Ubuntu
linux-aws package

linux-aws 4.4.0-1069.79 source package in Ubuntu

Changelog

linux-aws (4.4.0-1069.79) xenial; urgency=medium

  [ Ubuntu: 4.4.0-137.163 ]

  * CVE-2018-14633
    - iscsi target: Use hex2bin instead of a re-implementation
  * CVE-2018-17182
    - mm: get rid of vmacache_flush_all() entirely

linux-aws (4.4.0-1068.78) xenial; urgency=medium

  * linux-aws: 4.4.0-1068.78 -proposed tracker (LP: #1791749)

  * Xenial update to 4.4.141 stable release (LP: #1790620)
    - [Config] Refresh configs for 4.4.141

  [ Ubuntu: 4.4.0-136.162 ]

  * linux: 4.4.0-136.162 -proposed tracker (LP: #1791745)
  * CVE-2017-5753
    - bpf: properly enforce index mask to prevent out-of-bounds speculation
    - Revert "UBUNTU: SAUCE: bpf: Use barrier_nospec() instead of osb()"
    - Revert "bpf: prevent speculative execution in eBPF interpreter"
  * L1TF mitigation not effective in some CPU and RAM combinations
    (LP: #1788563) // CVE-2018-3620 // CVE-2018-3646
    - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
    - x86/speculation/l1tf: Fix off-by-one error when warning that system has too
      much RAM
    - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+
  * CVE-2018-15594
    - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests
  * Xenial update to 4.4.144 stable release (LP: #1791080)
    - KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in
      parallel.
    - x86/MCE: Remove min interval polling limitation
    - fat: fix memory allocation failure handling of match_strdup()
    - ALSA: rawmidi: Change resized buffers atomically
    - ARC: Fix CONFIG_SWAP
    - ARC: mm: allow mprotect to make stack mappings executable
    - mm: memcg: fix use after free in mem_cgroup_iter()
    - ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns
    - ipv6: fix useless rol32 call on hash
    - lib/rhashtable: consider param->min_size when setting initial table size
    - net/ipv4: Set oif in fib_compute_spec_dst
    - net: phy: fix flag masking in __set_phy_supported
    - ptp: fix missing break in switch
    - tg3: Add higher cpu clock for 5762.
    - net: Don't copy pfmemalloc flag in __copy_skb_header()
    - skbuff: Unconditionally copy pfmemalloc in __skb_clone()
    - xhci: Fix perceived dead host due to runtime suspend race with event handler
    - x86/paravirt: Make native_save_fl() extern inline
    - SAUCE: Add missing CPUID_7_EDX defines
    - SAUCE: x86/speculation: Expose indirect_branch_prediction_barrier()
    - x86/pti: Mark constant arrays as __initconst
    - x86/asm/entry/32: Simplify pushes of zeroed pt_regs->REGs
    - x86/entry/64/compat: Clear registers for compat syscalls, to reduce
      speculation attack surface
    - x86/speculation: Clean up various Spectre related details
    - x86/speculation: Fix up array_index_nospec_mask() asm constraint
    - x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend
    - x86/mm: Factor out LDT init from context init
    - x86/mm: Give each mm TLB flush generation a unique ID
    - SAUCE: x86/speculation: Use Indirect Branch Prediction Barrier in context
      switch
    - x86/speculation: Use IBRS if available before calling into firmware
    - x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP
    - selftest/seccomp: Fix the seccomp(2) signature
    - xen: set cpu capabilities from xen_start_kernel()
    - x86/amd: don't set X86_BUG_SYSRET_SS_ATTRS when running under Xen
    - SAUCE: Preserve SPEC_CTRL MSR in new inlines
    - SAUCE: Add Knights Mill to NO SSB list
    - x86/process: Correct and optimize TIF_BLOCKSTEP switch
    - x86/process: Optimize TIF_NOTSC switch
    - Revert "x86/cpufeatures: Add FEATURE_ZEN"
    - Revert "x86/cpu/AMD: Fix erratum 1076 (CPB bit)"
    - x86/cpu/AMD: Fix erratum 1076 (CPB bit)
    - x86/cpufeatures: Add FEATURE_ZEN
    - x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths
    - x86/cpu: Re-apply forced caps every time CPU caps are re-read
    - block: do not use interruptible wait anywhere
    - clk: tegra: Fix PLL_U post divider and initial rate on Tegra30
    - ubi: Introduce vol_ignored()
    - ubi: Rework Fastmap attach base code
    - ubi: Be more paranoid while seaching for the most recent Fastmap
    - ubi: Fix races around ubi_refill_pools()
    - ubi: Fix Fastmap's update_vol()
    - ubi: fastmap: Erase outdated anchor PEBs during attach
    - Linux 4.4.144
  * CVE-2017-5715 (Spectre v2 s390x)
    - s390: detect etoken facility
    - s390/lib: use expoline for all bcr instructions
    - SAUCE: s390: use expoline thunks for all branches generated by the BPF JIT
  * Xenial update to 4.4.143 stable release (LP: #1790884)
    - compiler, clang: suppress warning for unused static inline functions
    - compiler, clang: properly override 'inline' for clang
    - compiler, clang: always inline when CONFIG_OPTIMIZE_INLINING is disabled
    - compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations
    - x86/asm: Add _ASM_ARG* constants for argument registers to <asm/asm.h>
    - ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent
    - bcm63xx_enet: correct clock usage
    - bcm63xx_enet: do not write to random DMA channel on BCM6345
    - crypto: crypto4xx - remove bad list_del
    - crypto: crypto4xx - fix crypto4xx_build_pdr, crypto4xx_build_sdr leak
    - atm: zatm: Fix potential Spectre v1
    - net: dccp: avoid crash in ccid3_hc_rx_send_feedback()
    - net: dccp: switch rx_tstamp_last_feedback to monotonic clock
    - net/mlx5: Fix incorrect raw command length parsing
    - net: sungem: fix rx checksum support
    - qed: Limit msix vectors in kdump kernel to the minimum required count.
    - r8152: napi hangup fix after disconnect
    - tcp: fix Fast Open key endianness
    - tcp: prevent bogus FRTO undos with non-SACK flows
    - vhost_net: validate sock before trying to put its fd
    - net_sched: blackhole: tell upper qdisc about dropped packets
    - net/mlx5: Fix command interface race in polling mode
    - net: cxgb3_main: fix potential Spectre v1
    - rtlwifi: rtl8821ae: fix firmware is not ready to run
    - MIPS: Call dump_stack() from show_regs()
    - MIPS: Use async IPIs for arch_trigger_cpumask_backtrace()
    - netfilter: ebtables: reject non-bridge targets
    - KEYS: DNS: fix parsing multiple options
    - rds: avoid unenecessary cong_update in loop transport
    - net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL.
    - Linux 4.4.143
  * Xenial update to 4.4.142 stable release (LP: #1790883)
    - Kbuild: fix # escaping in .cmd files for future Make
    - perf tools: Move syscall number fallbacks from perf-sys.h to
      tools/arch/x86/include/asm/
    - Linux 4.4.142
  * Xenial update to 4.4.141 stable release (LP: #1790620)
    - MIPS: Fix ioremap() RAM check
    - ibmasm: don't write out of bounds in read handler
    - vmw_balloon: fix inflation with batching
    - ahci: Disable LPM on Lenovo 50 series laptops with a too old BIOS
    - USB: serial: ch341: fix type promotion bug in ch341_control_in()
    - USB: serial: cp210x: add another USB ID for Qivicon ZigBee stick
    - USB: serial: keyspan_pda: fix modem-status error handling
    - USB: yurex: fix out-of-bounds uaccess in read handler
    - USB: serial: mos7840: fix status-register error handling
    - usb: quirks: add delay quirks for Corsair Strafe
    - xhci: xhci-mem: off by one in xhci_stream_id_to_ring()
    - HID: usbhid: add quirk for innomedia INNEX GENESIS/ATARI adapter
    - tools build: fix # escaping in .cmd files for future Make
    - iw_cxgb4: correctly enforce the max reg_mr depth
    - x86/cpufeature: Move some of the scattered feature bits to x86_capability
    - x86/cpu: Provide a config option to disable static_cpu_has
    - x86/fpu: Add an XSTATE_OP() macro
    - x86/fpu: Get rid of xstate_fault()
    - x86/headers: Don't include asm/processor.h in asm/atomic.h
    - x86/cpufeature: Replace the old static_cpu_has() with safe variant
    - x86/cpufeature: Get rid of the non-asm goto variant
    - x86/alternatives: Add an auxilary section
    - x86/alternatives: Discard dynamic check after init
    - x86/vdso: Use static_cpu_has()
    - x86/boot: Simplify kernel load address alignment check
    - x86/cpufeature: Speed up cpu_feature_enabled()
    - x86/cpufeature, x86/mm/pkeys: Add protection keys related CPUID definitions
    - x86/mm/pkeys: Fix mismerge of protection keys CPUID bits
    - x86/cpu: Add detection of AMD RAS Capabilities
    - x86/cpufeature, x86/mm/pkeys: Fix broken compile-time disabling of pkeys
    - x86/cpufeature: Make sure DISABLED/REQUIRED macros are updated
    - x86/cpufeature: Add helper macro for mask check macros
    - uprobes/x86: Remove incorrect WARN_ON() in uprobe_init_insn()
    - netfilter: nf_queue: augment nfqa_cfg_policy
    - netfilter: x_tables: initialise match/target check parameter struct
    - loop: add recursion validation to LOOP_CHANGE_FD
    - PM / hibernate: Fix oops at snapshot_write()
    - SAUCE: RDMA/ucm: Blacklist UCM module
    - loop: remember whether sysfs_create_group() was done
    - Linux 4.4.141
    - [Config] Refresh configs for 4.4.141
  * regression with EXT4 file systems and meta_bg flag (LP: #1789653)
    - ext4: fix false negatives *and* false positives in ext4_check_descriptors()
  * CVE-2018-15572
    - x86/speculation: Protect against userspace-userspace spectreRSB
  * random oopses on s390 systems using NVMe devices (LP: #1790480)
    - s390/pci: fix out of bounds access during irq setup
  * CVE-2018-6555
    - SAUCE: irda: Only insert new objects into the global database via setsockopt
  * CVE-2018-6554
    - SAUCE: irda: Fix memory leak caused by repeated binds of irda socket
  * errors when scanning partition table of corrupted AIX disk (LP: #1787281)
    - partitions/aix: fix usage of uninitialized lv_info and lvname structures
    - partitions/aix: append null character to print data from disk

 -- Stefan Bader <email address hidden>  Mon, 24 Sep 2018 15:18:07 +0200

Upload details

Uploaded by:
Stefan Bader
Uploaded to:
Xenial
Original maintainer:
Ubuntu Kernel Team
Architectures:
all amd64
Section:
devel
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Xenial: [FULLYBUILT] amd64

Downloads

File Size SHA-256 Checksum
linux-aws_4.4.0.orig.tar.gz 126.7 MiB 730e75919b5d30a9bc934ccb300eaedfdf44994ca9ee1d07a46901c46c221357
linux-aws_4.4.0-1069.79.diff.gz 17.9 MiB ec19f26995af22d52aba420187b4b244faf32cea0b833d7681ef9cfbae09d791
linux-aws_4.4.0-1069.79.dsc 3.5 KiB a467313cf6c4635d5c675ad5e5035e6f034920f084c38d6abe82130d1e7e25f0

View changes file

Binary packages built by this source

linux-aws-cloud-tools-4.4.0-1069: Linux kernel version specific cloud tools for version 4.4.0-1069

 This package provides the architecture dependant parts for kernel
 version locked tools for cloud tools for version 4.4.0-1069 on
 64 bit x86.
 You probably want to install linux-cloud-tools-4.4.0-1069-<flavour>.

linux-aws-cloud-tools-4.4.0-1069-dbgsym: debug symbols for package linux-aws-cloud-tools-4.4.0-1069

 This package provides the architecture dependant parts for kernel
 version locked tools for cloud tools for version 4.4.0-1069 on
 64 bit x86.
 You probably want to install linux-cloud-tools-4.4.0-1069-<flavour>.

linux-aws-headers-4.4.0-1069: Header files related to Linux kernel version 4.4.0

 This package provides kernel header files for version 4.4.0, for sites
 that want the latest kernel headers. Please read
 /usr/share/doc/linux-aws-headers-4.4.0-1069/debian.README.gz for details

linux-aws-tools-4.4.0-1069: Linux kernel version specific tools for version 4.4.0-1069

 This package provides the architecture dependant parts for kernel
 version locked tools (such as perf and x86_energy_perf_policy) for
 version 4.4.0-1069 on
 64 bit x86.
 You probably want to install linux-tools-4.4.0-1069-<flavour>.

linux-aws-tools-4.4.0-1069-dbgsym: debug symbols for package linux-aws-tools-4.4.0-1069

 This package provides the architecture dependant parts for kernel
 version locked tools (such as perf and x86_energy_perf_policy) for
 version 4.4.0-1069 on
 64 bit x86.
 You probably want to install linux-tools-4.4.0-1069-<flavour>.

linux-cloud-tools-4.4.0-1069-aws: Linux kernel version specific cloud tools for version 4.4.0-1069

 This package provides the architecture dependant parts for kernel
 version locked tools for cloud for version 4.4.0-1069 on
 64 bit x86.

linux-headers-4.4.0-1069-aws: Linux kernel headers for version 4.4.0 on 64 bit x86 SMP

 This package provides kernel header files for version 4.4.0 on
 64 bit x86 SMP.
 .
 This is for sites that want the latest kernel headers. Please read
 /usr/share/doc/linux-headers-4.4.0-1069/debian.README.gz for details.

linux-image-4.4.0-1069-aws: Linux kernel image for version 4.4.0 on 64 bit x86 SMP

 This package contains the Linux kernel image for version 4.4.0 on
 64 bit x86 SMP.
 .
 Also includes the corresponding System.map file, the modules built by the
 packager, and scripts that try to ensure that the system is not left in an
 unbootable state after an update.
 .
 Supports AWS processors.
 .
 Geared toward Amazon Web Services (AWS) systems.
 .
 You likely do not want to install this package directly. Instead, install
 the linux-aws meta-package, which will ensure that upgrades work
 correctly, and that supporting packages are also installed.

linux-image-4.4.0-1069-aws-dbgsym: Linux kernel debug image for version 4.4.0 on 64 bit x86 SMP

 This package provides a kernel debug image for version 4.4.0 on
 64 bit x86 SMP.
 .
 This is for sites that wish to debug the kernel.
 .
 The kernel image contained in this package is NOT meant to boot from. It
 is uncompressed, and unstripped. This package also includes the
 unstripped modules.

linux-tools-4.4.0-1069-aws: Linux kernel version specific tools for version 4.4.0-1069

 This package provides the architecture dependant parts for kernel
 version locked tools (such as perf and x86_energy_perf_policy) for
 version 4.4.0-1069 on
 64 bit x86.