b3ece 1880 linux-tools-4.15.0-1063-azure_4.15.0-1063.68_amd64.deb
Checksums-Sha256:
472991da11633fa28f8aa011569b0fccb1797eeb25a11463fc260b0fec1610b4 201752 linux-azure-cloud-tools-4.15.0-1063_4.15.0-1063.68_amd64.deb
1d51993e520e6031bb0e36a5c154efc2730bb1b2124d33726d2c7063ac856292 11032032 linux-azure-headers-4.15.0-1063_4.15.0-1063.68_all.deb
63d0902236efbb8592b8cae280d0ff8f96958345b245be1491d91ff0395669ea 3927868 linux-azure-tools-4.15.0-1063_4.15.0-1063.68_amd64.deb
cbf913083cfd636b6799e886756cd28ad42a018079fafeae687dd79f494f1704 7235572 linux-azure_4.15.0-1063.68_amd64.tar.gz
6beddb6122695068cc8abe45ee26f52d027e3255bc2314ccdb6cf10a7c65fa26 24551 linux-azure_4.15.0-1063.68_amd64_translations.tar.gz
17ea219fbca7932a3272cda81808bd31c80270b489c34f311441111e27dab4b9 313234 linux-buildinfo-4.15.0-1063-azure_4.15.0-1063.68_amd64.deb
34bb96bd7eb7a85d9c1750a1c09415abb28ec098e03eea66f0e0ebbeedcad032 1812 linux-cloud-tools-4.15.0-1063-azure_4.15.0-1063.68_amd64.deb
2142d62da851991d859f74defeb3fc215d0f008f4851cc60b25b4475fe225e00 1048574 linux-headers-4.15.0-1063-azure_4.15.0-1063.68_amd64.deb
bddd2c67ddf1cacf77131969a960cab8167db3d453cf4ea674013ce444d2914c 327713590 linux-image-unsigned-4.15.0-1063-azure-dbgsym_4.15.0-1063.68_amd64.ddeb
2fe379ecb5ff5e9d8fdf3587c064bc1b2affbd14ccc38f5ef5c4c9488906ffb5 7409886 linux-image-unsigned-4.15.0-1063-azure_4.15.0-1063.68_amd64.deb
6514981e311492dd039a91597f8ef0bdd06764cb1242ce9a6c0afd0a3367287f 11859028 linux-modules-4.15.0-1063-azure_4.15.0-1063.68_amd64.deb
776c7c1253da1cdd147d5e582b8345f49681b5dffc0d930c16f103584bef554d 10483000 linux-modules-extra-4.15.0-1063-azure_4.15.0-1063.68_amd64.deb
414b87acc2a58b37a85e5fbe20d839738f4a7e59e3731cda9bae8ca06ee5cccf 1880 linux-tools-4.15.0-1063-azure_4.15.0-1063.68_amd64.deb
Files:
561f69767ea0c381856c599a6150324b 201752 devel optional linux-azure-cloud-tools-4.15.0-1063_4.15.0-1063.68_amd64.deb
a73363560ce4d173da5a362e953aad0e 11032032 devel optional linux-azure-headers-4.15.0-1063_4.15.0-1063.68_all.deb
a5a37158b050ff6e8970dbafa11d2938 3927868 devel optional linux-azure-tools-4.15.0-1063_4.15.0-1063.68_amd64.deb
7bacde32ad928ce2e1a0a8283c585242 7235572 raw-signing - linux-azure_4.15.0-1063.68_amd64.tar.gz
4ffb0d2e3c5c04307eb9a3e1f5486704 24551 raw-translations - linux-azure_4.15.0-1063.68_amd64_translations.tar.gz
0558cce4349206757ceaa355be957272 313234 kernel optional linux-buildinfo-4.15.0-1063-azure_4.15.0-1063.68_amd64.deb
7edb83243ac0307b94ada5da7513a09d 1812 devel optional linux-cloud-tools-4.15.0-1063-azure_4.15.0-1063.68_amd64.deb
26bf725b08e2ef5bc32cf3dae4f55183 1048574 devel optional linux-headers-4.15.0-1063-azure_4.15.0-1063.68_amd64.deb
7d9316080f0b435794032ba1400b7a34 327713590 devel optional linux-image-unsigned-4.15.0-1063-azure-dbgsym_4.15.0-1063.68_amd64.ddeb
3cae45c667db570368d61372da0a4ce6 7409886 kernel optional linux-image-unsigned-4.15.0-1063-azure_4.15.0-1063.68_amd64.deb
92450bcb9aaad4374aaf5efe38385ea1 11859028 kernel optional linux-modules-4.15.0-1063-azure_4.15.0-1063.68_amd64.deb
023eaf16c127a1960c8dddd3fa39772d 10483000 kernel optional linux-modules-extra-4.15.0-1063-azure_4.15.0-1063.68_amd64.deb
df1dda9a12ef970b6ff6cd13e0c54b97 1880 devel optional linux-tools-4.15.0-1063-azure_4.15.0-1063.68_amd64.deb
More information about the Xenial-changes
mailing list