[CLSA-2023:1695046627] Fix of 7 CVEs

Type:

security

Severity:

Important

Release date:

2023-09-18 14:17:11 UTC

Description:

   * Bionic update: upstream stable patchset 2022-12-01 (LP: #1998542) //
     CVE-2022-26373
     - x86/speculation: Add RSB VM Exit protections
   * Bionic update: upstream stable patchset 2022-12-01 (LP: #1998542)
     - Revert "x86/cpu: Add a steppings field to struct x86_cpu_id"
     - x86/cpufeature: Add facility to check for min microcode revisions
     - x86/cpufeature: Fix various quality problems in the 
       header
     - x86/devicetable: Move x86 specific macro out of generic code
     - x86/cpu: Add consistent CPU match macros
     - x86/cpu: Add a steppings field to struct x86_cpu_id
     - x86/cpufeatures: Move RETPOLINE flags to word 11
     - x86/bugs: Report AMD retbleed vulnerability
     - x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value
     - x86/entry: Add kernel IBRS implementation
     - x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS
     - x86/speculation: Add LFENCE to RSB fill sequence
     - KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
     - x86/speculation: Fill RSB on vmexit for IBRS
     - x86/cpu/amd: Enumerate BTC_NO
     - x86/speculation: Disable RRSBA behavior
     - x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts
   * Bionic update: upstream stable patchset 2022-12-01 (LP: #1998542) //
     CVE-2022-29901
     - x86/bugs: Optimize SPEC_CTRL MSR writes
     - x86/bugs: Split spectre_v2_select_mitigation() and
       spectre_v2_user_select_mitigation()
     - x86/bugs: Report Intel retbleed vulnerability
     - entel_idle: Disable IBRS during long idle
     - x86/speculation: Change FILL_RETURN_BUFFER to work with objtool
     - x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n
     - x86/speculation: Fix firmware entry SPEC_CTRL handling
     - x86/speculation: Fix SPEC_CTRL write on SMT state change
     - x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit
     - x86/speculation: Remove x86_spec_ctrl_mask
     - x86/common: Stamp out the stepping madness
     - x86/bugs: Add Cannon lake to RETBleed affected CPU list
     - x86/speculation: Use DECLARE_PER_CPU for x86_spec_ctrl_current
   * Bionic update: upstream stable patchset 2022-12-01 (LP: #1998542) //
     CVE-2022-29900
     - x86/bugs: Add AMD retbleed= boot parameter
   * Bionic update: upstream stable patchset 2022-10-06 (LP: #1992112)
     - x86/bugs: Add "unknown" reporting for MMIO Stale Data
   * CVE-2021-26401
     - x86/speculation: Warn about Spectre v2 LFENCE mitigation
     - x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT
   * CVE-2022-0001
     - x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation
       reporting
   * Bionic update: upstream stable patchset 2019-10-07 (LP: #1847155)
     - x86/cpu: Add Tiger Lake to Intel family
   * CVE-url: https://ubuntu.com/security/CVE-2023-4622
     - af_unix: Fix null-ptr-deref in unix_stream_sendpage().
   * CVE-url: https://ubuntu.com/security/CVE-2022-45919
     - media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221
   * Miscellaneous upstream changes
     - Revert "x86/enter: Use IBRS on syscall and interrupts"

Updated packages:

