Fedora Linux 8775 Published by

A new kernel security update is available for Fedora 29 to address the new security issues of some Intel CPUs.



--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2019-7a3fc17778
2019-11-13 06:47:08.913545
--------------------------------------------------------------------------------

Name : kernel
Product : Fedora 29
Version : 5.3.11
Release : 100.fc29
URL : https://www.kernel.org/
Summary : The Linux kernel
Description :
The kernel meta package

--------------------------------------------------------------------------------
Update Information:

The 5.3.11 stable kernel update contains a number of important security updates
across the tree, including mitigations for the most recent hardware issues
disclosed on Nov 12. ---- The 5.3.9 update contains a number of important
fixes across the tree ---- Update to upstream 2.1-22. 20190618
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 12 2019 Justin M. Forbes - 5.3.11-100
- Linux v5.3.11
- Fixes CVE-2019-11135 (rhbz 1753062 1771649)
- Fixes CVE-2018-12207 (rhbz 1646768 1771645)
- Fixes CVE-2019-0154 (rhbz 1724393 1771642)
- Fixes CVE-2019-0155 (rhbz 1724398 1771644)
* Mon Nov 11 2019 Laura Abbott - 5.3.10-100
- Linux v5.3.10
* Wed Nov 6 2019 Laura Abbott - 5.3.9-100
- Linux v5.3.9
* Tue Oct 29 2019 Laura Abbott - 5.3.8-100
- Linux v5.3.8
- Fix CVE-2019-17666 (rhbz 1763692)
* Fri Oct 18 2019 Laura Abbott - 5.3.7-100
- Linux v5.3.7
* Mon Oct 14 2019 Laura Abbott - 5.3.6-100
- Linux v5.3.6 Rebase
- Fix disappearing cursor issue (rhbz 1738614)
* Tue Oct 8 2019 Justin M. Forbes - 5.2.20-100
- Linux v5.2.20
* Wed Oct 2 2019 Justin M. Forbes
- Fix CVE-2019-17052 CVE-2019-17053 CVE-2019-17054 CVE-2019-17055 CVE-2019-17056
(rhbz 1758239 1758240 1758242 1758243 1758245 1758246 1758248 1758249 1758256 1758257)
* Tue Oct 1 2019 Justin M. Forbes - 5.2.18-100
- Linux v5.2.18
* Mon Sep 23 2019 Peter Robinson
- Upstream patch for iwlwifi 8000 series FW issues (rhbz: 1749949)
* Mon Sep 23 2019 Justin M. Forbes - 5.2.17-100
- Linux v5.2.17
* Thu Sep 19 2019 Laura Abbott
- Fix for dwc3 (rhbz 1753099)
* Thu Sep 19 2019 Justin M. Forbes - 5.2.16-100
- Linux v5.2.16
- Fix CVE-2019-14821 (rhbz 1746708 1753596)
* Mon Sep 16 2019 Justin M. Forbes - 5.2.15-100
- Linux v5.2.15
- Fixes rhbz 1751901
* Tue Sep 10 2019 Justin M. Forbes - 5.2.14-100
- Linux v5.2.14
* Fri Sep 6 2019 Justin M. Forbes - 5.2.13-100
- Linux v5.2.13
* Thu Aug 29 2019 Justin M. Forbes - 5.2.11-100
- Linux v5.2.11
- Fix CVE-2019-15504 (rhbz 1746725 1746726)
- Fix CVE-2019-15505 (rhbz 1746732 1746734)
- Fix CVE-2019-15538 (rhbz 1746777 1746779)
* Wed Aug 28 2019 Justin M. Forbes
