Bug 49477 - linux: Multiple issues (4.3)
linux: Multiple issues (4.3)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.3
All Linux
: P3 normal (vote)
: UCS 4.3-4-errata
Assigned To: Quality Assurance
Philipp Hahn
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-05-15 10:26 CEST by Quality Assurance
Modified: 2019-05-15 16:07 CEST (History)
0 users

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score: 6.5 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Quality Assurance univentionstaff 2019-05-15 10:26:23 CEST
New Debian linux 4.9.168-1+deb9u2 fixes:
This update addresses the following issues:
* Microarchitectural Store Buffer Data Sampling (MSBDS) (CVE-2018-12126)
* Micro-architectural Load Port Data Sampling - Information Leak (MLPDS)  (CVE-2018-12127)
* Microarchitectural Fill Buffer Data Sampling (MFBDS) (CVE-2018-12130)
* Microarchitectural Data Sampling Uncacheable Memory (MDSUM)  (CVE-2019-11091)
Comment 1 Quality Assurance univentionstaff 2019-05-15 12:00:40 CEST
--- mirror/ftp/4.3/unmaintained/component/4.3-4-errata/source/univention-kernel-image-signed_4.0.0-11A~4.3.0.201904300918.dsc
+++ apt/ucs_4.3-0-errata4.3-4/source/univention-kernel-image-signed_4.0.0-13A~4.3.0.201905151110.dsc
@@ -1,6 +1,14 @@
-4.0.0-11A~4.3.0.201904300918 [Tue, 30 Apr 2019 09:18:28 +0200] Univention builddaemon <buildd@univention.de>:
+4.0.0-13A~4.3.0.201905151110 [Wed, 15 May 2019 11:10:08 +0200] Univention builddaemon <buildd@univention.de>:
 
   * UCS auto build. No patches were applied to the original source package
+
+4.0.0-13 [Wed, 15 May 2019 10:18:00 +0200] Philipp Hahn <hahn@univention.de>:
+
+  * Bug #49477: Update to linux-4.9.168-1+deb9u2
+
+4.0.0-12 [Wed, 15 May 2019 10:18:00 +0200] Philipp Hahn <hahn@univention.de>:
+
+  * Bug #49477: Update to linux-4.9.168-1+deb9u2
 
 4.0.0-11 [Tue, 30 Apr 2019 09:02:54 +0200] Philipp Hahn <hahn@univention.de>:
 

<http://10.200.17.11/4.3-4/#8928963204278354954>
Comment 2 Quality Assurance univentionstaff 2019-05-15 12:00:45 CEST
--- mirror/ftp/4.3/unmaintained/component/4.3-4-errata/source/linux_4.9.168-1.dsc
+++ apt/ucs_4.3-0-errata4.3-4/source/linux_4.9.168-1+deb9u2.dsc
@@ -1,3 +1,100 @@
+4.9.168-1+deb9u2 [Mon, 13 May 2019 21:59:18 +0100] Ben Hutchings <ben@decadent.org.uk>:
+
+  [ Salvatore Bonaccorso ]
+  * Revert "block/loop: Use global lock for ioctl() operation."
+    (Closes: #928125)
+
+4.9.168-1+deb9u1 [Mon, 13 May 2019 21:51:01 +0100] Ben Hutchings <ben@decadent.org.uk>:
+
+  * [x86] Update speculation mitigations:
+    - x86/MCE: Save microcode revision in machine check records
+    - x86/cpufeatures: Hide AMD-specific speculation flags
+    - x86/bugs: Add AMD's variant of SSB_NO
+    - x86/bugs: Add AMD's SPEC_CTRL MSR usage
+    - x86/bugs: Switch the selection of mitigation from CPU vendor to CPU
+      features
+    - x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR
+    - x86/microcode/intel: Add a helper which gives the microcode revision
+    - x86/microcode/intel: Check microcode revision before updating sibling
+      threads
+    - x86/microcode: Make sure boot_cpu_data.microcode is up-to-date
+    - x86/microcode: Update the new microcode revision unconditionally
+    - x86/mm: Use WRITE_ONCE() when setting PTEs
+    - bitops: avoid integer overflow in GENMASK(_ULL)
+    - x86/speculation: Simplify the CPU bug detection logic
+    - locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a
+      new <linux/bits.h> file
+    - x86/speculation: Remove SPECTRE_V2_IBRS in enum spectre_v2_mitigation
+    - x86/cpu: Sanitize FAM6_ATOM naming
+    - Documentation/l1tf: Fix small spelling typo
+    - x86/speculation: Apply IBPB more strictly to avoid cross-process data
+      leak
+    - x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation
+    - x86/speculation: Propagate information about RSB filling mitigation to
+      sysfs
+    - x86/speculation/l1tf: Drop the swap storage limit restriction when
+      l1tf=off
+    - x86/speculation: Update the TIF_SSBD comment
+    - x86/speculation: Clean up spectre_v2_parse_cmdline()
+    - x86/speculation: Remove unnecessary ret variable in cpu_show_common()
+    - x86/speculation: Move STIPB/IBPB string conditionals out of
+      cpu_show_common()
+    - x86/speculation: Disable STIBP when enhanced IBRS is in use
+    - x86/speculation: Rename SSBD update functions
+    - x86/speculation: Reorganize speculation control MSRs update
+    - x86/Kconfig: Select SCHED_SMT if SMP enabled
+    - sched: Add sched_smt_active()
+    - x86/speculation: Rework SMT state change
+    - x86/l1tf: Show actual SMT state
+    - x86/speculation: Reorder the spec_v2 code
+    - x86/speculation: Mark string arrays const correctly
+    - x86/speculataion: Mark command line parser data __initdata
+    - x86/speculation: Unify conditional spectre v2 print functions
+    - x86/speculation: Add command line control for indirect branch speculation
+    - x86/speculation: Prepare for per task indirect branch speculation control
+    - x86/process: Consolidate and simplify switch_to_xtra() code
+    - x86/speculation: Avoid __switch_to_xtra() calls
+    - x86/speculation: Prepare for conditional IBPB in switch_mm()
+    - x86/speculation: Split out TIF update
+    - x86/speculation: Prepare arch_smt_update() for PRCTL mode
+    - x86/speculation: Prevent stale SPEC_CTRL msr content
+    - x86/speculation: Add prctl() control for indirect branch speculation
+    - x86/speculation: Enable prctl mode for spectre_v2_user
+    - x86/speculation: Add seccomp Spectre v2 user space protection mode
+    - x86/speculation: Provide IBPB always command line options
+    - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID
+    - x86/msr-index: Cleanup bit defines
+    - x86/speculation: Consolidate CPU whitelists
+    - Documentation: Move L1TF to separate directory
+    - cpu/speculation: Add 'mitigations=' cmdline option
+    - x86/speculation: Support 'mitigations=' cmdline option
+    - x86/speculation/mds: Add 'mitigations=' support for MDS
+    - x86/cpu/bugs: Use __initconst for 'const' init data
+  * [x86] Mitigate Microarchitectural Data Sampling (MDS) vulnerabilities
+    (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091):
+    - x86/speculation/mds: Add basic bug infrastructure for MDS
+    - x86/speculation/mds: Add BUG_MSBDS_ONLY
+    - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests
+    - x86/speculation/mds: Add mds_clear_cpu_buffers()
+    - x86/speculation/mds: Clear CPU buffers on exit to user
+    - x86/kvm/vmx: Add MDS protection when L1D Flush is not active
+    - x86/speculation/mds: Conditionally clear CPU buffers on idle entry
+    - x86/speculation/mds: Add mitigation control for MDS
+    - x86/speculation/mds: Add sysfs reporting for MDS
+    - x86/speculation/mds: Add mitigation mode VMWERV
+    - Documentation: Add MDS vulnerability documentation
+    - x86/speculation/mds: Add mds=full,nosmt cmdline option
+    - x86/speculation: Move arch_smt_update() call to after mitigation decisions
+    - x86/speculation/mds: Add SMT warning message
+    - x86/speculation/mds: Fix comment
+    - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
+    - x86/mds: Add MDSUM variant to the MDS documentation
+    - Documentation: Correct the possible MDS sysfs values
+    - x86/speculation/mds: Fix documentation typo
+  * [x86] msr-index: Remove dependency on <linux/bits.h>
+  * [rt] Update patches to apply on top of the speculation mitigation changes
+  * [x86] mce, tlb: Ignore ABI changes
+
 4.9.168-1 [Fri, 12 Apr 2019 15:52:49 +0200] Salvatore Bonaccorso <carnil@debian.org>:
 
