Back to linux PTS page

Accepted linux 4.19.67-2+deb10u2 (source) into proposed-updates->stable-new, proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted linux 4.19.67-2+deb10u2 (source) into proposed-updates->stable-new, proposed-updates
From: Ben Hutchings <ben@decadent.org.uk>
Date: Tue, 19 Nov 2019 23:34:01 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1iXD0T-0008oz-8z@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 11 Nov 2019 00:30:56 +0000
Source: linux
Architecture: source
Version: 4.19.67-2+deb10u2
Distribution: buster-security
Urgency: high
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Ben Hutchings <ben@decadent.org.uk>
Changes:
 linux (4.19.67-2+deb10u2) buster-security; urgency=high
 .
   * [x86] Add mitigation for TSX Asynchronous Abort (CVE-2019-11135):
     - KVM: x86: use Intel speculation bugs and features as derived in generic
       x86 code
     - x86/msr: Add the IA32_TSX_CTRL MSR
     - x86/cpu: Add a helper function x86_read_arch_cap_msr()
     - x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
     - x86/speculation/taa: Add mitigation for TSX Async Abort
     - x86/speculation/taa: Add sysfs reporting for TSX Async Abort
     - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
     - x86/tsx: Add "auto" option to the tsx= cmdline parameter
     - x86/speculation/taa: Add documentation for TSX Async Abort
     - x86/tsx: Add config options to set tsx=on|off|auto
     - x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs
     TSX is now disabled by default; see
     Documentation/admin-guide/hw-vuln/tsx_async_abort.rst
   * [x86] KVM: Add mitigation for Machine Check Error on Page Size Change
     (aka iTLB multi-hit, CVE-2018-12207):
     - kvm: Convert kvm_lock to a mutex
     - kvm: x86: Do not release the page inside mmu_set_spte()
     - KVM: x86: make FNAME(fetch) and __direct_map more similar
     - KVM: x86: remove now unneeded hugepage gfn adjustment
     - KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON
     - KVM: x86: add tracepoints around __direct_map and FNAME(fetch)
     - kvm: x86, powerpc: do not allow clearing largepages debugfs entry
     - KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is active
     - x86/bugs: Add ITLB_MULTIHIT bug infrastructure
     - cpu/speculation: Uninline and export CPU mitigations helpers
     - kvm: mmu: ITLB_MULTIHIT mitigation
     - kvm: Add helper function for creating VM worker threads
     - kvm: x86: mmu: Recovery of shattered NX large pages
     - Documentation: Add ITLB_MULTIHIT documentation
   * [x86] i915: Mitigate local privilege escalation on gen9 (CVE-2019-0155):
     - drm/i915: Rename gen7 cmdparser tables
     - drm/i915: Disable Secure Batches for gen6+
     - drm/i915: Remove Master tables from cmdparser
     - drm/i915: Add support for mandatory cmdparsing
     - drm/i915: Support ro ppgtt mapped cmdparser shadow buffers
     - drm/i915: Allow parsing of unsized batches
     - drm/i915: Add gen9 BCS cmdparsing
     - drm/i915/cmdparser: Use explicit goto for error paths
     - drm/i915/cmdparser: Add support for backward jumps
     - drm/i915/cmdparser: Ignore Length operands during command matching
     - drm/i915/cmdparser: Fix jump whitelist clearing
   * [x86] i915: Mitigate local denial-of-service on gen8/gen9 (CVE-2019-0154):
     - drm/i915: Lower RM timeout to avoid DSI hard hangs
     - drm/i915/gen8+: Add RC6 CTX corruption WA
Checksums-Sha1:
 aed5ee7b2b08d5cf9d8c4752103f802656642114 189156 linux_4.19.67-2+deb10u2.dsc
 c15929e80fba7b2f99e44b0f60d19c6367892eeb 3187788 linux_4.19.67-2+deb10u2.debian.tar.xz
 22f68e379eaaa703c7d4dfb9bfb38a10871c701c 46505 linux_4.19.67-2+deb10u2_source.buildinfo
Checksums-Sha256:
 ca806bfe98fe978838f65d3647dff1bb77ae32bb1d1beb4e5240533c2574afc3 189156 linux_4.19.67-2+deb10u2.dsc
 be1465883dbe1ec28f2da66eb3b3e43b5f7e733a98d5b3e4c341e1ab2b37756d 3187788 linux_4.19.67-2+deb10u2.debian.tar.xz
 5e4bc29fd8b19166290d2b98043475d2e1b736e99d5894317a020f9005391cfc 46505 linux_4.19.67-2+deb10u2_source.buildinfo
Files:
 942a58933cb394bca6e63fc592a34b60 189156 kernel optional linux_4.19.67-2+deb10u2.dsc
 c0fefa198005df0113470135cf19ab89 3187788 kernel optional linux_4.19.67-2+deb10u2.debian.tar.xz
 95ca61229f2b0f1d9d4014fa3f7a2b50 46505 kernel optional linux_4.19.67-2+deb10u2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAl3JWo0ACgkQ57/I7JWG
EQk3bA//Zad+Zj9i5/39L2EW5DvUWJzZStxKFNGjop53USEZZizYWHTIUEldxLBE
z1eAdyM9E3Cim1TNxryIl6CADWPr6z43B9xISU0kXzhDRz34FGVabC02SEVqmWhu
fccMfPfgiXlvsFLEqCKWLPdpF6ZjEK9UkZPJ7bur+o8bb7AKhZHg1paOC5EtXjcO
DNOvUR4eBeMqNSlvJBbK9BSgYobxGUfe5mawdg3mBAIoDNhzD2xgkAcdRxW5GPWB
XkX4tZapEIkzGxV96ylTVRFva71RDiI7mqfT8smNKQ/HKPCC/LhaXJQ8X7iStO60
FSMbjIhscAPSsn4mGT4yq7C+r/F3JgiBL1G7owI826yLEMunnA+qJK++VP3kMDfx
CNsBrH+dZUhq47o+Jodu8t1GmRF5Z1JczFP8260XGcYYk50mZj+zywcBUkWBy8RH
9Ss4gVyihsHty8k4t9ufBLSPUwyap6fljSjDn0qSW/cBHVgjljRlPYsPRupzsN5U
NSgIYw9vUoBOomZXFDREGMJHQFyG5gfEolkfZc5b2kia01K56L7HwqB28Vz6Sf0d
UbyrqtNk6G99pyobdih6Ghz4qcD1xQKU+k2ohZHyXTxjsmwjgqKHNNVIKm52V97J
L1HaGy0OEgQAFs3sN6lN0NaDvfYHKYocMs4tN/Pq7gJh0glWXBY=
=H24O
-----END PGP SIGNATURE-----