- Fix mwifiex CVE-2019-14814 CVE-2019-14815 CVE-2019-14816
- (rhbz 1744130 1744137 1744149 1746566 1746567)
* Mon Aug 26 2019 Justin M. Forbes - 5.2.10-100
- Linux v5.2.10
* Fri Aug 16 2019 Justin M. Forbes - 5.2.9-100
- Linux v5.2.9
* Sat Aug 10 2019 Justin M. Forbes - 5.2.8-100
- Linux v5.2.8
* Thu Aug 8 2019 Justin M. Forbes - 5.2.7-100
- Linux v5.2.7
- Fix netfilter regression (rhbz 1737171)
* Mon Aug 5 2019 Justin M. Forbes - 5.2.6-100
- Linux v5.2.6 rebase
* Mon Jul 29 2019 Jeremy Cline - 5.1.21-200
- Linux v5.1.21
* Fri Jul 26 2019 Jeremy Cline - 5.1.20-200
- Linux v5.1.20
* Mon Jul 22 2019 Laura Abbott
- Bring in DMA fix (rhbz 1732045)
* Mon Jul 22 2019 Jeremy Cline - 5.1.19-200
- Linux v5.1.19
- Fix Xen Security Advisory 300 (rhbz 1731862 1731864)
- Fix a null pointer dereference in the 8250_lpss serial driver (rhbz 1731784)
* Thu Jul 18 2019 Jeremy Cline
- Fix CVE-2019-13631 (rhbz 1731000 1731001)
* Mon Jul 15 2019 Jeremy Cline - 5.1.18-200
- Linux v5.1.18
* Wed Jul 10 2019 Jeremy Cline - 5.1.17-200
- Linux v5.1.17
* Mon Jul 8 2019 Jeremy Cline
- Fix a firmware crash in Intel 7000 and 8000 devices (rhbz 1716334)
* Thu Jul 4 2019 Peter Robinson
- Fixes for load avg and display on Raspberry Pi
* Wed Jul 3 2019 Jeremy Cline - 5.1.16-200
- Linux v5.1.16
- Fix an issue with deleting singular conntrack entries (rhbz 1724357)
* Tue Jun 25 2019 Jeremy Cline - 5.1.15-200
- Linux v5.1.15
- Fixes CVE-2019-12817 (rhbz 1720616 1723697)
* Mon Jun 24 2019 Hans de Goede
- Extend GPD MicroPC LCD panel quirk to also apply to newer BIOS versions
* Mon Jun 24 2019 Jeremy Cline - 5.1.14-200
- Linux v5.1.14
* Wed Jun 19 2019 Jeremy Cline - 5.1.12-200
- Linux v5.1.12
* Mon Jun 17 2019 Jeremy Cline - 5.1.11-200
- Linux v5.1.11
- Fixes CVE-2019-11477 (rhbz 1719123 1721254)
- Fixes CVE-2019-11479 (rhbz 1719129 1721255)
- Fixes CVE-2019-11478 (rhbz 1719128 1721256)
* Mon Jun 17 2019 Jeremy Cline - 5.1.10-200
- Linux v5.1.10
* Fri Jun 14 2019 Hans de Goede
- Fix the LCD panel an Asus EeePC 1025C not lighting up (rhbz#1697069)
- Fix the LCD panel on the GPD MicroPC not working
* Thu Jun 13 2019 Justin M. Forbes
- Fix CVE-2019-10126 (rhbz 1716992 1720122)
* Tue Jun 11 2019 Jeremy Cline - 5.1.9-200
- Linux v5.1.9
- Fix UDP checkshums for SIP packets (rhbz 1716289)
* Sun Jun 9 2019 Jeremy Cline - 5.1.8-200
- Linux v5.1.8
* Fri Jun 7 2019 Justin M. Forbes
- Fix CVE-2019-12614 (rhbz 1718176 1718185)
* Thu Jun 6 2019 Jeremy Cline
- Fix incorrect permission denied with lock down off (rhbz 1658675)
- Fix an issue with the IPv6 neighbor table (rhbz 1708717)
* Wed Jun 5 2019 Justin M. Forbes
- Fix CVE-2019-12456 (rhbz 1717182 1717183)
