Do not duplicate changelog entries assigned to more than one bug or CVE

Bug #1743383 reported by Marcelo Cerri on 2018-01-15
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Trusty
Undecided
Marcelo Cerri
Xenial
Undecided
Unassigned
Artful
Undecided
Unassigned

Bug Description

Currently the kernel changelog duplicates entries for commits that are marked with more than one bug or CVE.

Current behavior:

  * CVE-2017-5753
    - x86, microcode: Share native MSR accessing variants
    - x86: Add another set of MSR accessor functions
    - ...
  * CVE-2017-5715
    - x86, microcode: Share native MSR accessing variants
    - x86: Add another set of MSR accessor functions
      ...

Desired behaviour:

  * CVE-2017-5715 // CVE-2017-5753
    - x86, microcode: Share native MSR accessing variants
    - x86: Add another set of MSR accessor functions

CVE References

Marcelo Cerri (mhcerri) on 2018-01-15
Changed in linux (Ubuntu Trusty):
assignee: nobody → Marcelo Cerri (mhcerri)
status: New → Fix Committed

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1743383

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Changed in linux (Ubuntu Xenial):
status: New → Incomplete
Changed in linux (Ubuntu Xenial):
status: Incomplete → Fix Committed
Marcelo Cerri (mhcerri) on 2018-01-15
Changed in linux (Ubuntu Artful):
status: New → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (11.5 KiB)

This bug was fixed in the package linux - 4.13.0-31.34

---------------
linux (4.13.0-31.34) artful; urgency=low

  * linux: 4.13.0-31.34 -proposed tracker (LP: #1744294)

  [ Stefan Bader ]
  * CVE-2017-5715 // CVE-2017-5753
    - SAUCE: s390: improve cpu alternative handling for gmb and nobp
    - SAUCE: s390: print messages for gmb and nobp
    - [Config] KERNEL_NOBP=y

linux (4.13.0-30.33) artful; urgency=low

  * linux: 4.13.0-30.33 -proposed tracker (LP: #1743412)

  * Do not duplicate changelog entries assigned to more than one bug or CVE
    (LP: #1743383)
    - [Packaging] git-ubuntu-log -- handle multiple bugs/cves better

  * Unable to handle kernel NULL pointer dereference at isci_task_abort_task
    (LP: #1726519)
    - Revert "scsi: libsas: allow async aborts"

  * CVE-2017-5715 // CVE-2017-5753
    - SAUCE: x86/microcode: Extend post microcode reload to support IBPB feature
      -- repair missmerge
    - Revert "x86/svm: Add code to clear registers on VM exit"
    - kvm: vmx: Scrub hardware GPRs at VM-exit

linux (4.13.0-29.32) artful; urgency=low

  * linux: 4.13.0-29.32 -proposed tracker (LP: #1742722)

  * CVE-2017-5754
    - Revert "x86/cpu: Implement CPU vulnerabilites sysfs functions"
    - Revert "sysfs/cpu: Fix typos in vulnerability documentation"
    - Revert "sysfs/cpu: Add vulnerability folder"
    - Revert "UBUNTU: [Config] updateconfigs to enable
      GENERIC_CPU_VULNERABILITIES"

linux (4.13.0-28.31) artful; urgency=low

  * CVE-2017-5753
    - SAUCE: x86/kvm: Fix stuff_RSB() for 32-bit

  * CVE-2017-5715
    - SAUCE: x86/kvm: Fix stuff_RSB() for 32-bit

linux (4.13.0-27.30) artful; urgency=low

  [ Andy Whitcroft ]
  * CVE-2017-5753
    - locking/barriers: introduce new memory barrier gmb()
    - bpf: prevent speculative execution in eBPF interpreter
    - x86, bpf, jit: prevent speculative execution when JIT is enabled
    - uvcvideo: prevent speculative execution
    - carl9170: prevent speculative execution
    - p54: prevent speculative execution
    - qla2xxx: prevent speculative execution
    - cw1200: prevent speculative execution
    - Thermal/int340x: prevent speculative execution
    - userns: prevent speculative execution
    - ipv6: prevent speculative execution
    - fs: prevent speculative execution
    - net: mpls: prevent speculative execution
    - udf: prevent speculative execution
    - x86/feature: Enable the x86 feature to control Speculation
    - x86/feature: Report presence of IBPB and IBRS control
    - x86/enter: MACROS to set/clear IBRS and set IBPB
    - x86/enter: Use IBRS on syscall and interrupts
    - x86/idle: Disable IBRS entering idle and enable it on wakeup
    - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
    - x86/mm: Set IBPB upon context switch
    - x86/mm: Only set IBPB when the new thread cannot ptrace current thread
    - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
    - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
    - x86/kvm: Set IBPB when switching VM
    - x86/kvm: Toggle IBRS on VM entry and exit
    - x86/kvm: Pad RSB on VM transition
    - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL fea...

Changed in linux (Ubuntu Artful):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (10.7 KiB)

This bug was fixed in the package linux - 4.4.0-112.135

---------------
linux (4.4.0-112.135) xenial; urgency=low

  * linux: 4.4.0-112.135 -proposed tracker (LP: #1744244)

  * CVE-2017-5715 // CVE-2017-5753
    - x86/cpuid: Provide get_scattered_cpuid_leaf()
    - SAUCE: Fix spec_ctrl support in KVM
    - SAUCE: s390: improve cpu alternative handling for gmb and nobp
    - SAUCE: s390: print messages for gmb and nobp
    - [Config] KERNEL_NOBP=y

linux (4.4.0-111.134) xenial; urgency=low

  * linux: 4.4.0-111.134 -proposed tracker (LP: #1743362)

  * Do not duplicate changelog entries assigned to more than one bug or CVE
    (LP: #1743383)
    - [Packaging] git-ubuntu-log -- handle multiple bugs/cves better

  * CVE-2017-5715 // CVE-2017-5753
    - SAUCE: x86/microcode: Extend post microcode reload to support IBPB feature
      -- repair missmerge
    - Revert "x86/svm: Add code to clear registers on VM exit"
    - kvm: vmx: Scrub hardware GPRs at VM-exit

  * CVE-2017-5754
    - SAUCE: powerpc: use sync instead of hwsync mnemonic

linux (4.4.0-110.133) xenial; urgency=low

  * linux: 4.4.0-110.133 -proposed tracker (LP: #1742995)

  * CVE-2017-5753
    - x86/microcode/AMD: Add support for fam17h microcode loading
    - bpf: add bpf_patch_insn_single helper
    - bpf: prepare bpf_int_jit_compile/bpf_prog_select_runtime apis
    - bpf: add generic constant blinding for use in jits
    - locking/barriers: introduce new memory barrier gmb()
    - bpf: prevent speculative execution in eBPF interpreter
    - x86, bpf, jit: prevent speculative execution when JIT is enabled
    - uvcvideo: prevent speculative execution
    - carl9170: prevent speculative execution
    - qla2xxx: prevent speculative execution
    - Thermal/int340x: prevent speculative execution
    - userns: prevent speculative execution
    - ipv6: prevent speculative execution
    - fs: prevent speculative execution
    - net: mpls: prevent speculative execution
    - udf: prevent speculative execution
    - x86/feature: Enable the x86 feature to control Speculation
    - x86/feature: Report presence of IBPB and IBRS control
    - x86/enter: MACROS to set/clear IBRS and set IBPB
    - x86/enter: Use IBRS on syscall and interrupts
    - x86/idle: Disable IBRS entering idle and enable it on wakeup
    - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
    - x86/mm: Set IBPB upon context switch
    - x86/mm: Only set IBPB when the new thread cannot ptrace current thread
    - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
    - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
    - x86/kvm: Set IBPB when switching VM
    - x86/kvm: Toggle IBRS on VM entry and exit
    - x86/kvm: Pad RSB on VM transition
    - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
    - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
    - x86/syscall: Clear unused extra registers on syscall entrance
    - x86/syscall: Clear unused extra registers on 32-bit compatible syscall
      entrance
    - x86/entry: Use retpoline for syscall's indirect calls
    - x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR
    - x...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (3.6 KiB)

This bug was fixed in the package linux - 3.13.0-141.190

---------------
linux (3.13.0-141.190) trusty; urgency=low

  * linux: 3.13.0-141.190 -proposed tracker (LP: #1744308)

  * ubuntu_32_on_64 test crash Trusty 3.13.0-140 amd64 system (LP: #1744199) //
    test_too_early_vsyscall from ubuntu_qrt_kernel_panic crashes Trusty
    3.13.0-140 amd64 system (LP: #1744226) // CVE-2017-5715 // CVE-2017-5753
    - SAUCE: x86/entry: Fixup 32bit compat call locations

  * CVE-2017-5715 // CVE-2017-5753
    - SAUCE: x86/cpuid: Fix ordering of scattered feature list
    - SAUCE: KVM: Fix spec_ctrl CPUID support for guests

  * CVE-2017-5754
    - kaiser: Set _PAGE_NX only if supported
    - kaiser: Set _PAGE_NX only if supported

linux (3.13.0-140.189) trusty; urgency=low

  * linux: 3.13.0-140.189 -proposed tracker (LP: #1743375)

  [ Stefan Bader ]
  * CVE-2017-5715 // CVE-2017-5753
    - x86, microcode: Share native MSR accessing variants
    - x86: Add another set of MSR accessor functions
    - x86/cpuid: Provide get_scattered_cpuid_leaf()
    - kvm: vmx: Scrub hardware GPRs at VM-exit
    - SAUCE: locking/barriers: introduce new memory barrier gmb()
    - SAUCE: uvcvideo: prevent speculative execution
    - SAUCE: carl9170: prevent speculative execution
    - SAUCE: p54: prevent speculative execution
    - SAUCE: qla2xxx: prevent speculative execution
    - SAUCE: cw1200: prevent speculative execution
    - SAUCE: userns: prevent speculative execution
    - SAUCE: fs: prevent speculative execution
    - SAUCE: udf: prevent speculative execution
    - SAUCE: x86/feature: Enable the x86 feature to control Speculation
    - SAUCE: x86/feature: Report presence of IBPB and IBRS control
    - SAUCE: x86/enter: MACROS to set/clear IBRS and set IBPB
    - SAUCE: x86/enter: Use IBRS on syscall and interrupts
    - SAUCE: x86/idle: Disable IBRS entering idle and enable it on wakeup
    - SAUCE: x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
    - SAUCE: x86/mm: Set IBPB upon context switch
    - SAUCE: x86/mm: Only set IBPB when the new thread cannot ptrace current
      thread
    - SAUCE: x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
    - SAUCE: x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
    - SAUCE: x86/kvm: Set IBPB when switching VM
    - SAUCE: x86/kvm: Toggle IBRS on VM entry and exit
    - SAUCE: x86/kvm: Pad RSB on VM transition
    - SAUCE: x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
    - SAUCE: x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
    - SAUCE: x86/entry: Use retpoline for syscall's indirect calls
    - SAUCE: x86/cpu/AMD: Add speculative control support for AMD
    - SAUCE: x86/microcode: Extend post microcode reload to support IBPB feature
    - SAUCE: KVM: SVM: Do not intercept new speculative control MSRs
    - SAUCE: x86/svm: Set IBRS value on VM entry and exit
    - SAUCE: x86/svm: Set IBPB when running a different VCPU
    - SAUCE: KVM: x86: Add speculative control CPUID support for guests
    - SAUCE: x86/svm: Add code to clobber the RSB on VM exit
    - SAUCE: x86/cpu/AMD: Make the LFENCE instruction serialized
    - SAUCE: x...

Read more...

Changed in linux (Ubuntu Trusty):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 4.13.0-32.35

---------------
linux (4.13.0-32.35) artful; urgency=low

  * CVE-2017-5715 // CVE-2017-5753
    - SAUCE: x86/entry: Fix up retpoline assembler labels

 -- Stefan Bader <email address hidden> Tue, 23 Jan 2018 09:13:39 +0100

Changed in linux (Ubuntu):
status: Incomplete → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers