-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 12 Nov 2019 15:44:08 +0000
Source: linux-signed-amd64
Binary: kernel-image-5.3.0-2-amd64-di nic-modules-5.3.0-2-amd64-di nic-wireless-modules-5.3.0-2-amd64-di nic-shared-modules-5.3.0-2-amd64-di serial-modules-5.3.0-2-amd64-di usb-serial-modules-5.3.0-2-amd64-di ppp-modules-5.3.0-2-amd64-di pata-modules-5.3.0-2-amd64-di cdrom-core-modules-5.3.0-2-amd64-di firewire-core-modules-5.3.0-2-amd64-di scsi-core-modules-5.3.0-2-amd64-di scsi-modules-5.3.0-2-amd64-di scsi-nic-modules-5.3.0-2-amd64-di loop-modules-5.3.0-2-amd64-di btrfs-modules-5.3.0-2-amd64-di ext4-modules-5.3.0-2-amd64-di isofs-modules-5.3.0-2-amd64-di jfs-modules-5.3.0-2-amd64-di xfs-modules-5.3.0-2-amd64-di fat-modules-5.3.0-2-amd64-di md-modules-5.3.0-2-amd64-di multipath-modules-5.3.0-2-amd64-di usb-modules-5.3.0-2-amd64-di usb-storage-modules-5.3.0-2-amd64-di pcmcia-storage-modules-5.3.0-2-amd64-di fb-modules-5.3.0-2-amd64-di input-modules-5.3.0-2-amd64-di event-modules-5.3.0-2-amd64-di mouse-modules-5.3.0-2-amd64-di nic-pcmcia-modules-5.3.0-2-amd64-di
pcmcia-modules-5.3.0-2-amd64-di nic-usb-modules-5.3.0-2-amd64-di sata-modules-5.3.0-2-amd64-di acpi-modules-5.3.0-2-amd64-di i2c-modules-5.3.0-2-amd64-di crc-modules-5.3.0-2-amd64-di crypto-modules-5.3.0-2-amd64-di crypto-dm-modules-5.3.0-2-amd64-di efi-modules-5.3.0-2-amd64-di ata-modules-5.3.0-2-amd64-di mmc-core-modules-5.3.0-2-amd64-di mmc-modules-5.3.0-2-amd64-di nbd-modules-5.3.0-2-amd64-di squashfs-modules-5.3.0-2-amd64-di speakup-modules-5.3.0-2-amd64-di uinput-modules-5.3.0-2-amd64-di sound-modules-5.3.0-2-amd64-di compress-modules-5.3.0-2-amd64-di udf-modules-5.3.0-2-amd64-di fuse-modules-5.3.0-2-amd64-di mtd-core-modules-5.3.0-2-amd64-di rfkill-modules-5.3.0-2-amd64-di linux-image-5.3.0-2-amd64 linux-image-amd64 linux-image-5.3.0-2-cloud-amd64
linux-image-cloud-amd64
Architecture: source
Version: 5.3.9+2
Distribution: sid
Urgency: medium
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Ben Hutchings <ben@decadent.org.uk>
Description:
acpi-modules-5.3.0-2-amd64-di - ACPI support modules (udeb)
ata-modules-5.3.0-2-amd64-di - ATA disk modules (udeb)
btrfs-modules-5.3.0-2-amd64-di - BTRFS filesystem support (udeb)
cdrom-core-modules-5.3.0-2-amd64-di - CDROM support (udeb)
compress-modules-5.3.0-2-amd64-di - lzo modules (udeb)
crc-modules-5.3.0-2-amd64-di - CRC modules (udeb)
crypto-dm-modules-5.3.0-2-amd64-di - devicemapper crypto module (udeb)
crypto-modules-5.3.0-2-amd64-di - crypto modules (udeb)
efi-modules-5.3.0-2-amd64-di - EFI modules (udeb)
event-modules-5.3.0-2-amd64-di - Event support (udeb)
ext4-modules-5.3.0-2-amd64-di - ext2/ext3/ext4 filesystem support (udeb)
fat-modules-5.3.0-2-amd64-di - FAT filesystem support (udeb)
