cip-dev@lists.cip-project.org | [ANNOUNCE] 4.19.50-cip3 and 4.4.181-cip33

Home Messages Hashtags Subgroups

Date Date 1 - 5 of 5

[ANNOUNCE] 4.19.50-cip3 and 4.4.181-cip33

Nobuhiro Iwamatsu #2464 Hi all, CIP kernel team has released Linux kernel 4.19.50-cip3 and 4.4.181-cip33. You can get this release via the git tree at: 4.19.50-cip3: repository: https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git branch: linux-4.19.y-cip commit: 0f13d9b4d0efa9e87381717c113df57718bc92d6 4.4.181-cip33: repository: https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git branch: linux-4.4.y-cip commit: b791a4823f245e7871dbdd05d8f13bcc5dc377c9 And I introduce the updates for each kernel below. About 4.19.50-cip3: * This version has been updated from stable version 4.19.13 to 4.19.50, and many CVE fixes including MDS (Microarchitectural Data Sampling: CVE-2018-12130, CVE-2018-12126, CVE-2018-12127,, CVE-2019-11091). * CIP updates include device-tree fixes by Renesas. About 4.4.176-cip32: * This version has been updated from stable version 4.4.176 to 4.4.181, and this also includes MDS fixes as in 4.19.y. * CIP updates include update of RZ/G1C by Renesas. We plan to update the next CIP kernel on the fourth Friday. Best regards, Nobuhiro
More All Messages By This Member
Nobuhiro Iwamatsu #2469 Hi, toggle quoted message Show quoted text -----Original Message----- From: iwamatsu nobuhiro(岩松信洋 ○ＳＷＣ□ＯＳＴ) Sent: Friday, June 14, 2019 6:12 PM To: cip-dev@... Cc: SZ.Lin@...; Pavel Machek <pavel@...>; Ben Hutchings <ben.hutchings@...> Subject: [ANNOUNCE] 4.19.50-cip3 and 4.4.181-cip33 Hi all, CIP kernel team has released Linux kernel 4.19.50-cip3 and 4.4.181-cip33. You can get this release via the git tree at: 4.19.50-cip3: repository: https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git branch: linux-4.19.y-cip commit: 0f13d9b4d0efa9e87381717c113df57718bc92d6 4.4.181-cip33: repository: https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git branch: linux-4.4.y-cip commit: b791a4823f245e7871dbdd05d8f13bcc5dc377c9 And I introduce the updates for each kernel below. About 4.19.50-cip3: * This version has been updated from stable version 4.19.13 to 4.19.50, and many CVE fixes including MDS (Microarchitectural Data Sampling: CVE-2018-12130, CVE-2018-12126, CVE-2018-12127,, CVE-2019-11091). * CIP updates include device-tree fixes by Renesas. About 4.4.176-cip32: * This version has been updated from stable version 4.4.176 to 4.4.181, and this also includes MDS fixes as in 4.19.y. * CIP updates include update of RZ/G1C by Renesas. I forgot to explain about MDS. Although patches for MDS are included in this release, no test code has been published for these, so we have not tested for MDS. Also, patches did not really follow the stable rules, so they could not be checked the same way as checking for other patches. But the bug is ugly enough so we included the patches anyway. For the above reasons, modern x86 CPUs can not really be trusted with secrets; similar attacks are likely to happen in future. Best regards, Nobuhiro
More All Messages By This Member
Jan Kiszka #2495 On 17.06.19 00:14, nobuhiro1.iwamatsu@... wrote: Hi, -----Original Message----- From: iwamatsu nobuhiro(岩松信洋 ○ＳＷＣ□ＯＳＴ) Sent: Friday, June 14, 2019 6:12 PM To: cip-dev@... Cc: SZ.Lin@...; Pavel Machek <pavel@...>; Ben Hutchings <ben.hutchings@...> Subject: [ANNOUNCE] 4.19.50-cip3 and 4.4.181-cip33 Hi all, CIP kernel team has released Linux kernel 4.19.50-cip3 and 4.4.181-cip33. You can get this release via the git tree at: 4.19.50-cip3: repository: https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git branch: linux-4.19.y-cip commit: 0f13d9b4d0efa9e87381717c113df57718bc92d6 4.4.181-cip33: repository: https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git branch: linux-4.4.y-cip commit: b791a4823f245e7871dbdd05d8f13bcc5dc377c9 And I introduce the updates for each kernel below. About 4.19.50-cip3: * This version has been updated from stable version 4.19.13 to 4.19.50, and many CVE fixes including MDS (Microarchitectural Data Sampling: CVE-2018-12130, CVE-2018-12126, CVE-2018-12127,, CVE-2019-11091). * CIP updates include device-tree fixes by Renesas. About 4.4.176-cip32: * This version has been updated from stable version 4.4.176 to 4.4.181, and this also includes MDS fixes as in 4.19.y. * CIP updates include update of RZ/G1C by Renesas. I forgot to explain about MDS. Although patches for MDS are included