   * New upstream stable update:

<http://10.200.17.11/4.3-4/#8928963204278354954>
Comment 3 Philipp Hahn univentionstaff 2019-05-15 13:06:54 CEST
[4.3-4] ff3661dcf4 Bug #49477: Update to linux-4.9.168-1+deb9u2
 .../debian/changelog                               |   6 ++++++
 .../vmlinuz-4.9.0-9-amd64.efi.signed               | Bin 4249200 -> 4253296 bytes
 2 files changed, 6 insertions(+)
[4.3-4] a680ced8d6 Bug #49477: Update to linux-4.9.168-1+deb9u2
 kernel/univention-kernel-image-signed/debian/changelog | 6 ++++++
 kernel/univention-kernel-image-signed/debian/control   | 4 ++--
 2 files changed, 8 insertions(+), 2 deletions(-)

Package: univention-kernel-image-signed
Version: 4.0.0-12A~4.3.0.201905151101
Version: 4.0.0-13A~4.3.0.201905151110
Branch: ucs_4.3-0
Scope: errata4.3-4

[4.3-4] 3f9f7a7470 Bug #49477: univention-kernel-image-signed 4.0.0-12A~4.3.0.201905151101
 doc/errata/staging/linux.yaml                       |  1 +
 .../staging/univention-kernel-image-signed.yaml     | 21 +++++++++++++++++++++
 2 files changed, 22 insertions(+)
[4.3-4] 96d9bd5ff1 Bug #49477: univention-kernel-image-signed 4.0.0-13A~4.3.0.201905151110
 doc/errata/staging/univention-kernel-image-signed.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

OK: apt install linux-image-4.9.0-9-amd64=4.9.168-1+deb9u2 linux-image-4.9.0-9-amd64-signed=4.0.0-13A~4.3.0.201905151110
OK: amd64 @ kvm + SeaBIOS
OK: amd64 @ kvm + OVMF + SB
 cat /sys/kernel/security/securelevel
SKIP: amd64 @ xen16

OK: apt install linux-image-4.9.0-9-686-pae=4.9.168-1+deb9u2
OK: i386 @ kvm

OK: uname -a
OK: diff <(exec ./linux-dmesg-norm 4.9.0-9-amd64) <(exec ./linux-dmesg-norm 4.9.0-9-amd64.2)
 MDS: Vulnerable: Clear CPU buffers attempted, no microcode
~OK: cat /sys/devices/system/cpu/vulnerabilities/mds
 Vulnerable: Clear CPU buffers attempted, no microcode; SMT Host state unknown

OK: http://10.200.17.11/4.3-4/#8928963204278354954