Back to linux-4.9 PTS page

Accepted linux-4.9 4.9.168-1+deb9u2~deb8u1 (all source) into oldstable



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 14 May 2019 23:21:33 +0100
Binary: linux-doc-4.9 linux-headers-4.9.0-0.bpo.9-common linux-headers-4.9.0-0.bpo.9-common-rt linux-manual-4.9 linux-source-4.9 linux-support-4.9.0-0.bpo.9
Source: linux-4.9
Architecture: all source
Version: 4.9.168-1+deb9u2~deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Ben Hutchings <ben@decadent.org.uk>
Closes: 928125
Description: 
 linux-doc-4.9 - Linux kernel specific documentation for version 4.9
 linux-headers-4.9.0-0.bpo.9-common - Common header files for Linux 4.9.0-0.bpo.9
 linux-headers-4.9.0-0.bpo.9-common-rt - Common header files for Linux 4.9.0-0.bpo.9-rt
 linux-manual-4.9 - Linux kernel API manual pages for version 4.9
 linux-source-4.9 - Linux kernel source for version 4.9 with Debian patches
 linux-support-4.9.0-0.bpo.9 - Support files for Linux 4.9
Changes:
 linux-4.9 (4.9.168-1+deb9u2~deb8u1) jessie-security; urgency=medium
 .
   * Backport to jessie; no further changes required
 .
 linux (4.9.168-1+deb9u2) stretch-security; urgency=high
 .
   [ Salvatore Bonaccorso ]
   * Revert "block/loop: Use global lock for ioctl() operation."
     (Closes: #928125)
 .
 linux (4.9.168-1+deb9u1) stretch-security; urgency=high
 .
   * [x86] Update speculation mitigations:
     - x86/MCE: Save microcode revision in machine check records
     - x86/cpufeatures: Hide AMD-specific speculation flags
     - x86/bugs: Add AMD's variant of SSB_NO
     - x86/bugs: Add AMD's SPEC_CTRL MSR usage
     - x86/bugs: Switch the selection of mitigation from CPU vendor to CPU
       features
     - x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR
     - x86/microcode/intel: Add a helper which gives the microcode revision
     - x86/microcode/intel: Check microcode revision before updating sibling
       threads
     - x86/microcode: Make sure boot_cpu_data.microcode is up-to-date
     - x86/microcode: Update the new microcode revision unconditionally
     - x86/mm: Use WRITE_ONCE() when setting PTEs
     - bitops: avoid integer overflow in GENMASK(_ULL)
     - x86/speculation: Simplify the CPU bug detection logic
     - locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a
       new <linux/bits.h> file
     - x86/speculation: Remove SPECTRE_V2_IBRS in enum spectre_v2_mitigation
     - x86/cpu: Sanitize FAM6_ATOM naming
     - Documentation/l1tf: Fix small spelling typo
     - x86/speculation: Apply IBPB more strictly to avoid cross-process data
       leak
     - x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation
     - x86/speculation: Propagate information about RSB filling mitigation to
       sysfs
     - x86/speculation/l1tf: Drop the swap storage limit restriction when
       l1tf=off
     - x86/speculation: Update the TIF_SSBD comment
     - x86/speculation: Clean up spectre_v2_parse_cmdline()
     - x86/speculation: Remove unnecessary ret variable in cpu_show_common()
     - x86/speculation: Move STIPB/IBPB string conditionals out of
       cpu_show_common()
     - x86/speculation: Disable STIBP when enhanced IBRS is in use
     - x86/speculation: Rename SSBD update functions
     - x86/speculation: Reorganize speculation control MSRs update