fb-modules-5.3.0-2-amd64-di - Frame buffer support (udeb)
firewire-core-modules-5.3.0-2-amd64-di - Core FireWire drivers (udeb)
fuse-modules-5.3.0-2-amd64-di - FUSE modules (udeb)
i2c-modules-5.3.0-2-amd64-di - i2c support modules (udeb)
input-modules-5.3.0-2-amd64-di - Input devices support (udeb)
isofs-modules-5.3.0-2-amd64-di - ISOFS filesystem support (udeb)
jfs-modules-5.3.0-2-amd64-di - JFS filesystem support (udeb)
kernel-image-5.3.0-2-amd64-di - Linux kernel image and core modules for the Debian installer (udeb)
linux-image-5.3.0-2-amd64 - ${unsigned:DescriptionShort} (signed)
linux-image-5.3.0-2-cloud-amd64 - ${unsigned:DescriptionShort} (signed)
linux-image-amd64 - Linux for 64-bit PCs (meta-package)
linux-image-cloud-amd64 - Linux for x86-64 cloud (meta-package)
loop-modules-5.3.0-2-amd64-di - Loopback filesystem support (udeb)
md-modules-5.3.0-2-amd64-di - RAID and LVM support (udeb)
mmc-core-modules-5.3.0-2-amd64-di - MMC/SD/SDIO core modules (udeb)
mmc-modules-5.3.0-2-amd64-di - MMC/SD card modules (udeb)
mouse-modules-5.3.0-2-amd64-di - Mouse support (udeb)
mtd-core-modules-5.3.0-2-amd64-di - MTD core (udeb)
multipath-modules-5.3.0-2-amd64-di - Multipath support (udeb)
nbd-modules-5.3.0-2-amd64-di - Network Block Device modules (udeb)
nic-modules-5.3.0-2-amd64-di - NIC drivers (udeb)
nic-pcmcia-modules-5.3.0-2-amd64-di - Common PCMCIA NIC drivers (udeb)
nic-shared-modules-5.3.0-2-amd64-di - Shared NIC drivers (udeb)
nic-usb-modules-5.3.0-2-amd64-di - USB NIC drivers (udeb)
nic-wireless-modules-5.3.0-2-amd64-di - Wireless NIC drivers (udeb)
pata-modules-5.3.0-2-amd64-di - PATA drivers (udeb)
pcmcia-modules-5.3.0-2-amd64-di - Common PCMCIA drivers (udeb)
pcmcia-storage-modules-5.3.0-2-amd64-di - PCMCIA storage drivers (udeb)
ppp-modules-5.3.0-2-amd64-di - PPP drivers (udeb)
rfkill-modules-5.3.0-2-amd64-di - rfkill modules (udeb)
sata-modules-5.3.0-2-amd64-di - SATA drivers (udeb)
scsi-core-modules-5.3.0-2-amd64-di - Core SCSI subsystem (udeb)
scsi-modules-5.3.0-2-amd64-di - SCSI drivers (udeb)
scsi-nic-modules-5.3.0-2-amd64-di - SCSI drivers for converged NICs (udeb)
serial-modules-5.3.0-2-amd64-di - Serial drivers (udeb)
sound-modules-5.3.0-2-amd64-di - sound support (udeb)
speakup-modules-5.3.0-2-amd64-di - speakup modules (udeb)
squashfs-modules-5.3.0-2-amd64-di - squashfs modules (udeb)
udf-modules-5.3.0-2-amd64-di - UDF modules (udeb)
uinput-modules-5.3.0-2-amd64-di - uinput support (udeb)
usb-modules-5.3.0-2-amd64-di - USB support (udeb)
usb-serial-modules-5.3.0-2-amd64-di - USB serial drivers (udeb)
usb-storage-modules-5.3.0-2-amd64-di - USB storage support (udeb)
xfs-modules-5.3.0-2-amd64-di - XFS filesystem support (udeb)
Changes:
linux-signed-amd64 (5.3.9+2) unstable; urgency=medium
.
* Sign kernel from linux 5.3.9-2
.
