-linux (4.13.0-42.47) UNRELEASED; urgency=medium
+linux (4.13.0-45.50) UNRELEASED; urgency=medium
CHANGELOG: Do not edit directly. Autogenerated at release.
CHANGELOG: Use the printchanges target to see the curent changes.
CHANGELOG: Use the insertchanges target to create the final log.
- -- Kleber Sacilotto de Souza <kleber.souza@canonical.com> Mon, 07 May 2018 13:11:43 +0200
+ -- Stefan Bader <stefan.bader@canonical.com> Mon, 28 May 2018 16:10:36 +0200
+
+linux (4.13.0-44.49) artful; urgency=medium
+
+ * linux: 4.13.0-44.49 -proposed tracker (LP: #1772951)
+
+ * CVE-2018-3639 (x86)
+ - x86/cpu: Make alternative_msr_write work for 32-bit code
+ - x86/cpu/AMD: Fix erratum 1076 (CPB bit)
+ - x86/bugs: Fix the parameters alignment and missing void
+ - KVM: SVM: Move spec control call after restore of GS
+ - x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP
+ - x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS
+ - x86/cpufeatures: Disentangle SSBD enumeration
+ - x86/cpufeatures: Add FEATURE_ZEN
+ - x86/speculation: Handle HT correctly on AMD
+ - x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL
+ - x86/speculation: Add virtualized speculative store bypass disable support
+ - x86/speculation: Rework speculative_store_bypass_update()
+ - x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host}
+ - x86/bugs: Expose x86_spec_ctrl_base directly
+ - x86/bugs: Remove x86_spec_ctrl_set()
+ - x86/bugs: Rework spec_ctrl base and mask logic
+ - x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG
+ - KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD
+ - x86/bugs: Rename SSBD_NO to SSB_NO
+ - bpf: Prevent memory disambiguation attack
+ - KVM: VMX: Expose SSBD properly to guests.
+
+ * [Ubuntu 16.04] kernel: fix rwlock implementation (LP: #1761674)
+ - SAUCE: (no-up) s390: fix rwlock implementation
+
+ * CVE-2018-7492
+ - rds: Fix NULL pointer dereference in __rds_rdma_map
+
+ * CVE-2018-8781
+ - drm: udl: Properly check framebuffer mmap offsets
+
+ * fsnotify: Fix fsnotify_mark_connector race (LP: #1765564)
+ - fsnotify: Fix fsnotify_mark_connector race
+
+ * Kernel panic on boot (m1.small in cn-north-1) (LP: #1771679)
+ - x86/xen: Reset VCPU0 info pointer after shared_info remap
+
+ * Suspend to idle: Open lid didn't resume (LP: #1771542)
+ - ACPI / PM: Do not reconfigure GPEs for suspend-to-idle
+
+ * CVE-2018-1092
+ - ext4: fail ext4_iget for root directory if unallocated
+
+ * [SRU][Artful] using vfio-pci on a combination of cn8xxx and some PCI devices
+ results in a kernel panic. (LP: #1770254)
+ - PCI: Avoid bus reset if bridge itself is broken
+ - PCI: Mark Cavium CN8xxx to avoid bus reset
+ - PCI: Avoid slot reset if bridge itself is broken
+
+ * Battery drains when laptop is off (shutdown) (LP: #1745646)
+ - PCI / PM: Check device_may_wakeup() in pci_enable_wake()
+
+ * perf record crash: refcount_inc assertion failed (LP: #1769027)
+ - perf cgroup: Fix refcount usage
+ - perf xyarray: Fix wrong processing when closing evsel fd
+
+ * Dell Latitude 5490/5590 BIOS update 1.1.9 causes black screen at boot
+ (LP: #1764194)
+ - drm/i915/bios: filter out invalid DDC pins from VBT child devices
+
+ * Fix an issue that some PCI devices get incorrectly suspended (LP: #1764684)
+ - PCI / PM: Always check PME wakeup capability for runtime wakeup support
+
+ * [SRU][Bionic/Artful] fix false positives in W+X checking (LP: #1769696)
+ - init: fix false positives in W+X checking
+
