| Summary: | Update request: kernel-linus-3.14.41-1.mga4 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Thomas Backlund <tmb> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | sysadmin-bugs, wilcal.int |
| Version: | 4 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | advisory mga4-32-ok mga4-64-ok | ||
| Source RPM: | kernel-linus-3.14.41-1.mga4.src.rpm | CVE: | |
| Status comment: | |||
| Bug Depends on: | 15912 | ||
| Bug Blocks: | |||
|
Description
Thomas Backlund
2015-05-07 13:44:12 CEST
Advisory: This kernel update is based on upstream -longterm 3.14.41 and fixes the following security issues: net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers (CVE-2014-8160). The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction (CVE-2015-0239). It was found that the Linux kernel's ping socket implementation didn't properly handle socket unhashing during spurious disconnects which could lead to use-after-free flaw. On x86-64 architecture systems, a local user able to create ping sockets could use this flaw to crash the system. On non-x86-64 architecture systems, a local user able to create ping sockets could use this flaw to increase their privileges on the system. Note: By default ping sockets are disabled on the system (net.ipv4.ping_group_range = 1 0) and have to be explicitly enabled by the system administrator for specific user groups in order to exploit this issue (CVE-2015-3636). For other fixes in this update, see the referenced changelogs. References: https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.40 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.41 In VirtualBox, M4, KDE, 32-bit Package(s) under test: kernel-linus-latest default install of kernel-linus-latest [root@localhost wilcal]# uname -a Linux localhost 3.14.32-1.mga4 #1 SMP Fri Feb 6 23:51:22 UTC 2015 i686 i686 i686 GNU/Linux [root@localhost wilcal]# urpmi kernel-linus-latest Package kernel-linus-latest-3.14.32-1.mga4.i586 is already installed System boots to a working desktop. Common apps work. Screen dimensions are correct. install kernel-linus-latest from updates_testing [root@localhost wilcal]# uname -a Linux localhost 3.14.41-1.mga4 #1 SMP Thu May 7 07:05:48 UTC 2015 i686 i686 i686 GNU/Linux [root@localhost wilcal]# urpmi kernel-linus-latest Package kernel-linus-latest-3.14.41-1.mga4.i586 is already installed System boots to a working desktop. Common apps work. Screen dimensions are correct. Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64 CC:
(none) =>
wilcal.int In VirtualBox, M4, KDE, 64-bit Package(s) under test: kernel-linus-latest default install of kernel-linus-latest [root@localhost wilcal]# uname -a Linux localhost 3.14.39-1.mga4 #1 SMP Sun Apr 19 13:48:22 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi kernel-linus-latest Package kernel-linus-latest-3.14.39-1.mga4.x86_64 is already installed System boots to a working desktop. Common apps work. Screen dimensions are correct. install kernel-linus-latest from updates_testing [root@localhost wilcal]# uname -a Linux localhost 3.14.41-1.mga4 #1 SMP Thu May 7 06:56:24 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi kernel-linus-latest Package kernel-linus-latest-3.14.41-1.mga4.x86_64 is already installed System boots to a working desktop. Common apps work. Screen dimensions are correct. Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64 Testing complete mga4 32 & 64 Testing with dkms modules broadcom-wl, fglrx, nvidia-current, nvidia173, nvidia304, libafs (the update from bug 15912), virtualbox, vboxadditions and xtables-addons Depends on:
(none) =>
15912 Validating. Advisory uploaded. Please push to 4 updates Thanks Keywords:
(none) =>
validated_update An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0221.html Status:
NEW =>
RESOLVED |