Debian Stretch Openstack images changelog 9.9.2-20190614 Updates in 2 source package(s), 6 binary package(s): Source qemu, binaries: qemu-utils:amd64 qemu-utils:arm64 qemu (1:2.8+dfsg-6+deb9u7) stretch-security; urgency=medium * Fix the md_clear backport, thanks to Vincent Tondellier (Closes: #929067) qemu (1:2.8+dfsg-6+deb9u6) stretch-security; urgency=medium [ Moritz Mühlenhoff ] * slirp-correct-size-computation-concatenating-mbuf-CVE-2018-11806.patch (Closes: #901017, CVE-2018-11806) * qga-check-bytes-count-read-by-guest-file-read-CVE-2018-12617.patch (Closes: #902725, CVE-2018-12617) * usb-mtp-use-O_NOFOLLOW-and-O_CLOEXEC-CVE-2018-16872.patch (Closes: #916397, CVE-2018-16872) * rtl8139-fix-possible-out-of-bound-access-CVE-2018-17958.patch (Closes: #911499, CVE-2018-17958) * lsi53c895a-check-message-length-value-is-valid-CVE-2018-18849.patch (Closes: #912535, CVE-2018-18849) * ppc-pnv-check-size-before-data-buffer-access-CVE-2018-18954.patch (Closes: #914604, CVE-2018-18954) * 9p-write-lock-path-in-v9fs-co_open2.patch 9p-take-write-lock-on-fid-path-updates-CVE-2018-19364.patch (Closes: #914599, CVE-2018-19364) * 9p-fix-QEMU-crash-when-renaming-files-CVE-2018-19489.patch (Closes: #914727, CVE-2018-19489) * i2c-ddc-fix-oob-read-CVE-2019-3812.patch (Closes: #922635, CVE-2019-3812) * slirp-check-data-length-while-emulating-ident-function-CVE-2019-6778.patch (Closes: #921525, CVE-2019-6778) * slirp-check-sscanf-result-when-emulating-ident-CVE-2019-9824.patch (Closes: CVE-2019-9824) [ Michael Tokarev ] * enable-md-clear.patch define new CPUID for MDS (Closes: #929067) (Closes: CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091) * qxl-check-release-info-object-CVE-2019-12155.patch fixes null-pointer deref in qxl cleanup code (Closes: #929353, CVE-2019-12155) Source dbus, binaries: dbus:amd64 libdbus-1-3:amd64 dbus:arm64 libdbus-1-3:arm64 dbus (1.10.28-0+deb9u1) stretch-security; urgency=medium * New upstream stable release - CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1 authentication for identities that differ from the user running the DBusServer. Previously, a local attacker could manipulate symbolic links in their own home directory to bypass authentication and connect to a DBusServer with elevated privileges. The standard system and session dbus-daemons in their default configuration were immune to this attack because they did not allow DBUS_COOKIE_SHA1, but third-party users of DBusServer such as Upstart could be vulnerable. - Prevent reading up to 3 bytes beyond the end of a truncated message. This could in principle be an information leak or denial of service on the system bus, but is not believed to be exploitable to crash the system bus or leak interesting information in practice. - Stop the dbus-daemon leaking memory (an error message) if delivering the message that triggered auto-activation is forbidden. This is technically a denial of service because the dbus-daemon will run out of memory eventually, but it's a very slow and noisy one, because all the rejected messages are also very likely to have been logged to the system log, and its scope is typically limited by the finite number of activatable services available. - Remove __attribute__((__malloc__)) attribute on dbus_realloc(), which does not meet the criteria for that attribute in gcc 4.7+, potentially leading to miscompilation. - Fix build with gcc 8 -Werror=cast-function-type - Fix warning from gcc 8 about suspicious use of strncpy() when populating struct sockaddr_un - Fix installation of Ducktype documentation with newer yelp-build versions * d/control: Update Vcs-Git, Vcs-Browser -- Steve McIntyre <93sam@debian.org> Fri, 14 Jun 2019 12:07:14 +0100 9.9.1-20190515 Updates in 2 source package(s), 6 binary package(s): Source linux, binaries: linux-image-4.9.0-9-amd64:amd64 linux-image-4.9.0-9-arm64:arm64 linux (4.9.168-1+deb9u2) stretch-security; urgency=high [ Salvatore Bonaccorso ] * Revert "block/loop: Use global lock for ioctl() operation." (Closes: #928125) linux (4.9.168-1+deb9u1) stretch-security; urgency=high * [x86] Update speculation mitigations: - x86/MCE: Save microcode revision in machine check records - x86/cpufeatures: Hide AMD-specific speculation flags - x86/bugs: Add AMD's variant of SSB_NO - x86/bugs: Add AMD's SPEC_CTRL MSR usage - x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features - x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR - x86/microcode/intel: Add a helper which gives the microcode revision - x86/microcode/intel: Check microcode revision before updating sibling threads - x86/microcode: Make sure boot_cpu_data.microcode is up-to-date - x86/microcode: Update the new microcode revision unconditionally - x86/mm: Use WRITE_ONCE() when