| Message ID | 20180126165758.5977-1-kleber.souza@canonical.com |
|---|---|
| Headers | show |
| Series | Fix for CVE-2017-1000407 | expand |
On 2018-01-26 17:57:56 , Kleber Sacilotto de Souza wrote: > https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000407.html > > Clean cherry-pick for Artful, a simple backport for Trusty since the bit was > cleared originally in a different function. The fix for Xenial is queued as > part of upstream stable update to 4.4.106. > > Andrew Honig (1): > KVM: VMX: remove I/O port 0x80 bypass on Intel hosts > > arch/x86/kvm/vmx.c | 5 ----- > 1 file changed, 5 deletions(-) > Wouldn't these patches complicate the stable-update pull? Do the stable updates need to be redone now after these fixes? Acked-by: Khalid Elmously <khalid.elmously@canonical.com>
On 26/01/18 16:57, Kleber Sacilotto de Souza wrote: > https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000407.html > > Clean cherry-pick for Artful, a simple backport for Trusty since the bit was > cleared originally in a different function. The fix for Xenial is queued as > part of upstream stable update to 4.4.106. > > Andrew Honig (1): > KVM: VMX: remove I/O port 0x80 bypass on Intel hosts > > arch/x86/kvm/vmx.c | 5 ----- > 1 file changed, 5 deletions(-) > Seems reasonable to me. Acked-by: Colin Ian King <colin.king@canonical.com>
On 01/26/18 18:15, Khaled Elmously wrote: > On 2018-01-26 17:57:56 , Kleber Sacilotto de Souza wrote: >> https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000407.html >> >> Clean cherry-pick for Artful, a simple backport for Trusty since the bit was >> cleared originally in a different function. The fix for Xenial is queued as >> part of upstream stable update to 4.4.106. >> >> Andrew Honig (1): >> KVM: VMX: remove I/O port 0x80 bypass on Intel hosts >> >> arch/x86/kvm/vmx.c | 5 ----- >> 1 file changed, 5 deletions(-) >> > > Wouldn't these patches complicate the stable-update pull? Do the stable updates need to be redone now after these fixes? 4.13 didn't get this fix on the stable tree and it stopped receiving stable updates, so we should be good and have no conflicts :-). Kleber > > Acked-by: Khalid Elmously <khalid.elmously@canonical.com> >
On 2018-01-29 10:30:36 , Kleber Souza wrote: > On 01/26/18 18:15, Khaled Elmously wrote: > > On 2018-01-26 17:57:56 , Kleber Sacilotto de Souza wrote: > >> https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000407.html > >> > >> Clean cherry-pick for Artful, a simple backport for Trusty since the bit was > >> cleared originally in a different function. The fix for Xenial is queued as > >> part of upstream stable update to 4.4.106. > >> > >> Andrew Honig (1): > >> KVM: VMX: remove I/O port 0x80 bypass on Intel hosts > >> > >> arch/x86/kvm/vmx.c | 5 ----- > >> 1 file changed, 5 deletions(-) > >> > > > > Wouldn't these patches complicate the stable-update pull? Do the stable updates need to be redone now after these fixes? > > 4.13 didn't get this fix on the stable tree and it stopped receiving > stable updates, so we should be good and have no conflicts :-). > > I guess I was wondering more about Trust (4.4) not 4.13. No worries though, we'll cross that bridge when we get to it. Still ACK > Kleber > > > > > Acked-by: Khalid Elmously <khalid.elmously@canonical.com> > >
Applied to artful On 2018-01-26 17:57:56 , Kleber Sacilotto de Souza wrote: > https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000407.html > > Clean cherry-pick for Artful, a simple backport for Trusty since the bit was > cleared originally in a different function. The fix for Xenial is queued as > part of upstream stable update to 4.4.106. > > Andrew Honig (1): > KVM: VMX: remove I/O port 0x80 bypass on Intel hosts > > arch/x86/kvm/vmx.c | 5 ----- > 1 file changed, 5 deletions(-) > > -- > 2.14.1 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team