* Tue Jun 4 2019 Jeremy Cline - 5.1.7-200
- Linux v5.1.7
- Fix CVE-2019-12455 (rhbz 1716990 1717003)
- Fix CVE-2019-12454 (rhbz 1716996 1717003)
* Mon Jun 3 2019 Jeremy Cline - 5.1.6-200
- Linux v5.1.6
- Fix CVE-2019-12378 (rhbz 1715459 1715460)
- Fix CVE-2019-3846 (rhbz 1713059 1715475)
- Fix CVE-2019-12380 (rhbz 1715494 1715495)
- Fix CVE-2019-12381 (rhbz 1715501 1715502)
- Fix CVE-2019-12382 (rhbz 1715554 1715556)
- Fix CVE-2019-12379 (rhbz 1715491 1715706)
- Fix an issue with Bluetooth 2.0 and earlier devices (rhbz 1711468)
* Fri May 31 2019 Laura Abbott - 5.0.20-200
- Linux v5.0.20
* Tue May 28 2019 Laura Abbott - 5.0.19-200
- Linux v5.0.19
* Thu May 23 2019 Justin M. Forbes - 5.0.18-200
- Bring back ad8cfb9c42ef83ecf4079bc7d77e6557648e952b to fix s390 build
* Wed May 22 2019 Justin M. Forbes
- Linux v5.0.18
- Fixes CVE-2019-11833 (rhbz 1712072 1712073)
* Mon May 20 2019 Laura Abbott - 5.0.17-200
- Linux v5.0.17
* Tue May 14 2019 Justin M. Forbes - 5.0.16-200
- Linux v5.0.16
- Fixes CVE-2018-12126 (rhbz 1646781 1709976)
- Fixes CVE-2018-12127 (rhbz 1667782 1709978)
- Fixes CVE-2018-12130 (rhbz 1646784 1709989 1709996)
- Fixes CVE-2019-11091 (rhbz 1705312 1709983)
* Mon May 13 2019 Laura Abbott - 5.0.15-200
- Linux v5.0.15
- Fixes CVE-2019-11884 (rhbz 1709837 1709838)
* Thu May 9 2019 Laura Abbott - 5.0.14-200
- Linux v5.0.14
* Mon May 6 2019 Laura Abbott - 5.0.13-200
- Linux v5.0.13
* Sat May 4 2019 Laura Abbott - 5.0.12-200
- Linux v5.0.12
* Thu May 2 2019 Laura Abbott - 5.0.11-200
- Linux v5.0.11
* Tue Apr 30 2019 Hans de Goede
- Fix wifi on various ideapad models not working (rhbz#1703338)
* Mon Apr 29 2019 Laura Abbott - 5.0.10-200
- Linux v5.0.10
* Thu Apr 25 2019 Justin M. Forbes
- Fix CVE-2019-3900 (rhbz 1698757 1702940)
* Tue Apr 23 2019 Jeremy Cline
- Allow modules signed by keys in the platform keyring (rbhz 1701096)
* Tue Apr 23 2019 Justin M. Forbes
- Fix CVE-2019-9503 rhbz 1701842 1701843
* Mon Apr 22 2019 Laura Abbott - 5.0.9-200
- Linux v5.0.9
- Fix NFS server crash (rhbz 1701077)
* Thu Apr 18 2019 Justin M. Forbes
- Fix CVE-2019-9500 (rhbz 1701224 1701225)
* Wed Apr 17 2019 Laura Abbott - 5.0.8-200
- Linux v5.0.8
* Mon Apr 8 2019 Laura Abbott - 5.0.7-200
- Linux v5.0.7
* Mon Apr 8 2019 Justin M. Forbes
- Fix CVE-2019 (rhbz 1695044 1697187)
* Wed Apr 3 2019 Laura Abbott - 5.0.6-200
- Linux v5.0.6
* Wed Apr 3 2019 Justin M. Forbes
- Fix CVE-2019-3882 (rhbz 1689426 1695571)
* Mon Apr 1 2019 Justin M. Forbes
- Fix CVE-2019-9857 (rhbz 1694758 1694759)
* Mon Apr 1 2019 Laura Abbott
- Ensure ioschedulers are built in (rhbz 1690604)
* Wed Mar 27 2019 Laura Abbott - 5.0.5-200
