Ubuntu
linux-gkeop package

linux-gkeop 5.15.0-1026.31 source package in Ubuntu

Changelog

linux-gkeop (5.15.0-1026.31) jammy; urgency=medium

  * jammy/linux-gkeop: 5.15.0-1026.31 -proposed tracker (LP: #2030560)

  * CVE-2022-40982
    - [Config] Enable CONFIG_ARCH_HAS_CPU_FINALIZE_INIT and
      CONFIG_GDS_FORCE_MITIGATION

  * Packaging resync (LP: #1786013)
    - [Packaging] resync update-dkms-versions helper
    - debian/dkms-versions -- update from kernel-versions (main/s2023.07.10)

  [ Ubuntu: 5.15.0-82.91 ]

  * jammy/linux: 5.15.0-82.91 -proposed tracker (LP: #2031147)
  * libgnutls report "trap invalid opcode" when trying to install packages over
    https (LP: #2031093)
    - [Config]: disable CONFIG_GDS_FORCE_MITIGATION

  [ Ubuntu: 5.15.0-80.89 ]

  * jammy/linux: 5.15.0-80.87 -proposed tracker (LP: #2030588)
  * CVE-2022-40982
    - x86/mm: Initialize text poking earlier
    - x86/mm: fix poking_init() for Xen PV guests
    - x86/mm: Use mm_alloc() in poking_init()
    - mm: Move mm_cachep initialization to mm_init()
    - init: Provide arch_cpu_finalize_init()
    - x86/cpu: Switch to arch_cpu_finalize_init()
    - ARM: cpu: Switch to arch_cpu_finalize_init()
    - sparc/cpu: Switch to arch_cpu_finalize_init()
    - um/cpu: Switch to arch_cpu_finalize_init()
    - init: Remove check_bugs() leftovers
    - init: Invoke arch_cpu_finalize_init() earlier
    - init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init()
    - x86/init: Initialize signal frame size late
    - x86/fpu: Remove cpuinfo argument from init functions
    - x86/fpu: Mark init functions __init
    - x86/fpu: Move FPU initialization into arch_cpu_finalize_init()
    - x86/xen: Fix secondary processors' FPU initialization
    - x86/speculation: Add Gather Data Sampling mitigation
    - x86/speculation: Add force option to GDS mitigation
    - x86/speculation: Add Kconfig option for GDS
    - KVM: Add GDS_NO support to KVM
    - Documentation/x86: Fix backwards on/off logic about YMM support
    - [Config]: Enable CONFIG_ARCH_HAS_CPU_FINALIZE_INIT and
      CONFIG_GDS_FORCE_MITIGATION
  * CVE-2023-21400
    - io_uring: ensure IOPOLL locks around deferred work
  * CVE-2023-4015
    - netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound
      set/chain
    - netfilter: nf_tables: unbind non-anonymous set if rule construction fails
    - netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR
  * CVE-2023-3777
    - netfilter: nf_tables: skip bound chain on rule flush
  * CVE-2023-3995
    - netfilter: nf_tables: disallow rule addition to bound chain via
      NFTA_RULE_CHAIN_ID
  * CVE-2023-20593
    - x86/cpu/amd: Move the errata checking functionality up
    - x86/cpu/amd: Add a Zenbleed fix
  * CVE-2023-3776
    - net/sched: cls_fw: Fix improper refcount update leads to use-after-free
  * CVE-2023-4004
    - netfilter: nft_set_pipapo: fix improper element removal
  * CVE-2023-3611
    - net/sched: sch_qfq: refactor parsing of netlink parameters
    - net/sched: sch_qfq: account for stab overhead in qfq_enqueue
  * CVE-2023-3610
    - netfilter: nf_tables: fix chain binding transaction logic
  * CVE-2023-3609
    - net/sched: cls_u32: Fix reference counter leak leading to overflow

 -- Thibault Ferrante <email address hidden>  Thu, 17 Aug 2023 14:40:27 +0200

Upload details

Uploaded by:
Thibf
Sponsored by:
Khaled El Mously
Uploaded to:
Jammy
Original maintainer:
Ubuntu Kernel Team
Architectures:
all amd64
Section:
devel
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Jammy: [FULLYBUILT] amd64

Downloads

File Size SHA-256 Checksum
linux-gkeop_5.15.0.orig.tar.gz 185.9 MiB 4d7908da75ad50a70a0141721e259c2589b7bdcc317f7bd885b80c2ffa689211
linux-gkeop_5.15.0-1026.31.diff.gz 10.2 MiB 4b30c53a29aca08dc5210d6beba572ed68ec0262b337e8fa89ff448d7392ddfd
linux-gkeop_5.15.0-1026.31.dsc 4.1 KiB 119cd0a5eb42de6c157f4a09ad20c169c7a44e784274f983b077d7e6090f0c6c

