[Kernel-packages] [Bug 1779848] Re: Cleanup Meltdown/Spectre implementation

Mon, 03 May 2021 05:57:45 -0700 

This bug was fixed in the package linux - 3.2.0-150.197

---------------
linux (3.2.0-150.197) precise; urgency=medium

  * precise/linux: 3.2.0-150.197 -proposed tracker (LP: #1919172)

  * CVE-2021-27365
    - scsi: iscsi: Verify lengths on passthrough PDUs
    - sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output
    - scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE

  * CVE-2021-27363 // CVE-2021-27364
    - scsi: iscsi: Restrict sessions and handles to admin capabilities

  * CVE-2021-27364
    - scsi: iscsi: respond to netlink with unicast when appropriate
    - Add file_ns_capable() helper function for open-time capability checking
    - net: Add variants of capable for use on on sockets
    - netlink: Make the sending netlink socket availabe in NETLINK_CB

 -- Thadeu Lima de Souza Cascardo <casca...@canonical.com>  Mon, 05 Apr
2021 14:23:29 -0300

** Changed in: linux (Ubuntu Precise)
       Status: New => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-27363

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-27364

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-27365

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1779848

Title:
  Cleanup Meltdown/Spectre implementation

Status in linux package in Ubuntu:
  Invalid
Status in linux source package in Precise:
  Fix Released
Status in linux source package in Trusty:
  Fix Released
Status in linux source package in Xenial:
  Invalid

Bug description:
  == SRU Justification ==

  Ubuntu kernels contain Meltdown and Spectre mitigations that are
  largely based on embargoed patches but what eventually landed in
  upstream is different in some places. We should clean up the different
  kernels to bring them closer in line with upstream.

  == Fix ==

  Add missing upstream patches.

  == Regression Potential ==

  Medium. The patches have been in upstream for quite a while now and
  are baked in but some of the backporting is not completely trivial and
  without risk.

  == Test Case ==

  TBD.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1779848/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to