- Linux v5.0.5
* Mon Mar 25 2019 Laura Abbott - 5.0.4-200
- Linux v5.0.4
* Fri Mar 22 2019 Laura Abbott
- TPM fix (rhbz 1688283)
* Wed Mar 20 2019 Hans de Goede
- Make the mainline vboxguest drv feature set match VirtualBox 6.0.x (#1689750)
* Tue Mar 19 2019 Laura Abbott - 5.0.3-200
- Linux v5.0.3
* Thu Mar 14 2019 Justin M. Forbes - 4.20.16-200
- Linux v4.20.16
* Mon Mar 11 2019 Justin M. Forbes - 4.20.15-200
- Linux v4.20.15
* Tue Mar 5 2019 Justin M. Forbes - 4.20.14-200
- Linux v4.20.14
* Wed Feb 27 2019 Justin M. Forbes - 4.20.13-200
- Linux v4.20.13
- Fix for NFS issue (rhbz 1683382)
* Mon Feb 25 2019 Justin M. Forbes - 4.20.12-200
- Linux v4.20.12
* Fri Feb 22 2019 Justin M. Forbes
- Fix CVE-2019-8980 (rhbz 1679972 1679974)
* Wed Feb 20 2019 Justin M. Forbes - 4.20.11-200
- Linux v4.20.11
* Tue Feb 19 2019 Justin M. Forbes
- Fix CVE-2019-8912 (rhbz 1678685 1678686)
* Fri Feb 15 2019 Justin M. Forbes - 4.20.10-200
- Linux v4.20.10
* Tue Feb 12 2019 Justin M. Forbes - 4.20.8-200
- Linux v4.20.8
- Fixes CVE-2019-7221 (rhbz 1671904 1673676)
- Fixes CVE-2019-6974 (rhbz 1671913 1673681)
- Fixes CVE-2019-7222 (rhbz 1671930 1673686)
* Mon Feb 11 2019 Peter Robinson
- Minor Arm fixes and enhancements
* Wed Feb 6 2019 Justin M. Forbes - 4.20.7-200
- Linux v4.20.7
* Thu Jan 31 2019 Justin M. Forbes - 4.20.6-200
- Linux v4.20.6
* Mon Jan 28 2019 Justin M. Forbes - 4.20.5-200
- Linux v4.20.5
- Fix CVE-2018-16880 (rhbz 1656472 1669545)
* Wed Jan 23 2019 Hans de Goede
- Add upstream patch fixing backlight control not working on some laptops
with a Nvidia GPU (rhbz#1663613, rhbz#1665505)
* Wed Jan 23 2019 Justin M. Forbes - 4.20.4-200
- Linux v4.20.4
* Thu Jan 17 2019 Justin M. Forbes - 4.20.3-200
- Linux v4.20.3 rebase
* Mon Jan 14 2019 Jeremy Cline - 4.19.15-300
- Linux v4.19.15
- Fix CVE-2019-3459 and CVE-2019-3460 (rbhz 1663176 1663179 1665925)
* Wed Jan 9 2019 Jeremy Cline - 4.19.14-300
- Linux v4.19.14
* Wed Jan 9 2019 Justin M. Forbes
- Fix CVE-2019-3701 (rhbz 1663729 1663730)
* Mon Jan 7 2019 Hans de Goede
- Add patch to fix bluetooth on RPI 3B+ registering twice (rhbz#1661961)
* Sat Dec 29 2018 Jeremy Cline - 4.19.13-300
- Linux v4.19.13
* Thu Dec 27 2018 Hans de Goede
- Set CONFIG_REALTEK_PHY=y to workaround realtek ethernet issues (rhbz 1650984)
* Mon Dec 24 2018 Peter Robinson 4.19.12-301
- Another fix for issue affecting Raspberry Pi 3-series WiFi (rhbz 1652093)
* Sat Dec 22 2018 Peter Robinson 4.19.12-300
- Linux v4.19.12
* Thu Dec 20 2018 Jeremy Cline - 4.19.11-300
- Linux v4.19.11
* Mon Dec 17 2018 Jeremy Cline - 4.19.10-300
- Linux v4.19.10
* Fri Dec 14 2018 Peter Robinson 4.19.9-301
- Fix Raspberry Pi issues affecting WiFi (rhbz 1652093)
* Thu Dec 13 2018 Jeremy Cline - 4.19.9-300
- Linux v4.19.9
* Tue Dec 11 2018 Hans de Goede
- Really fix non functional hotkeys on Asus FX503VD (#1645070)
* Mon Dec 10 2018 Jeremy Cline - 4.19.8-300
- Linux v4.19.8
* Thu Dec 6 2018 Peter Robinson
- Fix for ethernet LEDs on Raspberry Pi 3B+
* Wed Dec 5 2018 Jeremy Cline - 4.19.7-300
- Linux v4.19.7
* Wed Dec 5 2018 Jeremy Cline
- Fix corruption bug in direct dispatch for blk-mq
* Tue Dec 4 2018 Justin M. Forbes
- Fix CVE-2018-19824 (rhbz 1655816 1655817)
* Mon Dec 3 2018 Jeremy Cline
- Fix very quiet speakers on the Thinkpad T570 (rhbz 1554304)
* Mon Dec 3 2018 Hans de Goede
- Fix non functional hotkeys on Asus FX503VD (#1645070)
* Sun Dec 2 2018 Jeremy Cline - 4.19.6-300
- Linux v4.19.6
* Thu Nov 29 2018 Jeremy Cline
- Fix a problem with some rtl8168 chips (rhbz 1650984)
- Fix slowdowns and crashes for AMD GPUs in pre-PCIe-v3 slots
* Tue Nov 27 2018 Jeremy Cline - 4.19.5-300
- Linux v4.19.5
- Fix CVE-2018-16862 (rhbz 1649017 1653122)
- Fix CVE-2018-19407 (rhbz 1652656 1652658)
* Mon Nov 26 2018 Jeremy Cline
- Fixes a null pointer dereference with Nvidia and vmwgfx drivers (rhbz 1650224)
* Fri Nov 23 2018 Peter Robinson - 4.19.4-300
- Linux v4.19.4
* Thu Nov 22 2018 Peter Robinson
- Fixes for Rockchips 3399 devices
* Wed Nov 21 2018 Jeremy Cline - 4.19.3-300
- Linux v4.19.3
* Tue Nov 20 2018 Hans de Goede
- Turn on CONFIG_PINCTRL_GEMINILAKE on x86_64 (rhbz#1639155)
- Add a patch fixing touchscreens on HP AMD based laptops (rhbz#1644013)
- Add a patch fixing KIOX010A accelerometers (rhbz#1526312)
* Sat Nov 17 2018 Peter Robinson 4.19.2-301
- Fix WiFi on Raspberry Pi 3 on aarch64 (rhbz 1649344)
- Fixes for Raspberry Pi hwmon driver and firmware interface
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #1753062 - CVE-2019-11135 hw: TSX Transaction Asynchronous Abort (TAA)
https://bugzilla.redhat.com/show_bug.cgi?id=1753062
[ 2 ] Bug #1646768 - CVE-2018-12207 hw: Machine Check Error on Page Size Change (IPU)
https://bugzilla.redhat.com/show_bug.cgi?id=1646768
[ 3 ] Bug #1724393 - CVE-2019-0154 hw: Intel GPU Denial Of Service while accessing MMIO in lower power state
https://bugzilla.redhat.com/show_bug.cgi?id=1724393
[ 4 ] Bug #1724398 - CVE-2019-0155 hw: Intel GPU blitter manipulation can allow for arbitrary kernel memory write
https://bugzilla.redhat.com/show_bug.cgi?id=1724398
[ 5 ] Bug #1758414 - CVE-2019-0117 hw: Intel SGX information leak
https://bugzilla.redhat.com/show_bug.cgi?id=1758414
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-7a3fc17778' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys