-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 07 Jun 2020 17:42:22 +0200
Source: linux-signed-arm64
Architecture: source
Version: 4.19.118+2+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Changes:
linux-signed-arm64 (4.19.118+2+deb10u1) buster-security; urgency=high
.
* Sign kernel from linux 4.19.118-2+deb10u1
.
[ Salvatore Bonaccorso ]
* selinux: properly handle multiple messages in selinux_netlink_send()
(CVE-2020-10751)
* fs/namespace.c: fix mountpoint reference counter race (CVE-2020-12114)
* USB: core: Fix free-while-in-use bug in the USB S-Glibrary
(CVE-2020-12464)
* [x86] KVM: SVM: Fix potential memory leak in svm_cpu_init()
(CVE-2020-12768)
* scsi: sg: add sg_remove_request in sg_write (CVE-2020-12770)
* USB: gadget: fix illegal array access in binding with UDC (CVE-2020-13143)
* netlabel: cope with NULL catmap (CVE-2020-10711)
* fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
(CVE-2020-10732)
* kernel/relay.c: handle alloc_percpu returning NULL in relay_open
(CVE-2019-19462)
* mm: Fix mremap not considering huge pmd devmap (CVE-2020-10757)
* [x86] KVM: nVMX: Always sync GUEST_BNDCFGS when it comes from vmcs01
* KVM: Introduce a new guest mapping API
* [arm64] kvm: fix compilation on aarch64
* [s390x] kvm: fix compilation on s390
* [s390x] kvm: fix compile on s390 part 2
* KVM: Properly check if "page" is valid in kvm_vcpu_unmap
* [x86] kvm: Introduce kvm_(un)map_gfn() (CVE-2019-3016)
* [x86] kvm: Cache gfn to pfn translation (CVE-2019-3016)
* [x86] KVM: Make sure KVM_VCPU_FLUSH_TLB flag is not missed (CVE-2019-3016)
* [x86] KVM: Clean up host's steal time structure (CVE-2019-3016)
* include/uapi/linux/swab.h: fix userspace breakage, use __BITS_PER_LONG for
swap (Closes: #960271)
.
[ Ben Hutchings ]
* propagate_one(): mnt_set_mountpoint() needs mount_lock
* [x86] Add support for mitigation of Special Register Buffer Data Sampling
(SRBDS) (CVE-2020-0543):
- x86/cpu: Add 'table' argument to cpu_matches()
- x86/speculation: Add Special Register Buffer Data Sampling (SRBDS)
mitigation
- x86/speculation: Add SRBDS vulnerability and mitigation documentation
- x86/speculation: Add Ivy Bridge to affected list
* [x86] speculation: Do not match steppings, to avoid an ABI change
Checksums-Sha1:
1ac8cc937aa11f36fff8e975944def87b2f0f27a 6572 linux-signed-arm64_4.19.118+2+deb10u1.dsc
a3490020c10ab578ac95feb1431223e8f639d954 1940064 linux-signed-arm64_4.19.118+2+deb10u1.tar.xz
Checksums-Sha256:
122f2f364b1070df460f6774f511c3419b77ca423599b56c194715c2e86f7148 6572 linux-signed-arm64_4.19.118+2+deb10u1.dsc
2dcdb37bfb3d7149338340477c5b3e49208c6b82401f13ba40f79fe299a7e366 1940064 linux-signed-arm64_4.19.118+2+deb10u1.tar.xz
Files:
77f758a558d3761db3f914ca30012526 6572 kernel optional linux-signed-arm64_4.19.118+2+deb10u1.dsc
dff144bbc646c6161f84274a771ad808 1940064 kernel optional linux-signed-arm64_4.19.118+2+deb10u1.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE8nXL3e4u3Tgu6Vp6qgZoiu+K+NUFAl7eXaEACgkQqgZoiu+K
+NVUFw//RjwHvk1/egT4xAs/+QX9b/UiMrHqyryPhPWVp3098aR4pB29MI8ToK++
HMbv6rXhlGw59OSmzxZkHuxQr8hebLsiq0zolZhdAr+2PUBuzh6SSjQ+DJ71LlcN
gXUABibBYUPD94k6SCsWF4VsYHB8HdOt4DvxpfFEqESI2t9prgjqGuDAzk538Tur
1UXBI6HTSqt9F6R9w1TZmr/XYU/+wE9JqyhbmH7wMLfnMTmyBvREp9mHVHmHSA9A
Pea4zGvV1kXrwItbEh5xRjplO7/0lQsV2D2M0I0EhIaIW1nDb7CjtJ3k1wZ66cti
QZsZq2jpWdzWuZ3ufDRXa3OaeFz2AbaM/a1wNf7H6Ep6D1fvlDJiL39A0iOvIGTR
gczVbeV9tzySihi6nmfARLMEsg0py25qEz/Szq6Frpz+pbxXxvObxTRxkI3HE4Vh
FaFPkyM9s0BIPWfj/ZFL+/HngP5s2NMVuRPs6k+Rl0oouOjs3iI1hgZP+az8EUPy
B+uC5HjcRYZopq9QRn6nxFD/gvP1vAkf70hje8gzJidYEYY4druBTBtUD3TwZZXJ
10ioERFsLXugu/JIdkm1qSvXAaK53VJfUW5s8v9epIGe7ZM4Xkvp5roPEoFJ/P5d
GjDdEEXodNpYEjzWgwgEbbF+2ix5AjQ5chza/hB2ItgonURoRjM=
=dVQS
-----END PGP SIGNATURE-----