+ * CVE-2018-1068
+ - netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets
+
+ * CVE-2018-8087
+ - mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl()
+
+ * Integrated Webcam Realtek Integrated_Webcam_HD (0bda:58f4) not working in
+ DELL XPS 13 9370 with firmware 1.50 (LP: #1763748)
+ - SAUCE: media: uvcvideo: Support realtek's UVC 1.5 device
+
+ * unregister_netdevice: waiting for eth0 to become free. Usage count = 5
+ (LP: #1746474)
+ - ipv4: convert dst_metrics.refcnt from atomic_t to refcount_t
+ - xfrm: reuse uncached_list to track xdsts
+
+ * Acer Swift sf314-52 power button not managed (LP: #1766054)
+ - SAUCE: platform/x86: acer-wmi: add another KEY_POWER keycode
+
+ * set PINCFG_HEADSET_MIC to parse_flags for Dell precision 3630 (LP: #1766398)
+ - ALSA: hda/realtek - set PINCFG_HEADSET_MIC to parse_flags
+
+ * Change the location for one of two front mics on a lenovo thinkcentre
+ machine (LP: #1766477)
+ - ALSA: hda/realtek - adjust the location of one mic
+
+ -- Stefan Bader <stefan.bader@canonical.com> Thu, 24 May 2018 10:31:54 +0200
+
+linux (4.13.0-43.48) artful; urgency=medium
+
+ * CVE-2018-3639 (powerpc)
+ - SAUCE: rfi-flush: update H_CPU_* macro names to upstream
+ - SAUCE: rfi-flush: update plpar_get_cpu_characteristics() signature to
+ upstream
+ - SAUCE: update pseries_setup_rfi_flush() capitalization to upstream
+ - powerpc/pseries: Support firmware disable of RFI flush
+ - powerpc/powernv: Support firmware disable of RFI flush
+ - powerpc/64s: Allow control of RFI flush via debugfs
+ - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
+ - powerpc/rfi-flush: Always enable fallback flush on pseries
+ - powerpc/rfi-flush: Differentiate enabled and patched flush types
+ - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
+ - powerpc: Add security feature flags for Spectre/Meltdown
+ - powerpc/powernv: Set or clear security feature flags
+ - powerpc/pseries: Set or clear security feature flags
+ - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
+ - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
+ - powerpc/pseries: Fix clearing of security feature flags
+ - powerpc: Move default security feature flags
+ - powerpc/pseries: Restore default security feature flags on setup
+ - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit
+
+ * CVE-2018-3639 (x86)
+ - SAUCE: Add X86_FEATURE_ARCH_CAPABILITIES
+ - SAUCE: x86: Add alternative_msr_write
+ - x86/nospec: Simplify alternative_msr_write()
+ - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
+ - x86/bugs: Concentrate bug detection into a separate function
+ - x86/bugs: Concentrate bug reporting into a separate function
+ - x86/msr: Add definitions for new speculation control MSRs
+ - x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
+ - x86/bugs, KVM: Support the combination of guest and host IBRS
+ - x86/bugs: Expose /sys/../spec_store_bypass
+ - x86/cpufeatures: Add X86_FEATURE_RDS
+ - x86/bugs: Provide boot parameters for the spec_store_bypass_disable
+ mitigation
+ - x86/bugs/intel: Set proper CPU features and setup RDS
+ - x86/bugs: Whitelist allowed SPEC_CTRL MSR values
+ - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
+ - x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
+ - x86/speculation: Create spec-ctrl.h to avoid include hell
+ - prctl: Add speculation control prctls
+ - x86/process: Allow runtime control of Speculative Store Bypass
+ - x86/speculation: Add prctl for Speculative Store Bypass mitigation