in this release, no test code has been published for these, so we have not tested for MDS. Also, patches did not really follow the stable rules, so they could not be checked the same way as checking for other patches. But the bug is ugly enough so we included the patches anyway. For the above reasons, modern x86 CPUs can not really be trusted with secrets; similar attacks are likely to happen in future. I wouldn't see it that extreme, it still heavily depends on what you are running and where. Also, the attacks are getting more complex. Anyway, different while similar topic: Is there a plan to quickly follow up with releases containing the SACK issue patches? That is cooking everywhere now. Thanks, Jan -- Siemens AG, Corporate Technology, CT RDA IOT SES-DE Corporate Competence Center Embedded Linux
More All Messages By This Member
Nobuhiro Iwamatsu #2502 Hi! toggle quoted message Show quoted text -----Original Message----- From: Jan Kiszka [mailto:jan.kiszka@...] Sent: Thursday, June 20, 2019 1:59 AM To: iwamatsu nobuhiro(岩松信洋 ○ＳＷＣ□ＯＳＴ) <nobuhiro1.iwamatsu@...>; cip-dev@... Cc: SZ.Lin@... Subject: Re: [cip-dev] [ANNOUNCE] 4.19.50-cip3 and 4.4.181-cip33 On 17.06.19 00:14, nobuhiro1.iwamatsu@... wrote: Hi, -----Original Message----- From: iwamatsu nobuhiro(岩松信洋 ○ＳＷＣ□ＯＳＴ) Sent: Friday, June 14, 2019 6:12 PM To: cip-dev@... Cc: SZ.Lin@...; Pavel Machek <pavel@...>; Ben Hutchings <ben.hutchings@...> Subject: [ANNOUNCE] 4.19.50-cip3 and 4.4.181-cip33 Hi all, CIP kernel team has released Linux kernel 4.19.50-cip3 and 4.4.181-cip33. You can get this release via the git tree at: 4.19.50-cip3: repository: https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git branch: linux-4.19.y-cip commit: 0f13d9b4d0efa9e87381717c113df57718bc92d6 4.4.181-cip33: repository: https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git branch: linux-4.4.y-cip commit: b791a4823f245e7871dbdd05d8f13bcc5dc377c9 And I introduce the updates for each kernel below. About 4.19.50-cip3: * This version has been updated from stable version 4.19.13 to 4.19.50, and many CVE fixes including MDS (Microarchitectural Data Sampling: CVE-2018-12130, CVE-2018-12126, CVE-2018-12127,, CVE-2019-11091). * CIP updates include device-tree fixes by Renesas. About 4.4.176-cip32: * This version has been updated from stable version 4.4.176 to 4.4.181, and this also includes MDS fixes as in 4.19.y. * CIP updates include update of RZ/G1C by Renesas. I forgot to explain about MDS. Although patches for MDS are included in this release, no test code has been published for these, so we have not tested for MDS. Also, patches did not really follow the stable rules, so they could not be checked the same way as checking for other patches. But the bug is ugly enough so we included the patches anyway. For the above reasons, modern x86 CPUs can not really be trusted with secrets; similar attacks are likely to happen in future. I wouldn't see it that extreme, it still heavily depends on what you are running and where. Also, the attacks are getting more complex. Anyway, different while similar topic: Is there a plan to quickly follow up with releases containing the SACK issue patches? That is cooking everywhere now. We talked about this at today's IRC meeting, we decided to release this soon. Best regards, Nobuhiro
More All Messages By This Member
Pavel Machek #2518 Hi! Although patches for MDS are included in this release, no test code has been published for these, so we have not tested for MDS. Also, patches did not really follow the stable rules, so they could not be checked the same way as checking for other patches. But the bug is ugly enough so we included the patches anyway. For the above reasons, modern x86 CPUs can not really be trusted with secrets; similar attacks are likely to happen in future. I wouldn't see it that extreme, it still heavily depends on what you are running and where. Also, the attacks are getting more complex. Well, most systems do not really need to protect local user's secrets from each other. We simply don't allow code execution for untrusted parties. If someone decides to combine "top secret document storage" and "honeypot giving shell to attackers" on single machine, well, they are asking for trouble. Best regards, Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html signature.asc signature.asc
More All Messages By This Member

1 - 5 of 5

1

Previous Topic Next Topic

Home Hashtags Subgroups Terms