Accepted linux-4.9 4.9.189-3+deb9u2~deb8u1 (all source) into oldoldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted linux-4.9 4.9.189-3+deb9u2~deb8u1 (all source) into oldoldstable
From: Ben Hutchings <ben@decadent.org.uk>
Date: Wed, 13 Nov 2019 16:10:28 +0000
Message-id: <[🔎] E1iUvDw-0004Ed-23@seger.debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 12 Nov 2019 22:05:49 +0000
Binary: linux-doc-4.9 linux-headers-4.9.0-0.bpo.11-common linux-headers-4.9.0-0.bpo.11-common-rt linux-manual-4.9 linux-source-4.9 linux-support-4.9.0-0.bpo.11
Source: linux-4.9
Architecture: all source
Version: 4.9.189-3+deb9u2~deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Ben Hutchings <ben@decadent.org.uk>
Description: 
 linux-doc-4.9 - Linux kernel specific documentation for version 4.9
 linux-headers-4.9.0-0.bpo.11-common - Common header files for Linux 4.9.0-0.bpo.11
 linux-headers-4.9.0-0.bpo.11-common-rt - Common header files for Linux 4.9.0-0.bpo.11-rt
 linux-manual-4.9 - Linux kernel API manual pages for version 4.9
 linux-source-4.9 - Linux kernel source for version 4.9 with Debian patches
 linux-support-4.9.0-0.bpo.11 - Support files for Linux 4.9
Changes:
 linux-4.9 (4.9.189-3+deb9u2~deb8u1) jessie-security; urgency=medium
 .
   * Backport to jessie; no further changes required
 .
 linux (4.9.189-3+deb9u2) stretch-security; urgency=high
 .
   * [x86] Add mitigation for TSX Asynchronous Abort (CVE-2019-11135):
     - KVM: x86: use Intel speculation bugs and features as derived in generic
       x86 code
     - x86/msr: Add the IA32_TSX_CTRL MSR
     - x86/cpu: Add a helper function x86_read_arch_cap_msr()
     - x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
     - x86/speculation/taa: Add mitigation for TSX Async Abort
     - x86/speculation/taa: Add sysfs reporting for TSX Async Abort
     - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
     - x86/tsx: Add "auto" option to the tsx= cmdline parameter
     - x86/speculation/taa: Add documentation for TSX Async Abort
     - x86/tsx: Add config options to set tsx=on|off|auto
     - x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs
     TSX is now disabled by default; see
     Documentation/hw-vuln/tsx_async_abort.rst
   * [x86] KVM: Add mitigation for Machine Check Error on Page Size Change
     (aka iTLB multi-hit, CVE-2018-12207):
     - KVM: x86: simplify ept_misconfig
     - KVM: x86: extend usage of RET_MMIO_PF_* constants
     - KVM: MMU: drop vcpu param in gpte_access
     - kvm: Convert kvm_lock to a mutex
     - kvm: x86: Do not release the page inside mmu_set_spte()
     - KVM: x86: make FNAME(fetch) and __direct_map more similar
     - KVM: x86: remove now unneeded hugepage gfn adjustment
     - KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON
     - KVM: x86: Add is_executable_pte()
     - KVM: x86: add tracepoints around __direct_map and FNAME(fetch)
     - KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is active
     - x86/bugs: Add ITLB_MULTIHIT bug infrastructure
     - cpu/speculation: Uninline and export CPU mitigations helpers
     - kvm: mmu: ITLB_MULTIHIT mitigation
     - kvm: Add helper function for creating VM worker threads
     - kvm: x86: mmu: Recovery of shattered NX large pages
     - Documentation: Add ITLB_MULTIHIT documentation
   * [x86] i915: Mitigate local privilege escalation on gen9 (CVE-2019-0155):
     - drm/i915: kick out cmd_parser specific structs from i915_drv.h
     - drm/i915: cleanup use of INSTR_CLIENT_MASK
     - drm/i915: return EACCES for check_cmd() failures
     - drm/i915: don't whitelist oacontrol in cmd parser
     - drm/i915: Use the precomputed value for whether to enable command parsing
     - drm/i915/cmdparser: Limit clflush to active cachelines
     - drm/i915/gtt: Add read only pages to gen8_pte_encode
     - drm/i915/gtt: Read-only pages for insert_entries on bdw+
     - drm/i915/gtt: Disable read-only support under GVT
     - drm/i915: Prevent writing into a read-only object via a GGTT mmap
     - drm/i915/cmdparser: Check reg_table_count before derefencing.
     - drm/i915/cmdparser: Do not check past the cmd length.
     - drm/i915: Silence smatch for cmdparser
     - drm/i915: Move engine->needs_cmd_parser to engine->flags
     - drm/i915: Rename gen7 cmdparser tables
     - drm/i915: Disable Secure Batches for gen6+
     - drm/i915: Remove Master tables from cmdparser
     - drm/i915: Add support for mandatory cmdparsing
     - drm/i915: Support ro ppgtt mapped cmdparser shadow buffers
     - drm/i915: Allow parsing of unsized batches
     - drm/i915: Add gen9 BCS cmdparsing
     - drm/i915/cmdparser: Use explicit goto for error paths
     - drm/i915/cmdparser: Add support for backward jumps
     - drm/i915/cmdparser: Ignore Length operands during command matching
     - drm/i915/cmdparser: Fix jump whitelist clearing
   * [x86] i915: Mitigate local denial-of-service on gen8/gen9 (CVE-2019-0154):
     - drm/i915: Lower RM timeout to avoid DSI hard hangs
     - drm/i915/gen8+: Add RC6 CTX corruption WA
   * drm/i915: Avoid ABI change for CVE-2019-0155
Checksums-Sha1: 
 4168501c46e22ef35ff11ea9c6512a7c53f39642 15751 linux-4.9_4.9.189-3+deb9u2~deb8u1.dsc
 029c6a8ba641dcb803650490d5e1564570f598a0 2084996 linux-4.9_4.9.189-3+deb9u2~deb8u1.debian.tar.xz
 fb99fc110ac08ba37dd39b61794dbe5dfd882857 7712096 linux-headers-4.9.0-0.bpo.11-common_4.9.189-3+deb9u2~deb8u1_all.deb
 4ce08d7421f5440df9f6a851cff3adcfaa840d78 5768340 linux-headers-4.9.0-0.bpo.11-common-rt_4.9.189-3+deb9u2~deb8u1_all.deb
 a08b617028344cd75343895e3253b5d66157a763 11458098 linux-doc-4.9_4.9.189-3+deb9u2~deb8u1_all.deb
 383abb7c53feaae0e1c4ddfd46b6787733aeface 710308 linux-support-4.9.0-0.bpo.11_4.9.189-3+deb9u2~deb8u1_all.deb
 1d35c9510b97e8d07c5c40aa24a8458a436d7e0e 3248266 linux-manual-4.9_4.9.189-3+deb9u2~deb8u1_all.deb
 5d27b8ef175326b2570ac54485ec9d0080aeacf6 96909574 linux-source-4.9_4.9.189-3+deb9u2~deb8u1_all.deb
Checksums-Sha256: 
 2d1ec499687d10ca8843e9d96a1d96eac197418c3119f4120516e4175fbf94f6 15751 linux-4.9_4.9.189-3+deb9u2~deb8u1.dsc
 a4e58756a7739db662cc71b476126d2a122941664db627875df8a257c7d4e2ae 2084996 linux-4.9_4.9.189-3+deb9u2~deb8u1.debian.tar.xz
 f644c99a609f3260c2408cac6cbdc4916f83f73007e0e08447472c94bca983a3 7712096 linux-headers-4.9.0-0.bpo.11-common_4.9.189-3+deb9u2~deb8u1_all.deb
 65699356a0d199207284bb096018ea452d220844f3a37d32f142d8d6d0739cbc 5768340 linux-headers-4.9.0-0.bpo.11-common-rt_4.9.189-3+deb9u2~deb8u1_all.deb
 4a3b6317bcdd41f0851c72a4560665b78ed2b8a605e2a834d4e5332c2383bbc9 11458098 linux-doc-4.9_4.9.189-3+deb9u2~deb8u1_all.deb
 e236d72fd77f485eabb0479aa198847633b9427f7b932e523bd20c8c679eec84 710308 linux-support-4.9.0-0.bpo.11_4.9.189-3+deb9u2~deb8u1_all.deb
 294f097154ceb579084bb4a81e1a9b94b0d7db6b510221f245067514555a5c06 3248266 linux-manual-4.9_4.9.189-3+deb9u2~deb8u1_all.deb
 e3509811a92be6eb0cc2d56328996968116de49d41801b3bde05228dbf84410c 96909574 linux-source-4.9_4.9.189-3+deb9u2~deb8u1_all.deb
Files: 
 46bd281fc73cffdedd30a2062e3cb39b 15751 kernel optional linux-4.9_4.9.189-3+deb9u2~deb8u1.dsc
 8d37e82cc49f01cf0c1995eeab58413d 2084996 kernel optional linux-4.9_4.9.189-3+deb9u2~deb8u1.debian.tar.xz
 719a0066c14b2bcb74276399a6186d7a 7712096 kernel optional linux-headers-4.9.0-0.bpo.11-common_4.9.189-3+deb9u2~deb8u1_all.deb
 3ec136a8b17e558b38b78c29a82bd70f 5768340 kernel optional linux-headers-4.9.0-0.bpo.11-common-rt_4.9.189-3+deb9u2~deb8u1_all.deb
 045ee2f7bcbc131ee245cc7f0a2d9c7f 11458098 doc optional linux-doc-4.9_4.9.189-3+deb9u2~deb8u1_all.deb
 7f9d70660e1cdb28cc423d4c72f9de75 710308 devel optional linux-support-4.9.0-0.bpo.11_4.9.189-3+deb9u2~deb8u1_all.deb
 923a93ed862b1058a176ea1377466791 3248266 doc optional linux-manual-4.9_4.9.189-3+deb9u2~deb8u1_all.deb
 eee81698f756eae3af6d4067a5072463 96909574 kernel optional linux-source-4.9_4.9.189-3+deb9u2~deb8u1_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAl3MJnAACgkQ57/I7JWG
EQk1yA/+KNSVInbM7pzBG7yUWIyZXS0ab3+b4Z6xASpyrv8UrWZz0XoHpWO10/yd
OzY4fgbMPtUums+Mmamqt9HtyBkcPBVrPaI7sozyTEZXFe+Zyu597IuFbrW0dSyX
HHb1sCKaR/AlDJUL7r4jtW9JXli1T2ZmHhO+pCQ8uOs9Gj/c+/lVbv+v5uNYdVvF
ZoXovyzPaTT+5/7OMZxmC4QtkxEcyv03i/sGCTxKB65TdgkfUbY4R96Z24zVyI7n
azrvegZUbynDfwCRAvhtFAq32sB5kZuua7gq5qJdLmC95CMq8zXBQAyYlubovuPl
i1Zh2zproA2l3QBU1dG6Xc+PkRuccZQ18Htmb86UKqvI2DKT/QM/HWBI73dhRSvd
p6Pe/J4OIzYkM/AU95V8KtE+zwUkCBjqI9FfI4jIm51WDqPEWlq7XOFmUaNg7sXo
yAbeqVfvzpTPjXg0pT2toJO4U4PS6pU0qZOzx+JH4mzu1ykh9RTlZHjg+QqLisxC
OLsxbfHDZunl1HNb6Dgvs+p58Jwtf6pn+7WQqqERl2blts/c1xbvYJnX3j8J3htk
G3mclsOVRsRmrGCkmWYxysGhic0nVdRHjmm9dTnh+qgG3kE4/QT0iFIQ0rK02xPd
9Rlh8R/ALIv8YHGVu2JRIJklViMqBoklDrfkFecebcLCXJHgWdU=
=dy/3
-----END PGP SIGNATURE-----
Reply to:
Prev by Date: Accepted libssh2 1.4.3-4.1+deb8u6 (source amd64) into oldoldstable
Next by Date: Accepted postgresql-common 165+deb8u4 (source all) into oldoldstable
Previous by thread: Accepted libssh2 1.4.3-4.1+deb8u6 (source amd64) into oldoldstable
Next by thread: Accepted postgresql-common 165+deb8u4 (source all) into oldoldstable
Index(es):
- Date
- Thread