Language Selection

English French German Italian Portuguese Spanish

Stable kernels 5.0.16, 4.19.43, 4.14.119, and 4.9.176

Filed under
Linux
  • Linux 5.0.16

    I'm announcing the release of the 5.0.16 kernel.

    All users of the 5.0 kernel series must upgrade.

    The updated 5.0.y git tree can be found at:
    git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.0.y
    and can be browsed at the normal kernel.org git web browser:
    https://git.kernel.org/?p=linux/kernel/git/stable/linux-s...

  • Linux 4.19.43
  • Linux 4.14.119
  • Linux 4.9.176

Linux 5.1.2

  • Linux 5.1.2

    I'm announcing the release of the 5.1.2 kernel.

    All users of the 5.1 kernel series must upgrade. Well, kind of, let me rephrase that...

    All users of Intel processors made since 2011 must upgrade.

    Note, this release, and the other stable releases that are all being
    released right now at the same time, just went out all contain patches
    that have only seen the "public eye" for about 5 minutes. So be
    forwarned, they might break things, they might not build, but hopefully
    they fix things. Odds are we will be fixing a number of small things in
    this area for the next few weeks as things shake out on real hardware
    and workloads. So don't think you are done updating your kernel, you
    never are done with that Smile

    As for what specifically these changes fix, I'll let the tech news sites
    fill you in on the details. Or go read the excellently written Xen
    Security Advisory 297:
    https://xenbits.xen.org/xsa/advisory-297.html
    That should give you a good idea of what a number of people have been
    dealing with for many many many months now.

    Many thanks goes out to Thomas Gleixner for going above and beyond to do
    the backports to the 5.1, 5.0, 4.19, and 4.14 kernel trees, and to Ben
    Hutchings for doing the 4.9 work. And of course to all of the
    developers who have been working on this in secret and doing reviews of
    the many different proposals and versions of the patches.

    As I said before just over a year ago, Intel once again owes a bunch of
    people a lot of drinks for fixing their hardware bugs, in our

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Security Leftovers

  • Why Are Cryptographers Being Denied Entry into the US?

    Is there some cryptographer blacklist? Is something else going on? A lot of us would like to know.

  • Security Engineering: Third Edition

    Today I put online a chapter on Who is the Opponent, which draws together what we learned from Snowden and others about the capabilities of state actors, together with what we’ve learned about cybercrime actors as a result of running the Cambridge Cybercrime Centre. Isn’t it odd that almost six years after Snowden, nobody’s tried to pull together what we learned into a coherent summary?

    There’s also a chapter on Surveillance or Privacy which looks at policy. What’s the privacy landscape now, and what might we expect from the tussles over data retention, government backdoors and censorship more generally?

  • Google halts some business with China's Huawei: report

    Huawei will reportedly no longer be able to access Android updates, the Gmail app, the Google Play store and new versions of Google phones outside of China.

  • Google restricts Huawei's use of Android

    Existing Huawei smartphone users will be able to update apps and push through security fixes, as well as update Google Play services.

    But when Google launches the next version of Android later this year, it may not be available on Huawei devices.

    Future Huawei devices may no longer have apps such as YouTube and Maps.

  • Forget Huawei, The Internet Of Things Is The Real Security Threat
    We've noted for a while how a lot of the US protectionist security hysteria surrounding Huawei isn't supported by much in the way of hard data. And while it's certainly possible that Huawei helps the Chinese government spy, the reality is that Chinese (or any other) intelligence services don't really need to rely on Huawei to spy on the American public. Why? Because people around the world keep connecting millions of internet of broken things devices to their home and business networks that lack even the most rudimentary of security and privacy protections. Week after week we've documented how these devices are being built with both privacy and security as a distant afterthought, resulting in everything from your television to your refrigerator creating both new attack vectors and wonderful new surveillance opportunities for hackers and state actors.

today's howtos

Android Leftovers

A Look At The MDS Cost On Xeon, EPYC & Xeon Total Impact Of Affected CPU Vulnerabilities

This weekend I posted a number of benchmarks looking at the performance impact of the new MDS/Zombieload vulnerabilities that also included a look at the overall cost of Spectre/Meltdown/L1TF/MDS on Intel desktop CPUs and AMD CPUs (Spectre). In this article are similar benchmarks but turning the attention now to Intel Xeon hardware and also comparing those total mitigation costs against AMD EPYC with its Spectre mitigations. This article offers a look at the MDS/Zombieload mitigations on a 1st Gen Skylake Xeon Scalable server as well as a Kabylake Xeon E3 server for reference. Following that is a look at the total CPU vulnerability mitigation costs for 1st Gen Xeon Scalable, 2nd Gen Xeon Scalable (Cascade Lake), and an AMD EPYC 2P server as well for its Spectre mitigations. As expected given Intel's guidance last week of their latest Xeon processors being mitigated for MDS, indeed, the dual Xeon Platinum 8280 Cascade Lake server reported it was not affected by the MDS mitigations and thus not enabled. So for the MDS tests up first it's just some reference results using a dual Xeon Gold 6138 Skylake server running Ubuntu 19.04 with the Linux 5.0 patched kernel and reference results side-by-side for a separate Xeon E3-1275 v6 server. Read more