Univention Bugzilla – Full Text Bug Listing |
Summary: | linux: Multiple issues (4.3) | ||
---|---|---|---|
Product: | UCS | Reporter: | Quality Assurance <qa> |
Component: | Security updates | Assignee: | Quality Assurance <qa> |
Status: | CLOSED FIXED | QA Contact: | Philipp Hahn <hahn> |
Severity: | normal | ||
Priority: | P3 | ||
Version: | UCS 4.3 | ||
Target Milestone: | UCS 4.3-5-errata | ||
Hardware: | All | ||
OS: | Linux | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | 8.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) |
Description
Quality Assurance
2019-11-13 09:42:05 CET
--- mirror/ftp/4.3/unmaintained/4.3-5/source/linux_4.9.189-3+deb9u1.dsc +++ apt/ucs_4.3-0-errata4.3-5/source/linux_4.9.189-3+deb9u2.dsc @@ -1,3 +1,70 @@ +4.9.189-3+deb9u2 [Mon, 11 Nov 2019 12:18:59 +0000] Ben Hutchings <ben@decadent.org.uk>: + + * [x86] Add mitigation for TSX Asynchronous Abort (CVE-2019-11135): + - KVM: x86: use Intel speculation bugs and features as derived in generic + x86 code + - x86/msr: Add the IA32_TSX_CTRL MSR + - x86/cpu: Add a helper function x86_read_arch_cap_msr() + - x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default + - x86/speculation/taa: Add mitigation for TSX Async Abort + - x86/speculation/taa: Add sysfs reporting for TSX Async Abort + - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled + - x86/tsx: Add "auto" option to the tsx= cmdline parameter + - x86/speculation/taa: Add documentation for TSX Async Abort + - x86/tsx: Add config options to set tsx=on|off|auto + - x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs + TSX is now disabled by default; see + Documentation/hw-vuln/tsx_async_abort.rst + * [x86] KVM: Add mitigation for Machine Check Error on Page Size Change + (aka iTLB multi-hit, CVE-2018-12207): + - KVM: x86: simplify ept_misconfig + - KVM: x86: extend usage of RET_MMIO_PF_* constants + - KVM: MMU: drop vcpu param in gpte_access + - kvm: Convert kvm_lock to a mutex + - kvm: x86: Do not release the page inside mmu_set_spte() + - KVM: x86: make FNAME(fetch) and __direct_map more similar + - KVM: x86: remove now unneeded hugepage gfn adjustment + - KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON + - KVM: x86: Add is_executable_pte() + - KVM: x86: add tracepoints around __direct_map and FNAME(fetch) + - KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is active + - x86/bugs: Add ITLB_MULTIHIT bug infrastructure + - cpu/speculation: Uninline and export CPU mitigations helpers + - kvm: mmu: ITLB_MULTIHIT mitigation + - kvm: Add helper function for creating VM worker threads + - kvm: x86: mmu: Recovery of shattered NX large pages + - Documentation: Add ITLB_MULTIHIT documentation + * [x86] i915: Mitigate local privilege escalation on gen9 (CVE-2019-0155): + - drm/i915: kick out cmd_parser specific structs from i915_drv.h + - drm/i915: cleanup use of INSTR_CLIENT_MASK + - drm/i915: return EACCES for check_cmd() failures + - drm/i915: don't whitelist oacontrol in cmd parser + - drm/i915: Use the precomputed value for whether to enable command parsing + - drm/i915/cmdparser: Limit clflush to active cachelines + - drm/i915/gtt: Add read only pages to gen8_pte_encode + - drm/i915/gtt: Read-only pages for insert_entries on bdw+ + - drm/i915/gtt: Disable read-only support under GVT + - drm/i915: Prevent writing into a read-only object via a GGTT mmap + - drm/i915/cmdparser: Check reg_table_count before derefencing. + - drm/i915/cmdparser: Do not check past the cmd length. + - drm/i915: Silence smatch for cmdparser + - drm/i915: Move engine->needs_cmd_parser to engine->flags + - drm/i915: Rename gen7 cmdparser tables + - drm/i915: Disable Secure Batches for gen6+ + - drm/i915: Remove Master tables from cmdparser + - drm/i915: Add support for mandatory cmdparsing + - drm/i915: Support ro ppgtt mapped cmdparser shadow buffers + - drm/i915: Allow parsing of unsized batches + - drm/i915: Add gen9 BCS cmdparsing + - drm/i915/cmdparser: Use explicit goto for error paths + - drm/i915/cmdparser: Add support for backward jumps + - drm/i915/cmdparser: Ignore Length operands during command matching + - drm/i915/cmdparser: Fix jump whitelist clearing + * [x86] i915: Mitigate local denial-of-service on gen8/gen9 (CVE-2019-0154): + - drm/i915: Lower RM timeout to avoid DSI hard hangs + - drm/i915/gen8+: Add RC6 CTX corruption WA + * drm/i915: Avoid ABI change for CVE-2019-0155 + 4.9.189-3+deb9u1 [Fri, 20 Sep 2019 13:03:45 +0200] Salvatore Bonaccorso <carnil@debian.org>: * vhost: make sure log_num < in_num (CVE-2019-14835) <http://10.200.17.11/4.3-5/#7049544851925928609> OK: yaml OK: announce_errata OK: patch OK: piuparts OK: dmesg OK: grep . /sys/devices/system/cpu/vulnerabilities/* OK: amd64 @ KVM OK: amd64 @ KVM + OVMF + SB OK: amd64 @ hdmi3 SKIP: i386 [4.3-5] 6a28316c76 Bug #50487: univention-kernel-image-signed 4.0.0-19A~4.3.0.201911131119 doc/errata/staging/linux.yaml | 1 + 1 file changed, 1 insertion(+) [4.3-5] ef456a4e1e Bug #50487: linux 4.9.189-3+deb9u2 doc/errata/staging/linux.yaml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) OK: yaml OK: announce_errata OK: patch OK: piuparts OK: dmesg OK: grep . /sys/devices/system/cpu/vulnerabilities/* OK: amd64 @ KVM OK: amd64 @ KVM + OVMF + SB OK: amd64 @ hdmi3 SKIP: i386 [4.3-5] 6a28316c76 Bug #50487: univention-kernel-image-signed 4.0.0-19A~4.3.0.201911131119 .../staging/univention-kernel-image-signed.yaml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) |