linux-buildinfo-4.4.0-245-tuxcare.els16-generic_4.4.0-245.279_amd64.deb
sha:ecfbd0f72ca8a1c460ada99f574ec61609e63ebb
linux-buildinfo-4.4.0-245-tuxcare.els16-lowlatency_4.4.0-245.279_amd64.deb
sha:c8a0a3684e196e7c7111a751579d7122ffdbd01e
linux-cloud-tools-4.4.0-245-tuxcare.els16_4.4.0-245.279_amd64.deb
sha:ea1c739227ce834d1dd2f3d2c801b3d623fc9945
linux-cloud-tools-4.4.0-245-tuxcare.els16-generic_4.4.0-245.279_amd64.deb
sha:713305c28a904f7823d5e1f4cab37bddebec208a
linux-cloud-tools-4.4.0-245-tuxcare.els16-lowlatency_4.4.0-245.279_amd64.deb
sha:6a34b36383381aff72036dafbbd09ff6975b7d44
linux-cloud-tools-common_4.4.0-245.279_all.deb
sha:cecfd6a206baa6ee652404db50ca9ce31f028214
linux-cloud-tools-generic_4.4.0.245.279_amd64.deb
sha:d9415c3559c535fd4586649b29068e3ff9793036
linux-cloud-tools-lowlatency_4.4.0.245.279_amd64.deb
sha:2b3d0eb752cd109a0e73e8cd6258bbec2789220a
linux-crashdump_4.4.0.245.279_amd64.deb
sha:aeb255e3030405aeddb3820691d3e68597a273bb
linux-doc_4.4.0-245.279_all.deb
sha:e3679df0ff27d2e6010dbab2a32d2c94ad8a8692
linux-generic_4.4.0.245.279_amd64.deb
sha:65f4135e0c5feb4dcc9d7b67787994b5b057ae69
linux-headers-4.4.0-245-tuxcare.els16_4.4.0-245.279_all.deb
sha:27bb8a245f84a425288ee3252c80229b87723d6a
linux-headers-4.4.0-245-tuxcare.els16-generic_4.4.0-245.279_amd64.deb
sha:f68be22dbfef17e6e1cdb6e288969c9efb5fd2a8
linux-headers-4.4.0-245-tuxcare.els16-lowlatency_4.4.0-245.279_amd64.deb
sha:0ecab5b3ca8bc38de76c64d17b3ebef6c794298a
linux-headers-generic_4.4.0.245.279_amd64.deb
sha:b3609863a1cb86ddea13e6af690bf7990871e671
linux-headers-lowlatency_4.4.0.245.279_amd64.deb
sha:1356db6ed082c0683786c970cf4b374cb0a02e32
linux-image-generic_4.4.0.245.279_amd64.deb
sha:727cf756aaa01b1466d8a8aac236c587b35cc783
linux-image-lowlatency_4.4.0.245.279_amd64.deb
sha:3304a07c8f6ee5c766cc581b746c7f80337f4317
linux-image-unsigned-4.4.0-245-tuxcare.els16-generic_4.4.0-245.279_amd64.deb
sha:8c07b0a87175e395716fa25a199ddc73f1f24254
linux-image-unsigned-4.4.0-245-tuxcare.els16-lowlatency_4.4.0-245.279_amd64.deb
sha:f84ba93e1186c9775cc76a1f985c6592a4404b36
linux-libc-dev_4.4.0-245.279_amd64.deb
sha:9628535b7baee145382a5cab0a8d6619956e0b86
linux-lowlatency_4.4.0.245.279_amd64.deb
sha:062569ee9fc900e0835d8870c946592dcace5150
linux-modules-4.4.0-245-tuxcare.els16-generic_4.4.0-245.279_amd64.deb
sha:4bc518a3e84d6b5d6bb294031afc95c8ffab4d1c
linux-modules-4.4.0-245-tuxcare.els16-lowlatency_4.4.0-245.279_amd64.deb
sha:1fef10ee27d953371c8a10439ab095c8984c04e2
linux-modules-extra-4.4.0-245-tuxcare.els16-generic_4.4.0-245.279_amd64.deb
sha:2a49a5061a7eec9232d941c56971f87dcc51cbf2
linux-source_4.4.0.245.279_all.deb
sha:0c21556ec6ba23855f8c028f973c2158026a5e6f
linux-source-4.4.0_4.4.0-245.279_all.deb
sha:0a36e86127a1dbdbdbfa1c8bd0ffe717053bc3a3
linux-tools-4.4.0-245-tuxcare.els16_4.4.0-245.279_amd64.deb
sha:009449733d5be87e56ef4e1c87de8d6272af44b9
linux-tools-4.4.0-245-tuxcare.els16-generic_4.4.0-245.279_amd64.deb
sha:f7829a7ae798257a185b72bb80d5a99406cb7305
linux-tools-4.4.0-245-tuxcare.els16-lowlatency_4.4.0-245.279_amd64.deb
sha:6fa079182ed96b9918fbef2827baf7cd42d32c38
linux-tools-common_4.4.0-245.279_all.deb
sha:6ede2c5c00e89a3562f25f04ba324e7cd105eb91
linux-tools-generic_4.4.0.245.279_amd64.deb
sha:46a11430b0c060a058196be7ccde981e85837600
linux-tools-host_4.4.0-245.279_all.deb
sha:d0820d4d4f88c6ce0fd5ce680355fc626d04bc94
linux-tools-lowlatency_4.4.0.245.279_amd64.deb
sha:60a5d10f986e80af977c98960b14591b4c65aaad

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.