| Summary: | Update request: kernel-linus-4.1.15-1.mga5 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Thomas Backlund <tmb> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | davidwhodgins, sysadmin-bugs, tarazed25, wilcal.int |
| Version: | 5 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | advisory MGA5-64-OK MGA5-32-OK | ||
| Source RPM: | kernel-linus | CVE: | |
| Status comment: | |||
|
Description
Thomas Backlund
2015-12-25 13:37:48 CET
mga5 x86_64 Mate sudo urpmi kernel-linus-latest Package kernel-linus-latest-4.1.12-1.mga5.x86_64 is already installed Hardware: Gigabyte Sniper.Z97 16 GB RAM Killer E220x Gigabit Ethernet nvidia GeForce GTX 770/PCIe/SSE2 Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz graphics driver NVIDIA 346.96 Updated to kernel-linus-4.1.15-1.mga5-1-1 Built against virtualbox 5.0.10-1.mga5. nvidia-current and xtables-addons (2.7-1.mga5) modules built successfully. Back after reboot. CC:
(none) =>
tarazed25 Rebooted to the Mate desktop on a UEFI system. All normal functions OK, sound, graphics, video, bluetooth, TV, networking, web browsing, virtualbox, LibreOffice, command-line operations, printing, font control, etc. glmark2 returned the expected score. Leaving this running for the time being. Not in a position to test wireless networking yet. My LAN works for wired connections only. mga5 x86_64 CSM Mate nVidia GeForce 8700M GT : driver 340.93 Intel Core2 Duo T9300 @ 2.5GHz 5G wifi on PRO/Wireless 3945ABG [Golan] Installed kernel-linus-latest and updated to 4.1.15-1.mga5-1-1 Rebooted cleanly. wi-fi enabled. Normal updates working. All desktop applications appear to be OK. On-board sound via SoX. vlc runs fine. In VirtualBox, M5, KDE, 32-bit Package(s) under test: kernel-linus-latest default install of kernel-linus-latest [root@localhost wilcal]# uname -a Linux localhost 4.1.12-1.mga5 #1 SMP Wed Oct 28 06:50:47 UTC 2015 i686 i686 i686 GNU/Linux [root@localhost wilcal]# urpmi kernel-linus-latest Package kernel-linus-latest-4.1.12-1.mga5.i586 is already installed System boots to a working desktop. Common apps work. Screen dimensions are correct. install kernel-linus-latest from updates_testing [root@localhost wilcal]# uname -a Linux localhost 4.1.15-1.mga5 #1 SMP Thu Dec 24 17:34:43 UTC 2015 i686 i686 i686 GNU/Linux [root@localhost wilcal]# urpmi kernel-linus-latest Package kernel-linus-latest-4.1.15-1.mga5.i586 is already installed System boots to a working desktop. Common apps work. Screen dimensions can be set to 1920x1080. CC:
(none) =>
wilcal.int In VirtualBox, M5, KDE, 64-bit Package(s) under test: kernel-linus-latest default install of kernel-linus-latest [root@localhost wilcal]# uname -a Linux localhost 4.1.12-desktop-1.mga5 #1 SMP Wed Oct 28 10:10:38 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi kernel-linus-latest Package kernel-linus-latest-4.1.12-1.mga5.x86_64 is already installed System boots to a working desktop. Common apps work. Screen dimensions are correct. install kernel-linus-latest from updates_testing [root@localhost wilcal]# uname -a Linux localhost 4.1.15-1.mga5 #1 SMP Thu Dec 24 17:44:01 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi kernel-linus-latest Package kernel-linus-latest-4.1.15-1.mga5.x86_64 is already installed System boots to a working desktop. Common apps work. Screen dimensions can be set to 1920x1080. Advisory (also added to svn): This kernel-linus update is based on upstream 4.1.15 longterm kernel and fixes the following security issues: The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel before 4.2 attempts to support a FRAGLIST feature without proper memory allocation, which allows guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets (CVE-2015-5156). The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c (CVE-2015-5307). The __rds_conn_create function in net/rds/connection.c in the Linux kernel through 4.2.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound (CVE-2015-6937). The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service (OOPS) via crafted keyctl commands (CVE-2015-7872). The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application (CVE-2015-7884). The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application (CVE-2015-7885). Felix Wilhelm discovered a race condition in the Xen paravirtualized drivers which can cause double fetch vulnerabilities. An attacker in the paravirtualized guest could exploit this flaw to cause a denial of service (crash the host) or potentially execute arbitrary code on the host (CVE-2015-8550 / XSA-155). Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does not perform sanity checks on the device's state. An attacker could exploit this flaw to cause a denial of service (NULL dereference) on the host (CVE-2015-8551 / XSA-157). Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does not perform sanity checks on the device's state. An attacker could exploit this flaw to cause a denial of service by flooding the logging system with WARN() messages causing the initial domain to exhaust disk space (CVE-2015-8552 / XSA-157). The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application (CVE-2015-8660). For other fixes in this update, see the referenced changelogs. references: - https://bugs.mageia.org/show_bug.cgi?id=17396 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.13 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.14 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.15 Whiteboard:
(none) =>
advisory
Dave Hodgins
2016-01-14 01:26:44 CET
Whiteboard:
advisory =>
advisory MGA5-64-OK MGA5-32-OK An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0014.html Status:
NEW =>
RESOLVED |