Bug 14307

On real hardware, M3, KDE, 32-bit

Package(s) under test:
kernel-linus-latest

default install of:
kernel-linus-latest

[root@localhost wilcal]# uname -a
Linux localhost 3.10.51-1.mga3 #1 SMP Tue Aug 5 15:30:38 UTC 2014 i686 i686 i686 GNU/Linux
[root@localhost wilcal]# urpmi kernel-linus-latest
Package kernel-linus-latest-3.10.51-1.mga3.i586 is already installed

System boots to a working desktop. Common apps work. Screen sizes are correct.

install:
kernel-linus-latest
from updates_testing

[root@localhost wilcal]# uname -a
Linux localhost 3.10.58-1.mga3 #1 SMP Thu Oct 16 12:34:43 UTC 2014 i686 i686 i686 GNU/Linux
[root@localhost wilcal]# urpmi kernel-linus-latest
Package kernel-linus-latest-3.10.58-1.mga3.i586 is already installed

System boots to a working desktop. Common apps work. Screen sizes are correct.

Test platform:
Intel, P4 530J 3.0 GHz, 800MHz FSB, 1MB L2, LGA 775
GigaByte  GA-81915G Pro F4  i915G  LGA 775  MoBo
 Marvel Yukon 88E8001 Gigabit LAN
 Intel High Def Audio, Azalia (C-Media 9880) (snd-hda-intel)
 Intel Graphics Media Accelerator 900 (Intel 82915G)
Kingston 4GB (2 x 2GB) DDR400 PC-3200
250GB Seagate
Kingwin KF-91-BK SATA Mobile Rack
Kingwin KF-91-T-BK SATA Mobile Rack Tray
Sony CD/DVD-RW DWQ120AB2

CC: (none) => wilcal.int

On real hardware, M3, KDE, 64-bit

Package(s) under test:
kernel-linus-latest

default install of:
kernel-linus-latest

[root@localhost wilcal]# uname -a
Linux localhost 3.10.51-1.mga3 #1 SMP Tue Aug 5 15:43:07 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
[root@localhost wilcal]# urpmi kernel-linus-latest
Package kernel-linus-latest-3.10.51-1.mga3.x86_64 is already installed

System boots to a working desktop. Common apps work. Screen sizes are correct.

install:
kernel-linus-latest
from updates_testing

[root@localhost wilcal]# uname -a
Linux localhost 3.10.58-1.mga3 #1 SMP Thu Oct 16 12:31:38 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
[root@localhost wilcal]# urpmi kernel-linus-latest
Package kernel-linus-latest-3.10.58-1.mga3.x86_64 is already installed

System boots to a working desktop. Common apps work. Screen sizes are correct.

Test platform:
Intel Core i7-2600K Sandy Bridge 3.4GHz
GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo
GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB
RTL8111/8168B PCI Express 1Gbit Ethernet
DRAM 16GB (4 x 4GB)
Mageia 4 64-bit, Nvidia driver
virtualbox-4.3.10-1.1.mga4.x86_64
virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64

Advisory:

This kernel-linus update is based on upstream -longterm 3.10.58 and
fixes the following security issues:

The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux
kernel through 3.16.1 miscalculates the number of pages during the
handling of a mapping failure, which allows guest OS users to (1)
cause a denial of service (host OS memory corruption) or possibly
have unspecified other impact by triggering a large gfn value or
(2) cause a denial of service (host OS memory consumption) by
triggering a small gfn value that leads to permanently pinned
pages (CVE-2014-3601).

The assoc_array_gc function in the associative-array implementation
in lib/assoc_array.c in the Linux kernel before 3.16.3 does not
properly implement garbage collection, which allows local users to
cause a denial of service (NULL pointer dereference and system
crash) or possibly have unspecified other impact via multiple
"keyctl newring" operations followed by a "keyctl timeout"
operation (CVE-2014-3631).

The pivot_root implementation in fs/namespace.c in the Linux kernel
through 3.17 does not properly interact with certain locations of
a chroot directory, which allows local users to cause a denial of
service (mount-tree loop) via . (dot) values in both arguments to
the pivot_root system call (CVE-2014-7970).

The do_umount function in fs/namespace.c in the Linux kernel 
through 3.17 does not require the CAP_SYS_ADMIN capability for
do_remount_sb calls that change the root filesystem to read-only,
which allows local users to cause a denial of service (loss of
writability) by making certain unshare system calls, clearing the
/ MNT_LOCKED flag, and making an MNT_FORCE umount system call
(CVE-2014-7975).

For other fixes included in this update, read the referenced 
changelogs.

References:
https://bugs.mageia.org/show_bug.cgi?id=14307
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.52
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.53
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.54
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.55
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.56
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.57
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.58

Booted kernel-linus just fine in a Mageia 3 64bit VM.

Advisory uploaded.

CC: (none) => remi
Whiteboard: (none) => MGA3-64-OK advisory

Validating.  Sysadmins, please push this to updates.  Thank you.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2014-0456.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED