Publishing details
-
Published
-
Copied from
ubuntu trusty in
Canonical Kernel Security PPA
by Andy Whitcroft
Changelog
linux-aws (4.4.0-1044.47) trusty; urgency=medium
[ Ubuntu: 4.4.0-148.174 ]
* CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
- Documentation/l1tf: Fix small spelling typo
- perf/x86/intel: Add model number for Skylake Server to perf
- perf/x86: Add model numbers for Kabylake CPUs
- perf/x86/intel: Use Intel family macros for core perf events
- perf/x86/msr: Use Intel family macros for MSR events code
- perf/x86/msr: Add missing Intel models
- SAUCE: perf/x86/{cstate,rapl,uncore}: Use Intel Model name macros
- perf/x86/msr: Add missing CPU IDs
- x86/speculation: Simplify the CPU bug detection logic
- x86/cpu: Sanitize FAM6_ATOM naming
- kvm: x86: Report STIBP on GET_SUPPORTED_CPUID
- bitops: avoid integer overflow in GENMASK(_ULL)
- locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a
new <linux/bits.h> file
- tools include: Adopt linux/bits.h
- x86/msr-index: Cleanup bit defines
- x86/speculation: Consolidate CPU whitelists
- x86/speculation/mds: Add basic bug infrastructure for MDS
- x86/speculation/mds: Add BUG_MSBDS_ONLY
- x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests
- x86/speculation/mds: Add mds_clear_cpu_buffers()
- locking/static_keys: Provide DECLARE and well as DEFINE macros
- x86/speculation/mds: Clear CPU buffers on exit to user
- x86/kvm/vmx: Add MDS protection when L1D Flush is not active
- x86/speculation/mds: Conditionally clear CPU buffers on idle entry
- SAUCE: sched/smt: Introduce sched_smt_{active,present}
- SAUCE: Rename the Ubuntu-only spec_ctrl_mutex mutex
- SAUCE: x86/speculation: Introduce arch_smt_update()
- x86/speculation: Rework SMT state change
- x86/speculation: Reorder the spec_v2 code
- x86/speculation: Unify conditional spectre v2 print functions
- x86/speculation/mds: Add mitigation control for MDS
- x86/speculation/mds: Add sysfs reporting for MDS
- x86/speculation/mds: Add mitigation mode VMWERV
- Documentation: Move L1TF to separate directory
- Documentation: Add MDS vulnerability documentation
- x86/speculation/mds: Add mds=full,nosmt cmdline option
- x86/speculation: Move arch_smt_update() call to after mitigation decisions
- x86/speculation/mds: Add SMT warning message
- x86/speculation/mds: Fix comment
- x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
- x86/speculation/mds: Add 'mitigations=' support for MDS
* CVE-2017-5715 // CVE-2017-5753
- s390/speculation: Support 'mitigations=' cmdline option
* CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754 // CVE-2018-3639
- powerpc/speculation: Support 'mitigations=' cmdline option
* CVE-2017-5715 // CVE-2017-5754 // CVE-2018-3620 // CVE-2018-3639 //
CVE-2018-3646
- cpu/speculation: Add 'mitigations=' cmdline option
- x86/speculation: Support 'mitigations=' cmdline option
* Packaging resync (LP: #1786013)
- [Packaging] resync git-ubuntu-log
linux-aws (4.4.0-1043.46) trusty; urgency=medium
* linux-aws: 4.4.0-1043.46 -proposed tracker (LP: #1826034)
* Packaging resync (LP: #1786013)
- [Packaging] resync git-ubuntu-log
[ Ubuntu: 4.4.0-147.173 ]
* linux: 4.4.0-147.173 -proposed tracker (LP: #1826036)
* Packaging resync (LP: #1786013)
- [Packaging] resync git-ubuntu-log
* Xenial: Sync to upstream v4.9 (Spectre) (LP: #1820872)
- SAUCE: cpu/hotplug: Fix Documentation/kernel-parameters.txt
- SAUCE: Fix typo in Documentation/kernel-parameters.txt
- SAUCE: x86: Move hunks and sync to upstream stable 4.9
- Revert "module: Add retpoline tag to VERMAGIC"
* CVE-2017-5753
- posix-timers: Protect posix clock array access against speculation
- arm64: fix possible spectre-v1 in ptrace_hbp_get_event()
- sched/autogroup: Fix possible Spectre-v1 indexing for sched_prio_to_weight[]
- media: dvb_ca_en50221: prevent using slot_info for Spectre attacs
- s390/keyboard: sanitize array index in do_kdsk_ioctl
- arm64: fix possible spectre-v1 write in ptrace_hbp_set_event()
- pktcdvd: Fix possible Spectre-v1 for pkt_devs
- net: socket: Fix potential spectre v1 gadget in sock_is_registered
- net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd()
- hwmon: (nct6775) Fix potential Spectre v1
- mac80211_hwsim: Fix possible Spectre-v1 for hwsim_world_regdom_custom
- nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT
- ipmi: msghandler: Fix potential Spectre v1 vulnerabilities
- powerpc/ptrace: Mitigate potential Spectre v1
- cfg80211: prevent speculation on cfg80211_classify8021d() return
- ALSA: rawmidi: Fix potential Spectre v1 vulnerability
- ALSA: seq: oss: Fix Spectre v1 vulnerability
* CVE-2019-3874
- sctp: fix the issue that a __u16 variable may overflow in sctp_ulpq_renege
- sctp: use sk_wmem_queued to check for writable space
- sctp: implement memory accounting on tx path
- sctp: implement memory accounting on rx path
* Kprobe event argument syntax in ftrace from ubuntu_kernel_selftests failed
on B PowerPC (LP: #1812809)
- selftests/ftrace: Add ppc support for kprobe args tests
* CVE-2019-3882
- vfio/type1: Limit DMA mappings per container
* Intel I210 Ethernet card not working after hotplug [8086:1533]
(LP: #1818490)
- igb: Fix WARN_ONCE on runtime suspend
* TSC clocksource not available in nested guests (LP: #1822821)
- x86/tsc: Add X86_FEATURE_TSC_KNOWN_FREQ flag
- kvmclock: fix TSC calibration for nested guests
* Remove btrfs module after a failed fallocate attempt will cause error on 4.4
i386 (LP: #1822579)
- Btrfs: fix extent map leak during fallocate error path
* systemd cause kernel trace "BUG: unable to handle kernel paging request at
6db23a14" on Cosmic i386 (LP: #1813244) // systemd cause kernel trace "BUG:
unable to handle kernel paging request at 6db23a14" on Cosmic i386
(LP: #1813244)
- openvswitch: fix flow actions reallocation
-- Stefan Bader <email address hidden> Wed, 08 May 2019 20:17:36 +0200
Builds
Built packages
-
linux-aws-cloud-tools-4.4.0-1044
Linux kernel version specific cloud tools for version 4.4.0-1044
-
linux-aws-headers-4.4.0-1044
Header files related to Linux kernel version 4.4.0
-
linux-aws-tools-4.4.0-1044
Linux kernel version specific tools for version 4.4.0-1044
-
linux-buildinfo-4.4.0-1044-aws
Linux kernel buildinfo for version 4.4.0 on 64 bit x86 SMP
-
linux-cloud-tools-4.4.0-1044-aws
Linux kernel version specific cloud tools for version 4.4.0-1044
-
linux-headers-4.4.0-1044-aws
Linux kernel headers for version 4.4.0 on 64 bit x86 SMP
-
linux-image-4.4.0-1044-aws
Linux kernel image for version 4.4.0 on 64 bit x86 SMP
-
linux-image-4.4.0-1044-aws-dbgsym
Linux kernel debug image for version 4.4.0 on 64 bit x86 SMP
-
linux-modules-4.4.0-1044-aws
Linux kernel extra modules for version 4.4.0 on 64 bit x86 SMP
-
linux-tools-4.4.0-1044-aws
Linux kernel version specific tools for version 4.4.0-1044
Package files