View changes file

Binary packages built by this source

linux-buildinfo-5.15.0-1026-gkeop: Linux kernel buildinfo for version 5.15.0 on 64 bit x86 SMP

 This package contains the Linux kernel buildinfo for version 5.15.0 on
 64 bit x86 SMP.
 .
 You likely do not want to install this package.

linux-cloud-tools-5.15.0-1026-gkeop: Linux kernel version specific cloud tools for version 5.15.0-1026

 This package provides the architecture dependant parts for kernel
 version locked tools for cloud for version 5.15.0-1026 on
 64 bit x86.

linux-gkeop-cloud-tools-5.15.0-1026: Linux kernel version specific cloud tools for version 5.15.0-1026

 This package provides the architecture dependant parts for kernel
 version locked tools for cloud tools for version 5.15.0-1026 on
 64 bit x86.
 You probably want to install linux-cloud-tools-5.15.0-1026-<flavour>.

linux-gkeop-headers-5.15.0-1026: Header files related to Linux kernel version 5.15.0

 This package provides kernel header files for version 5.15.0, for sites
 that want the latest kernel headers. Please read
 /usr/share/doc/linux-gkeop-headers-5.15.0-1026/debian.README.gz for details

linux-gkeop-tools-5.15.0-1026: Linux kernel version specific tools for version 5.15.0-1026

 This package provides the architecture dependant parts for kernel
 version locked tools (such as perf and x86_energy_perf_policy) for
 version 5.15.0-1026 on
 64 bit x86.
 You probably want to install linux-tools-5.15.0-1026-<flavour>.

linux-headers-5.15.0-1026-gkeop: Linux kernel headers for version 5.15.0 on 64 bit x86 SMP

 This package provides kernel header files for version 5.15.0 on
 64 bit x86 SMP.
 .
 This is for sites that want the latest kernel headers. Please read
 /usr/share/doc/linux-headers-5.15.0-1026/debian.README.gz for details.

linux-image-unsigned-5.15.0-1026-gkeop: Linux kernel image for version 5.15.0 on 64 bit x86 SMP

 This package contains the unsigned Linux kernel image for version 5.15.0 on
 64 bit x86 SMP.
 .
 Supports amd64 processors.
 .
 Geared toward GKE on-prem installations.
 .
 You likely do not want to install this package directly. Instead, install
 the linux-gkeop meta-package, which will ensure that upgrades work
 correctly, and that supporting packages are also installed.

linux-image-unsigned-5.15.0-1026-gkeop-dbgsym: Linux kernel debug image for version 5.15.0 on 64 bit x86 SMP

 This package provides the unsigned kernel debug image for version 5.15.0 on
 64 bit x86 SMP.
 .
 This is for sites that wish to debug the kernel.
 .
 The kernel image contained in this package is NOT meant to boot from. It
 is uncompressed, and unstripped. This package also includes the
 unstripped modules.

linux-modules-5.15.0-1026-gkeop: Linux kernel extra modules for version 5.15.0 on 64 bit x86 SMP

 Contains the corresponding System.map file, the modules built by the
 packager, and scripts that try to ensure that the system is not left in an
 unbootable state after an update.
 .
 Supports amd64 processors.
 .
 Geared toward GKE on-prem installations.
 .
 You likely do not want to install this package directly. Instead, install
 the linux-gkeop meta-package, which will ensure that upgrades work
 correctly, and that supporting packages are also installed.

linux-modules-extra-5.15.0-1026-gkeop: Linux kernel extra modules for version 5.15.0 on 64 bit x86 SMP

 This package contains the Linux kernel extra modules for version 5.15.0 on
 64 bit x86 SMP.
 .
 Also includes the corresponding System.map file, the modules built by the
 packager, and scripts that try to ensure that the system is not left in an
 unbootable state after an update.
 .
 Supports amd64 processors.
 .
 Geared toward GKE on-prem installations.
 .
 You likely do not want to install this package directly. Instead, install
 the linux-gkeop meta-package, which will ensure that upgrades work
 correctly, and that supporting packages are also installed.

linux-tools-5.15.0-1026-gkeop: Linux kernel version specific tools for version 5.15.0-1026

 This package provides the architecture dependant parts for kernel
 version locked tools (such as perf and x86_energy_perf_policy) for
 version 5.15.0-1026 on
 64 bit x86.