* [x86] Add mitigation for TSX Asynchronous Abort (CVE-2019-11135):
- x86/msr: Add the IA32_TSX_CTRL MSR
- x86/cpu: Add a helper function x86_read_arch_cap_msr()
- x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
- x86/speculation/taa: Add mitigation for TSX Async Abort
- x86/speculation/taa: Add sysfs reporting for TSX Async Abort
- kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
- x86/tsx: Add "auto" option to the tsx= cmdline parameter
- x86/speculation/taa: Add documentation for TSX Async Abort
- x86/tsx: Add config options to set tsx=on|off|auto
- x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs
TSX is now disabled by default; see
Documentation/admin-guide/hw-vuln/tsx_async_abort.rst
* [x86] KVM: Add mitigation for Machine Check Error on Page Size Change
(aka iTLB multi-hit, CVE-2018-12207):
- kvm: x86, powerpc: do not allow clearing largepages debugfs entry
- x86/bugs: Add ITLB_MULTIHIT bug infrastructure
- x86/cpu: Add Tremont to the cpu vulnerability whitelist
- cpu/speculation: Uninline and export CPU mitigations helpers
- kvm: mmu: ITLB_MULTIHIT mitigation
- kvm: Add helper function for creating VM worker threads
- kvm: x86: mmu: Recovery of shattered NX large pages
- Documentation: Add ITLB_MULTIHIT documentation
* [x86] i915: Mitigate local privilege escalation on gen9 (CVE-2019-0155):
- drm/i915: Rename gen7 cmdparser tables
- drm/i915: Disable Secure Batches for gen6+
- drm/i915: Remove Master tables from cmdparser
- drm/i915: Add support for mandatory cmdparsing
- drm/i915: Support ro ppgtt mapped cmdparser shadow buffers
- drm/i915: Allow parsing of unsized batches
- drm/i915: Add gen9 BCS cmdparsing
- drm/i915/cmdparser: Use explicit goto for error paths
- drm/i915/cmdparser: Add support for backward jumps
- drm/i915/cmdparser: Ignore Length operands during command matching
- drm/i915/cmdparser: Fix jump whitelist clearing
* [x86] i915: Mitigate local denial-of-service on gen8/gen9 (CVE-2019-0154):
- drm/i915: Lower RM timeout to avoid DSI hard hangs
- drm/i915/gen8+: Add RC6 CTX corruption WA
Checksums-Sha1:
dc1982319778b1a4a3e6c30bc99258ee5356ff8f 7788 linux-signed-amd64_5.3.9+2.dsc
410c28af6ec50c90b56f9d1b8d66d18d2da23a8b 1279228 linux-signed-amd64_5.3.9+2.tar.xz
Checksums-Sha256:
9d3b20aa4285e49aad15bb63bc032bf0de40a325106038628c865ee631638f48 7788 linux-signed-amd64_5.3.9+2.dsc
f9907b0ee37267ccd227ea3cdd1aa537b1f799142d34e0eff442354e949dedc6 1279228 linux-signed-amd64_5.3.9+2.tar.xz
Files:
4ab1802bf6f82b6050087cb8020f0346 7788 kernel optional linux-signed-amd64_5.3.9+2.dsc
2d3725fa19226cb5c3fd3103d93b3c2a 1279228 kernel optional linux-signed-amd64_5.3.9+2.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE8nXL3e4u3Tgu6Vp6qgZoiu+K+NUFAl3LsYAACgkQqgZoiu+K
+NVgbRAAzAoHiJU1rZhuc5MlvdoB1pYpD5Vez01OADulFXthQTdhRceQdAUfhaZj
wfXlKcxMMwk0LdxjMGQLrfcM68N3tq3cgIXsIpKU6d6w2OB6HcrE681aVisQIBHf
NTNE1nhFb9CoqpkyXC6ddLiKHglsWaTatxL+LlCfniTYw0RYgHMlcySUSy8bhLhH
Dm2Oz1PdaB79EWfiJ0cjVCtoxARhsvb5aXmIM+XdHdFIJ8rfjDxAvQqQ8zyRu1E8
ngDyXhuREzHpYan8eqRUhm8UaPnsYya0ab8ealmmMERuPx4JbYEud0OlATNRkGLb
FxZbXGg2AyZCtZGIww9CJOsgMQAXBlh2iiP73ymn7nuXhYXrhTUi7lzJKCB9GY3P
yvAABt2UH9MjjgazZOBAXXHfUHdsVpwnnAMfp0gwunh9q+noyKD8WJu5+qI1n8hP
VDIZvJy6RVDi2LhscG/tgBzkAmNFuKxdpjt/aBQsvbMAWpyVzg6fvO5bjSsi0otF
yrBaPohuu5elQwpXhvHOd3rHYqdY4g2MexnJ1IhyH6SgSGZArODBLaphaG7zc1Y+
Tf0aI23kmlg7VpYOL2gR1Twy9Hev3lR7+S5R20c8l0zMuCEY8wAVhO7EhU7oyUqX
aybLk5zel/d+V+pMbZASyv67TcD3phSFKdlIIgUBGaOe3P5fRj4=
=cxBM
-----END PGP SIGNATURE-----