     - x86/Kconfig: Select SCHED_SMT if SMP enabled
     - sched: Add sched_smt_active()
     - x86/speculation: Rework SMT state change
     - x86/l1tf: Show actual SMT state
     - x86/speculation: Reorder the spec_v2 code
     - x86/speculation: Mark string arrays const correctly
     - x86/speculataion: Mark command line parser data __initdata
     - x86/speculation: Unify conditional spectre v2 print functions
     - x86/speculation: Add command line control for indirect branch speculation
     - x86/speculation: Prepare for per task indirect branch speculation control
     - x86/process: Consolidate and simplify switch_to_xtra() code
     - x86/speculation: Avoid __switch_to_xtra() calls
     - x86/speculation: Prepare for conditional IBPB in switch_mm()
     - x86/speculation: Split out TIF update
     - x86/speculation: Prepare arch_smt_update() for PRCTL mode
     - x86/speculation: Prevent stale SPEC_CTRL msr content
     - x86/speculation: Add prctl() control for indirect branch speculation
     - x86/speculation: Enable prctl mode for spectre_v2_user
     - x86/speculation: Add seccomp Spectre v2 user space protection mode
     - x86/speculation: Provide IBPB always command line options
     - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID
     - x86/msr-index: Cleanup bit defines
     - x86/speculation: Consolidate CPU whitelists
     - Documentation: Move L1TF to separate directory
     - cpu/speculation: Add 'mitigations=' cmdline option
     - x86/speculation: Support 'mitigations=' cmdline option
     - x86/speculation/mds: Add 'mitigations=' support for MDS
     - x86/cpu/bugs: Use __initconst for 'const' init data
   * [x86] Mitigate Microarchitectural Data Sampling (MDS) vulnerabilities
     (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091):
     - x86/speculation/mds: Add basic bug infrastructure for MDS
     - x86/speculation/mds: Add BUG_MSBDS_ONLY
     - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests
     - x86/speculation/mds: Add mds_clear_cpu_buffers()
     - x86/speculation/mds: Clear CPU buffers on exit to user
     - x86/kvm/vmx: Add MDS protection when L1D Flush is not active
     - x86/speculation/mds: Conditionally clear CPU buffers on idle entry
     - x86/speculation/mds: Add mitigation control for MDS
     - x86/speculation/mds: Add sysfs reporting for MDS
     - x86/speculation/mds: Add mitigation mode VMWERV
     - Documentation: Add MDS vulnerability documentation
     - x86/speculation/mds: Add mds=full,nosmt cmdline option
     - x86/speculation: Move arch_smt_update() call to after mitigation decisions
     - x86/speculation/mds: Add SMT warning message
     - x86/speculation/mds: Fix comment
     - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
     - x86/mds: Add MDSUM variant to the MDS documentation
     - Documentation: Correct the possible MDS sysfs values
     - x86/speculation/mds: Fix documentation typo
   * [x86] msr-index: Remove dependency on <linux/bits.h>
   * [rt] Update patches to apply on top of the speculation mitigation changes
   * [x86] mce, tlb: Ignore ABI changes
Checksums-Sha1: 
 aeb5a0f8fad2b602ddf51f616f20ec22486e0669 15581 linux-4.9_4.9.168-1+deb9u2~deb8u1.dsc
 a7f5a0184dff044c98ccf08eb1961721892e5e1e 2052740 linux-4.9_4.9.168-1+deb9u2~deb8u1.debian.tar.xz
 6f2504e033e993429ce03c03df746a98627bc201 7678966 linux-headers-4.9.0-0.bpo.9-common_4.9.168-1+deb9u2~deb8u1_all.deb
 44c1cb47536104e56dd70837435cf6ceaa652018 5738154 linux-headers-4.9.0-0.bpo.9-common-rt_4.9.168-1+deb9u2~deb8u1_all.deb
 a22a163faee3e63fb1cb39bcd77a028e9cbfc283 684280 linux-support-4.9.0-0.bpo.9_4.9.168-1+deb9u2~deb8u1_all.deb
 83c1e05f947015fde371947fdf4f073dade6d3be 11414630 linux-doc-4.9_4.9.168-1+deb9u2~deb8u1_all.deb
 f65c284f9386e43d968d99b5fd1347539f556796 3221694 linux-manual-4.9_4.9.168-1+deb9u2~deb8u1_all.deb
 d5c61f8021da31324074bf35774be35c750dcf10 96838188 linux-source-4.9_4.9.168-1+deb9u2~deb8u1_all.deb
Checksums-Sha256: 
 b6235dfc6a0ab2cac2d945afe1063ced8b48b22e6f0404bea7ee17e6d0a326f9 15581 linux-4.9_4.9.168-1+deb9u2~deb8u1.dsc
 ff6dbdf50ce11b390edb3f0fe9d8013c2d23c57c8ac9f8d890d2448a0a655f39 2052740 linux-4.9_4.9.168-1+deb9u2~deb8u1.debian.tar.xz
 a0ac36731d2f65fab97e7d885b0f1a71693efb8277501a1e34da5090f3ad4a9a 7678966 linux-headers-4.9.0-0.bpo.9-common_4.9.168-1+deb9u2~deb8u1_all.deb
 c2060406cf382684d43f2be9bcd4a0d8a839cd6bff62250d735a850997f86b74 5738154 linux-headers-4.9.0-0.bpo.9-common-rt_4.9.168-1+deb9u2~deb8u1_all.deb
 205c8eafe33803865c97ddf269d52b1ad34f0597382fff5ad3fd177f7fde3580 684280 linux-support-4.9.0-0.bpo.9_4.9.168-1+deb9u2~deb8u1_all.deb
 c18cddd3895a1ca127bfee419a7906ff50d1c2bda6b24d5b52df497ee2996911 11414630 linux-doc-4.9_4.9.168-1+deb9u2~deb8u1_all.deb
 3e8f226b90e87818874cca05a6dcf27b08f0dbec7b27edfc8255bb525f38e8ad 3221694 linux-manual-4.9_4.9.168-1+deb9u2~deb8u1_all.deb
 ac5ce8945b16ecfdda1aea5e37332bf5dda061ad5b7e9025f7e36a5b5143b70d 96838188 linux-source-4.9_4.9.168-1+deb9u2~deb8u1_all.deb
Files: 
 cac30e2d6f1623346921ec92f459c601 15581 kernel optional linux-4.9_4.9.168-1+deb9u2~deb8u1.dsc
 e9ae5a8ede2a4a251488b7d06e0c5645 2052740 kernel optional linux-4.9_4.9.168-1+deb9u2~deb8u1.debian.tar.xz
 c56265efb0e26c44614e6ee86d76e56a 7678966 kernel optional linux-headers-4.9.0-0.bpo.9-common_4.9.168-1+deb9u2~deb8u1_all.deb
 c066fafab4d2ee69e9e03d4f114d5a65 5738154 kernel optional linux-headers-4.9.0-0.bpo.9-common-rt_4.9.168-1+deb9u2~deb8u1_all.deb
 7b8640583f717782119e543d9b90e980 684280 devel optional linux-support-4.9.0-0.bpo.9_4.9.168-1+deb9u2~deb8u1_all.deb
 59ba00e649054cabcad4c8e539f0355f 11414630 doc optional linux-doc-4.9_4.9.168-1+deb9u2~deb8u1_all.deb
 5d413b428519fd80bb7a0ec7821a0614 3221694 doc optional linux-manual-4.9_4.9.168-1+deb9u2~deb8u1_all.deb
 137031e76a697a7384d695db3640b762 96838188 kernel optional linux-source-4.9_4.9.168-1+deb9u2~deb8u1_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAlzcBZkACgkQ57/I7JWG
EQkoQhAAiSo6yEmJfjV3HZamCHfugbLr2z9o5QMkWci6j0yJdDHXGUGHj44pde5W
c00byMQGoLJJ7Bj/2ySqRKVSBFczZjWBlQd0cDXPZNbQTzWI4mhgsWBSsRY8RfzD
PB9zfBlrO5oG8s+A5BvXP9LzN2+i9iRPmpZv9EHUmnxxNk1oW+btT0DVmLl8GHUv
1PnynMGUZoCBEsG8tMF6GGYH1Fd1P5iylNoqmiIOn0WQmI7UJtaxS1yHQa9l9BI0
YKasRaHwGo5Lv+azjk+4y5sDZF95GD4vBGQxlveqJBh+RSyEkg0qhtTzxJizJlqb
WSchs+e/38C/yoejk+nJcyzE3nfvifMuqhbKm7QHF33FGnwmLoBNzS5si1DGXi15
kLrC4+fp8G/sqAinYEMBVgLKv2WmDGzLnaseUNkTPFKvNZ6W/8UwzMEgChJgVeMk
V+g2G8sNzgtLzlI3NCuzaBohD3wEM60PHyou578NiDYgS1B6Yh+NNwKeQR6/E13c
HQUATIe0802hed2LBgP66HZ7MauK43mTsbfgza3a1o89jYKg7WL3i7sLd9Qty4Cy
uLwYPC1c0/jAwmgtDSahAexu7YvqTbCoOfqyzL3l3uKnK+rxswtXYPz5neiiFD1G
ELMO71vRSKE2xr5LV3AO8VScU59y/DfsQQu6KItmDNWwN2g8kc4=
=F4FC
-----END PGP SIGNATURE-----