setting PTEs - bitops: avoid integer overflow in GENMASK(_ULL) - x86/speculation: Simplify the CPU bug detection logic - locking/atomics, asm-generic: Move some macros from to a new file - x86/speculation: Remove SPECTRE_V2_IBRS in enum spectre_v2_mitigation - x86/cpu: Sanitize FAM6_ATOM naming - Documentation/l1tf: Fix small spelling typo - x86/speculation: Apply IBPB more strictly to avoid cross-process data leak - x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation - x86/speculation: Propagate information about RSB filling mitigation to sysfs - x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off - x86/speculation: Update the TIF_SSBD comment - x86/speculation: Clean up spectre_v2_parse_cmdline() - x86/speculation: Remove unnecessary ret variable in cpu_show_common() - x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() - x86/speculation: Disable STIBP when enhanced IBRS is in use - x86/speculation: Rename SSBD update functions - x86/speculation: Reorganize speculation control MSRs update - x86/Kconfig: Select SCHED_SMT if SMP enabled - sched: Add sched_smt_active() - x86/speculation: Rework SMT state change - x86/l1tf: Show actual SMT state - x86/speculation: Reorder the spec_v2 code - x86/speculation: Mark string arrays const correctly - x86/speculataion: Mark command line parser data __initdata - x86/speculation: Unify conditional spectre v2 print functions - x86/speculation: Add command line control for indirect branch speculation - x86/speculation: Prepare for per task indirect branch speculation control - x86/process: Consolidate and simplify switch_to_xtra() code - x86/speculation: Avoid __switch_to_xtra() calls - x86/speculation: Prepare for conditional IBPB in switch_mm() - x86/speculation: Split out TIF update - x86/speculation: Prepare arch_smt_update() for PRCTL mode - x86/speculation: Prevent stale SPEC_CTRL msr content - x86/speculation: Add prctl() control for indirect branch speculation - x86/speculation: Enable prctl mode for spectre_v2_user - x86/speculation: Add seccomp Spectre v2 user space protection mode - x86/speculation: Provide IBPB always command line options - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID - x86/msr-index: Cleanup bit defines - x86/speculation: Consolidate CPU whitelists - Documentation: Move L1TF to separate directory - cpu/speculation: Add 'mitigations=' cmdline option - x86/speculation: Support 'mitigations=' cmdline option - x86/speculation/mds: Add 'mitigations=' support for MDS - x86/cpu/bugs: Use __initconst for 'const' init data * [x86] Mitigate Microarchitectural Data Sampling (MDS) vulnerabilities (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091): - x86/speculation/mds: Add basic bug infrastructure for MDS - x86/speculation/mds: Add BUG_MSBDS_ONLY - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests - x86/speculation/mds: Add mds_clear_cpu_buffers() - x86/speculation/mds: Clear CPU buffers on exit to user - x86/kvm/vmx: Add MDS protection when L1D Flush is not active - x86/speculation/mds: Conditionally clear CPU buffers on idle entry - x86/speculation/mds: Add mitigation control for MDS - x86/speculation/mds: Add sysfs reporting for MDS - x86/speculation/mds: Add mitigation mode VMWERV - Documentation: Add MDS vulnerability documentation - x86/speculation/mds: Add mds=full,nosmt cmdline option - x86/speculation: Move arch_smt_update() call to after mitigation decisions - x86/speculation/mds: Add SMT warning message - x86/speculation/mds: Fix comment - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off - x86/mds: Add MDSUM variant to the MDS documentation - Documentation: Correct the possible MDS sysfs values - x86/speculation/mds: Fix documentation typo * [x86] msr-index: Remove dependency on * [rt] Update patches to apply on top of the speculation mitigation changes * [x86] mce, tlb: Ignore ABI changes Source bind9, binaries: libdns-export162:amd64 libisc-export160:amd64 libdns-export162:arm64 libisc-export160:arm64 bind9 (1:9.10.3.dfsg.P4-12.3+deb9u5) stretch-security; urgency=high [ Marc Deslauriers (Ubuntu) ] * CVE-2018-5743: limiting simultaneous TCP clients is ineffective. Thanks to Marc Deslauriers of Ubuntu (Closes: #927932) [ Ondřej Surý ] * Sync Maintainer and Uploaders with unstable * [CVE-2019-6465]: Zone transfer for DLZs are executed though not permitted by ACLs. (Closes: #922955) * [CVE-2018-5745]: Avoid assertion and thus causing named to deliberately exit when a trust anchor's key is replaced with a key which uses an unsupported algorithm. (Closes: #922954) -- Steve McIntyre <93sam@debian.org> Wed, 15 May 2019 15:33:17 +0100 9.9.0 First build for 9.9.0 release -- Steve McIntyre <93sam@debian.org> Sat, 27 Apr 2019 19:40:54 +0100