+ - nospec: Allow getting/setting on non-current task
+ - proc: Provide details on speculation flaw mitigations
+ - seccomp: Enable speculation flaw mitigations
+ - SAUCE: x86/bugs: Honour SPEC_CTRL default
+ - x86/bugs: Make boot modes __ro_after_init
+ - prctl: Add force disable speculation
+ - seccomp: Use PR_SPEC_FORCE_DISABLE
+ - seccomp: Add filter flag to opt-out of SSB mitigation
+ - seccomp: Move speculation migitation control to arch code
+ - x86/speculation: Make "seccomp" the default mode for Speculative Store
+ Bypass
+ - x86/bugs: Rename _RDS to _SSBD
+ - proc: Use underscores for SSBD in 'status'
+ - Documentation/spec_ctrl: Do some minor cleanups
+ - x86/bugs: Fix __ssb_select_mitigation() return type
+ - x86/bugs: Make cpu_show_common() static
+
+ * LSM Stacking prctl values should be redefined as to not collide with
+ upstream prctls (LP: #1769263) // CVE-2018-3639
+ - SAUCE: LSM stacking: adjust prctl values
+
+ -- Stefan Bader <stefan.bader@canonical.com> Tue, 15 May 2018 07:39:26 +0200
+
+linux (4.13.0-42.47) artful; urgency=medium
+
+ * linux: 4.13.0-42.47 -proposed tracker (LP: #1769993)
+
+ * arm64: fix CONFIG_DEBUG_WX address reporting (LP: #1765850)
+ - arm64: fix CONFIG_DEBUG_WX address reporting
+
+ * HiSilicon HNS NIC names are truncated in /proc/interrupts (LP: #1765977)
+ - net: hns: Avoid action name truncation
+
+ * CVE-2017-18208
+ - mm/madvise.c: fix madvise() infinite loop under special circumstances
+
+ * CVE-2018-8822
+ - staging: ncpfs: memory corruption in ncp_read_kernel()
+
+ * CVE-2017-18203
+ - dm: fix race between dm_get_from_kobject() and __dm_destroy()
+
+ * CVE-2017-17449
+ - netlink: Add netns check on taps
+
+ * CVE-2017-17975
+ - media: usbtv: prevent double free in error case
+
+ * [8086:3e92] display becomes blank after S3 (LP: #1763271)
+ - drm/i915/edp: Allow alternate fixed mode for eDP if available.
+ - drm/i915/dp: rename intel_dp_is_edp to intel_dp_is_port_edp
+ - drm/i915/dp: make is_edp non-static and rename to intel_dp_is_edp
+ - drm/i915/edp: Do not do link training fallback or prune modes on EDP
+
+ * sky2 gigabit ethernet driver sometimes stops working after lid-open resume
+ from sleep (88E8055) (LP: #1758507)
+ - sky2: Increase D3 delay to sky2 stops working after suspend
+
+ * perf vendor events arm64: Enable JSON events for ThunderX2 B0 (LP: #1760712)
+ - perf vendor events arm64: Enable JSON events for ThunderX2 B0
+
+ * No network with e1000e driver on 4.13.0-38-generic (LP: #1762693)
+ - e1000e: Fix e1000_check_for_copper_link_ich8lan return value.
+
+ * /dev/ipmi enumeration flaky on Cavium Sabre nodes (LP: #1762812)
+ - i2c: xlp9xx: return ENXIO on slave address NACK
+ - i2c: xlp9xx: Handle transactions with I2C_M_RECV_LEN properly
+ - i2c: xlp9xx: Check for Bus state before every transfer
+ - i2c: xlp9xx: Handle NACK on DATA properly
+
+ * "ip a" command on a guest VM shows UNKNOWN status (LP: #1761534)
+ - virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS
+
+ * fix regression in mm/hotplug, allows NVIDIA driver to work (LP: #1761104)
+ - SAUCE: Fix revert "mm, memory_hotplug: do not associate hotadded memory to
+ zones until online"
+
+ * ibrs/ibpb fixes result in excessive kernel logging (LP: #1755627)
+ - SAUCE: remove ibrs_dump sysctl interface
+
+ -- Kleber Sacilotto de Souza <kleber.souza@canonical.com> Mon, 07 May 2018 15:06:58 +0200
linux (4.13.0-41.46) artful; urgency=medium