-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 07 Jun 2020 17:42:22 +0200
Source: linux-signed-amd64
Architecture: source
Version: 4.19.118+2+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Changes:
linux-signed-amd64 (4.19.118+2+deb10u1) buster-security; urgency=high
.
* Sign kernel from linux 4.19.118-2+deb10u1
.
[ Salvatore Bonaccorso ]
* selinux: properly handle multiple messages in selinux_netlink_send()
(CVE-2020-10751)
* fs/namespace.c: fix mountpoint reference counter race (CVE-2020-12114)
* USB: core: Fix free-while-in-use bug in the USB S-Glibrary
(CVE-2020-12464)
* [x86] KVM: SVM: Fix potential memory leak in svm_cpu_init()
(CVE-2020-12768)
* scsi: sg: add sg_remove_request in sg_write (CVE-2020-12770)
* USB: gadget: fix illegal array access in binding with UDC (CVE-2020-13143)
* netlabel: cope with NULL catmap (CVE-2020-10711)
* fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
(CVE-2020-10732)
* kernel/relay.c: handle alloc_percpu returning NULL in relay_open
(CVE-2019-19462)
* mm: Fix mremap not considering huge pmd devmap (CVE-2020-10757)
* [x86] KVM: nVMX: Always sync GUEST_BNDCFGS when it comes from vmcs01
* KVM: Introduce a new guest mapping API
* [arm64] kvm: fix compilation on aarch64
* [s390x] kvm: fix compilation on s390
* [s390x] kvm: fix compile on s390 part 2
* KVM: Properly check if "page" is valid in kvm_vcpu_unmap
* [x86] kvm: Introduce kvm_(un)map_gfn() (CVE-2019-3016)
* [x86] kvm: Cache gfn to pfn translation (CVE-2019-3016)
* [x86] KVM: Make sure KVM_VCPU_FLUSH_TLB flag is not missed (CVE-2019-3016)
* [x86] KVM: Clean up host's steal time structure (CVE-2019-3016)
* include/uapi/linux/swab.h: fix userspace breakage, use __BITS_PER_LONG for
swap (Closes: #960271)
.
[ Ben Hutchings ]
* propagate_one(): mnt_set_mountpoint() needs mount_lock
* [x86] Add support for mitigation of Special Register Buffer Data Sampling
(SRBDS) (CVE-2020-0543):
- x86/cpu: Add 'table' argument to cpu_matches()
- x86/speculation: Add Special Register Buffer Data Sampling (SRBDS)
mitigation
- x86/speculation: Add SRBDS vulnerability and mitigation documentation
- x86/speculation: Add Ivy Bridge to affected list
* [x86] speculation: Do not match steppings, to avoid an ABI change
Checksums-Sha1:
84afc209b4b20dd0336abf7568d0948105b3e12d 7881 linux-signed-amd64_4.19.118+2+deb10u1.dsc
d7966037e045525b478db107df738a0971a77239 2541656 linux-signed-amd64_4.19.118+2+deb10u1.tar.xz
Checksums-Sha256:
5b827f3615fa5aa639d11753a99c1a4c485ff474adff727b19684e7faf09aac9 7881 linux-signed-amd64_4.19.118+2+deb10u1.dsc
ed7199e0119a92182060f8b188e9b1a07f628df637299512c548e183a049acba 2541656 linux-signed-amd64_4.19.118+2+deb10u1.tar.xz
Files:
346d960afe29cba533adcfada4422fa8 7881 kernel optional linux-signed-amd64_4.19.118+2+deb10u1.dsc
5d54863a6349ed59cbff3a31eaeeeae1 2541656 kernel optional linux-signed-amd64_4.19.118+2+deb10u1.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE8nXL3e4u3Tgu6Vp6qgZoiu+K+NUFAl7eVvgACgkQqgZoiu+K
+NVSlg/+O2KJbyBwBjpJVFlYsHB8uA4I+Z4Bq5XrtYP0V6SBK2NqnUNpdswHCFMD
VT5c3X/KO6fMEiHgSB6hPpp4XMHVwwKY/oB238R7rwN71KxGjxxXEbkjFy/CF1K+
7SnZ7wzx0JrUY7mOaLqijphqcph7UlffIdOykom7v7tbc/4fAg1E++iFfk2ooJjK
tkaWO3fsdpLqbkNvyGdht2wOTX0Ak7iID5qI1/gaMFTSXDOHr4YQgd59VGSLF9C4
3SsAzgdFmdadQcb+VoLOvnQuI3HHMFjzmscTalVfz3caHKLi5D3rW1qqdpKgJ9E0
bBT7vnE8zBiCsVrsQHlEc1EW2TOBmKhkqJfPPvPbvkjNZbbCTWTMCtb5O4l7w7y4
uKdWcbfHFwOYEusBLoTWHUqCn7wgF8jS6PttawUjKYYFEpR4+Y3nhzmrwe2BIiRv
hCcD9D1XdkKpKYJSFxN7j2XrOMhJRt2dnOAIItKoZYVgc80/jvUjTfFD9KEDw8Fs
G/AYeU8Pqseb1OGEgtX95s7YcuiKWe2brA4mTytJ5uI72whv+0c1E3PFnsdPcspv
D8RkfcM5Cjg5GRxZQ0yRoNL/jd28/TE9o92XcknyrWFMH2ZDT8bepLvtTTsiUD99
leG5WRevTXgVsY/tONk/aprYdnMEFp29xwPxoxJplbALJB4MpGU=
=7nZT
-----END PGP SIGNATURE-----
